Skip to content
Sep 28 / Greg

Mikrotik RouterBOOT Changelog

A lot of us often forget that there is boot firmware on a Mikrotik router also. To upgrade, you go to:

/system routerboard upgrade

To view the changelog you can go here.

Sep 23 / Greg

Mikrotik Changelog 6.37

What’s new in 6.37 (2016-Sep-23 08:20):


There will be only one “wireless” package starting from RouterOS v6.37.


DFS configuration in RouterOS has been redesigned, now device looks at specified country settings (/interface wireless info country-info), and applies corresponding DFS mode for each frequency range automatically, making dfs-mode setting unnecessary.

Please, check that your frequencies work with corresponding DFS settings before upgrade.

*as you can see above they are making things far more clear these days.

!) console – dfs-mode setting does not exist any more and all scripts with such setting will not be executed;
!) dude – (changes discussed here:; – *Thrift reports some good things about the new version
!) dude – from now on dude will use winbox port and it will be changed automatically both in client loader and agent configuration;
!) ethernet – added new loop-protect feature for ethernet, vlan, eoip, eoipv6 interfaces, ; – *Need to do a little testing. Looks like”If I see my mac come back on the port, shut it down”
!) wireless – “wireless” package included in bundle “routeros” package;
!) wireless – “wireless-cm2” discontinued;
!) wireless – “wireless-rep” renamed to “wireless”; – *Everything has collapsed into a single package, very nice!
!) wireless – DFS option is removed, corresponding DFS mode for each frequency range applies automatically;
*) capsman – fixed kernel crash on cap while changing client-to-client forwarding;
*) capsman – report radio-name in registration table;
*) certificate – do not allow to remove certificate template while signing certificate;
*) console – hotspot setup show wrong certificate name;
*) defconf – fixed default configuration restore if virtual wireless interface were present;
*) defconf – fixed default configuration when wireless package is used;
*) defconf – using caps button now forces all wireless interfaces in caps mode;
*) dhcpv6 – improved interface status tracking;
*) dhcpv6 – reworked DHCP-PD server interface and route management;
*) dhcpv6 – update DUID when system-id changes (solves problem when cloned VM retains the same DUID);
*) dns – fixed crash when using regexp static dns entries; – *I didn’t realize you could use regex in DNS entries, need to look into it.
*) ethernet – added support for LAN9514 ethernet dongle;
*) ethernet – allow to force mtu value when actual-mtu is already the same;
*) ethernet – fixed loop-protect on bridged ports;
*) ethernet – fixed never ending loop in CDP packet processing;
*) ethernet – fixed rare kernel failure on non-switch ethernet reset;
*) ethernet – rb44ge now have disabled-running-check=no by default;
*) firewall – added additional matchers for firewall raw rules;
*) firewall – fixed time based rules on time/timezone changes (again);
*) gps – always check NMEA checksum if available;
*) health – do not show psu and fan information for passive cooling devices;
*) hotspot – show comments from user menu also in active menu;
*) ipsec – fixed crash with enabled fragmentation;
*) ipsec – fixed dynamic policy not deleted on disconnect for nat-t peers;
*) ipsec – fixed fragmentation use negotiation;
*) ipsec – fixed kernel crash when sha512 was used;
*) ipv6 – fixed RA and RS processing on new interfaces after many interfaces have lost link during prolonged operation;
*) ipv6 – improved system responsiveness when ipv6 routes are frequently modified;
*) ipv6 – show multiple neighbors with the same address;
*) kvm – fix add/remove of disabled interfaces;
*) kvm – fixed guest crashing when using mtu bigger than 1504;
*) l2tp – fixed kernel failure when fastpath handles l2tp packets;
*) leds – added option to disable all leds on RBcAP2n;
*) lte – added ability to send/receive sms using ‘/tool sms’;
*) lte – added dlink dwm-157 D, dwm-222 support;
*) lte – added huawei me909s variant;
*) lte – added initial deregistration only for bandrich modems;
*) lte – added logging for usb config switching;
*) lte – added Pantech UML295, Vodafone K4201-Z, ZTE MF823/MF831 support;
*) lte – added rndis for ZTE MF8xx;
*) lte – added support for more dlink dwm-222 configurations;
*) lte – added switch for Huawei K5160;
*) lte – added zte K5008-Z back; – *a lot of new devices added.
*) lte – adjusted usb config for dlink dwm-157 D;
*) lte – fixed at chat condition storage;
*) lte – fixed band setting for sxt lte;
*) lte – fixed band unsetting;
*) lte – fixed default channels for dlink dwm-157;
*) lte – fixed ip activation when CREG (circuit switched) state remains in not registered state;
*) lte – fixed setting correct lte band for sxt lte;
*) lte – process initial state change to deregistred, when lockup occurs;
*) lte – reset if sms storage set fails;
*) mpls – fixed memory leak;
*) mpls – fixed vpls throughput issues caused by out-of-order packets;
*) ntp – fixed ntp server when local-clock used (like usb gps module);
*) partitions – added ability to add comments;
*) ppp – use default-route-distance when adding ipv6 default route;
*) ppp,lte – pin is now converted to string argument;
*) pppoe – fixed disconnects by idle timeout when fastpath is used;
*) quickset – added 2GHz-g/n band support;
*) quickset – fixed guest reporting in “home ap dual” mode;
*) quickset – fixed wireless frequency fields in “home ap dual” mode;
*) rb3011 – fixed rare occasions when router would hang while loading kernel;
*) routing – improved kernel performance in setups with large routing tables;
*) sfp – enabled eeprom printout in /interface ethernet monitor;
*) sfp – fixed initial eeprom reading on CCR1036-8G-2S+ and CCR1072-1G-8S+;
*) sfp – removed “sfp-rate-select” as command was not relevant to currently supported hardware;
*) sms – moved incorrectly logged message from async to gsm topic;
*) sms – report error when unsupported modem is being used;
*) snmp – added script table which executes script and returns it’s output on get request; – *Wait…does this mean I can create a system script, and when I SNMP poll it, it will run the script, and return the result? That would be killer, but I can’t find any info on it; doesn’t seem to be anything under system script or ip snmp.
*) snmp – require write permitions for script run table access;
*) snmp – skip forbidden oids on getnext completion;
*) sstp – allow to specify proxy by dns name;
*) sstp – now supports TLS_ECDHE algorithms;
*) supout – fixed bug that could cause enormous size supout.rif files;
*) supout – improved crash report generation for tile architecture;
*) switch – added comment field for CRS switch VLANs;
*) traffic-flow – allow ipv6 src address to be optional;
*) traffic-flow – fixed IPFIX packet timestamp;
*) traffic-flow – fixed IPFIX wrong flow sequence;
*) trafficgen – add per stream packet count setting;
*) trafficgen – show out-of-order packet counters in stats printouts;
*) tunnel – fixed communication via tunnel to router itself if fastpath was active;
*) tunnel – fixed ipv6 link-local address adding for gre;
*) tunnel – increased minimal MRRU to 1500 for PPP interfaces;
*) tunnel – ipv6 link-local address is now generated from tunnel local-address;
*) usb – added support for SMSC95XX USB Ethernet dongle on mipsbe;
*) usermanager – fixed rare crash on paypal payment;
*) users – fixed script policy checking against user policies when running scripts;
*) webfig – do not crash if radius server does not give out encryption keys;
*) webfig – fixed certificate signing;
*) winbox – added auto refresh for BFD neighbors;
*) winbox – added comment field support for switch vlan menu;
*) winbox – added default-authentication parameter for wireless station modes;
*) winbox – added src-address field for traffic-flow target;
*) winbox – adjust on-event field dynamically depending on window size;
*) winbox – adjusted allowed values for http-proxy field;
*) winbox – disabled MRRU by default for PPP interfaces;
*) winbox – display actual-mtu for tunnels in interfaces window;
*) winbox – fixed disconnect when no windows were opened for a while in unsecure mode;
*) winbox – fixed multiline read only fields not displaying new line characters;
*) winbox – fixed raw firewall showing jump targets from filter chains;
*) winbox – hide ethernet flow control settings for interfaces which does not support them;
*) winbox – removed health menu from devices that do not support it;
*) winbox – removed L2MTU field for PPP interfaces;
*) winbox – removed L2MTU field from PPP server binding settings;
*) winbox – removed unset button for L2MTU field;
*) winbox – show firmware-type in routerboard window;
*) wireless – display DFS flag in country info;
*) wireless – improved driver support for RB953, hAP ac, wAP ac;
*) wireless – send deauth to data frames in scan mode.
*) wireless – updated brazil country settings;

Sep 20 / Greg

NANOG 68 Dallas – Are You Going?

I plan to attend my first NANOG…any of you guys going to be there? I figured since I won’t know anyone there I’d try and make some friends ahead of time. Anyone interested in saying hello?

Sep 20 / Greg

CME Auto Dial – The Batphone

I needed to have a simple two phone system where by if a phone was picked up, it would autodial an ATA. This is for an alert system at an airport. The ATA is auto answered by a PA system that sounds an alarm and allows speech to be blasted. If you search on ebay for “Cisco CME”, you will see a myriad of inexpensive preloaded routers running CallManager Express for around $75. With this you pair a cheap phone/ata, and away you go.

For one thing, I always forget the default URL for CallManager Express it is http://IPAddress/ccme.html. Now I will remember it forever!!!

Once you add your phones, check for the “ephone-dn” associated with the handset’s extension. Then you add the trunk command to it using the extension of the ATA.
Phone extension is 201
ATA extension is 301

ephone-dn  10  dual-line
 trunk 301

It’s just that simple. Now when the phone handset is picked up it will auto call the ATA.

Sep 19 / thebrotherswisp

TheBrothersWISP 33 – News, Ethics Of BGP Hijacking, UBNT EdgePoint, Electrical Pole Attachment

Greg, Tomas, and Miller talk a little shop. I do mean little, because this one is short and sweet.

Topics Include:
MUM Budapest free vouchers
Arstechnica testing some small routers
Ethical BGP Hijacking?
Electrical pole attachment – mimosa blog
Favorable AF11FX review
UBNT EdgePoint

Keep contacting us! or contact (at)

To see the video please visit the link below!!!

Sep 4 / Greg

Upgrade Ubiquiti EdgeMax EdgeRouter From CLI

I dusted off my EdgeRouter Lite earlier today, and went to upgrade it, but it turns out my old version of code was buggy and wouldn’t update from the web GUI. A quick google shows there is a method via CLI:

add system image

I used HSF to run a quick simple webserver on my laptop to transfer the image.

A cool feature of the EdgeRouters is the fact that it maintains two copies of firmware, new/old. This way if the new image fails to boot, it will fall back to the old. You can show the existing images with:

show system image

You can find the simple UBNT documentation on it here.

Sep 3 / thebrotherswisp

TheBrothersWISP 32 – Alternative Routing Platforms

Greg, Andrew Thrift, Mike, Tomas, and Tom talk routing platforms today…those other than Mikrotik that is.

We talk about quite a list of things including:
OpenBSD ripe presentation
SecurityRouter – Gui/CLI packaged OpenBSD
CloudRouterFeature listPacketPushers podcast on CR
Ubiquiti EdgeRouter
Nokia (Alcatel Lucent)SAM
Brocade vRouter – formerly Vyatta
Cisco’s solution – CSR 1000V
Juniper vMX
Nokia (Alcatel Lucent) – vSR

To see the video please visit the link below!!!