Highlights of new features
*) bridge - added support for BPDU Guard; *) bridge - added support for DHCP Snooping; *) winbox - added "tag-stacking" option to "Bridge/Ports"; *) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip;
MikroTik has added support for BPDU Guard and DHCP Snooping which will significantly improve the functionality of the switches. This was first listed in an RC release a few days ago but it was for command line only, so this might be the addition for the support of these features under winbox.
It is likely that “Tag-stacking” is a term for q-in-q which is already supported and this is probably a way to add q-in-q support to the hardware offload bridge.
I’m not entirely sure what CPU Flow control is, so it will be interesting to experiment with that setting and see how it affects devices with those switch chips.
*) rb3011 - added IPsec hardware acceleration support;
Adding IPSEC hardware offload to the RB3011 is a great addition and will extend the functionality of what is already a solid router. It will be interesting to see what kind of speed can be achieved for IPSEC throughput.
Changes in this release: *) bridge - added support for BPDU Guard; *) bridge - added support for DHCP Snooping; *) bridge - ignore tagged BPDUs when bridge VLAN filtering is used; *) certificate - fixed RA "server-url" setting; *) console - added "dont-require-permissions" parameter for scripts; *) dhcpv6-client - improved dynamic IPv6 pool addition process; *) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations; *) ipsec - fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM; *) ipsec - fixed "static-dns" value storing; *) ipsec - improved invalid policy handling when a valid policy is uninstalled; *) ipsec - separate phase1 proposal configuration from peer menu; *) l2tp - allow setting "max-mtu" and "max-mru" bigger than 1500; *) lte - fixed LTE registration in 2G/3G mode; *) ppp - added support for Telit LM940 modem; *) rb3011 - added IPsec hardware acceleration support; *) snmp - fixed interface speed reporting for predefined rates; *) supout - added "files" section to supout file; *) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip; *) tr069-client - allow editing of "provisioning-code" attribute; *) userman - fixed "shared-secret" parameter requiring "sensitive" policy; *) webfig - fixed www service becoming unresponsive; *) winbox - added "tag-stacking" option to "Bridge/Ports"; *) winbox - fixed "bad-blocks" value presence under "System/Resources"; *) winbox - fixed "IP/IPsec/Peers" section sorting; *) winbox - renamed "VLAN Protocol" to "EtherType" under bridge interface "VLAN" tab; *) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature; *) wireless - accept only valid path for sniffer output file parameter; *) wireless - require "sniff" policy for wireless sniffer;