Firmware

Custom Firmware (old)

Old firmware Repositories

Old firmware build instructions are in our nycmeshfeed repo's README file.

MikroTik Firmware

MikroTik RouterOS v6 firmware is generally stable. We are currently using 6.49.11 (some run 6.49.12)

Do not use version 7 (not yet supported) or version 6.47/6.48/6.49.2 (occasional hangs)

routerOS v6

Download 6.49.11 OmniTik (mipsbe) here and SXTsq (arm) here

Remember that OmniTiks use the "mipsbe" firmware and SXT's use the "arm" firmware due to different processors.

We have documented issues with 6.47/6.48/6.49.2 so don't use them.

We have many OmniTiks running 6.49.11 without any problem.

Note: with some OmniTiks in some cases it seems the memory gets used up and not released. When we encounter such a device we add a script that automatically reboots the OmniTik between 2 & 3am when the memory usage reaches 75%.

Connect to your Omni via ssh and copy & paste these lines. This will add a script and schedule the script to run every 15m. 

Slack discussion here.

RouterOS v7

Don't use it yet - it won't work!

This has finally been released but it doesn't work with our configuration yet. We keep testing it as we are eager to deploy the newly added WireGuard. If you are interested in beta-testing the WG setup, post in the #software-firmware channel on Slack.

If you need to downgrade, read the instructions here


Mikrotik devices come in a variety of architectures and form-factors. Fortunately the firmware versioning and build levels are the same across all platforms. The main variant is the architecture, which might be a different chip for each device model.

We usually use the stable version of RouterOS 6 (currently 6.49.11, though some are running 6.9.12)

Below is a table of the 6.49.6 firmware for Mikrotik devices that are used on the mesh:

Model Architecture Firmware link
OmniTik 5ac MIPSBE -6.49.11 Download
SXTsq ac ARM -6.49.11 Download
hAP ac^2 ARM Download
CCR Series TILE Download
hAP mini SMIPS Download
hAP lite SMIPS Download

Installing firmware

Alternatively

or

MikroTik Netinstall Recovery

How to resurrect a bootlooping OmniTIK with netinstall

Symptoms

OmniTIK boots up but continually reboots. The LEDs repeat the pattern: device boots up, power eventually turns blue, then 1-5 turn orange and reboots. Rinse and repeat.

Solution

Use netinstall to flash a fresh firmware on the router. This guide assumes Linux, though both Linux and Windows are supported. This should work for any RouterBOARD based device.

❱ netinstall -p ~/Downloads/routeros-mipsbe-6.47.8.npk -i enp0s13f0u2u4u5
Using server IP: 192.168.88.2
Starting PXE server
Waiting for RouterBOARD...
PXE client: CC:2D:E0:17:55:CB
Sending image: mips
Discovered RouterBOARD...
Formatting...
Sending package routeros-mipsbe-6.47.8.npk ...
Ready for reboot...
Sent reboot command

After all this, you should hear a few beeps indicating success. You can now try to connect via ether2 to configure it at 192.168.88.1 as normal.

Ubiquiti Firmware



Ubiquiti firmware has some buggy versions that need to be avoided. In general never use a ".0" release. It is beta quality and will probably have serious bugs that may be fixed by .1 or .2 version.

Ubiquiti have two very separate product lines with different firmware, AirMAX and UniFi

Don't use the latest firmware from Ubiquiti! Use the stable versions below

AirMAX

We are currently updating to 8.7.11 on most CPE (like the LiteBeams)

Version notes:
8.7.11 (the latest) seems to be working and stable
8.7.7 and 8.7.9 are good
8.7.4 and 8.7.5 tend to crash
8.7.5 has a TDMA bug which causes performance to fail after a few days.
8.7.1 the management radio disconnects constantly

Ubiquiti changed the signal to read 5db hotter in versions after 8.7.1, so a -50
So a -55dB in the newer versions would be -60dB in 8.7.1 or earlier

Download 8.7.11 here

For sector AP's we use 8.5.12 for DFS stability (or 8.7.1 if this is not an issue)

Download 8.5.12 here

NEVER UPGRADE A SECTOR WITHOUT ASKING EVERYONE FIRST!

We disable AirView on sectors to improve CPU performance

UniFi

We've found all versions after 4.3.20 to be buggy. Basically meshing broke in the later versions so your network will go down after a day or so, unless all of your AP's are wired. Not only will a meshed AP crash, it will take down the rest of the local network!

Download 4.3.20 here

Juniper Quick Start Guide (Mikrotik vs Juniper)

This guide is intended to be a quick start guide to working with Juniper routers. It is intended that NYC Mesh volunteers who know their way around RouterOS can use this guide to complete the same common actions on a Juniper router.

To Do:

Login and Access Terminal:

MikroTik: Navigate to the router's IP. Enter username and password.

image.png

Juniper: SSH to the router's IP. Username is root. Type cli and hit enter.

ssh root@10.69.19.34
Password:
Last login: Tue Jan 16 22:17:47 2024 from 10.97.227.158
--- JUNOS 21.4R1.12 built 2021-12-17 14:37:27 UTC
root@nycmesh-1934-core:RE:0% cli
{master:0}
root@nycmesh-1934-core>

List Interfaces:

MikroTik: Click Interfaces to see interface list and status.

image.png

Click a specific interface to see individual status, including port status.

image.png

Juniper:

Juniper represents configuration separately from the current status. For configuration and layout of the network:

root@nycmesh-1934-core> show configuration interfaces
xe-0/0/0 {
    description "Grand St OLT1 Port 1";
    ether-options {
        802.3ad ae0;
    }
}
xe-0/0/1 {
    description "Grand St OLT1 Port 2";
    ether-options {
        802.3ad ae0;
    }
}
xe-0/0/2 {
    description "Grand St OLT2 Port 1";
    ether-options {
        802.3ad ae1;
    }
}
xe-0/0/3 {
    description "Grand St OLT2 Port 2";
    ether-options {
        802.3ad ae1;
    }
}
xe-0/0/4 {
    unit 0 {
        family ethernet-switching {
            interface-mode access;
            vlan {
                members mesh;
            }
        }
    }
}
xe-0/0/5 {
    unit 0 {
        family ethernet-switching {
            interface-mode access;
            vlan {
                members mesh;
            }
        }
    }
---(more)---

For statistics and live info:

root@nycmesh-1934-core> show interfaces
Physical interface: gr-0/0/0, Enabled, Physical link is Up
  Interface index: 650, SNMP ifIndex: 502
  Type: GRE, Link-level type: GRE, MTU: Unlimited, Speed: 800mbps
  Device flags   : Present Running
  Interface flags: Point-To-Point SNMP-Traps
  Input rate     : 0 bps (0 pps)
  Output rate    : 0 bps (0 pps)

Physical interface: ip-0/0/0, Enabled, Physical link is Up
  Interface index: 649, SNMP ifIndex: 515
  Type: IPIP, Link-level type: IP-over-IP, MTU: Unlimited,
  Speed: 800mbps
  Device flags   : Present Running
  Interface flags: SNMP-Traps
  Input rate     : 0 bps (0 pps)
  Output rate    : 0 bps (0 pps)

Physical interface: pfe-0/0/0, Enabled, Physical link is Up
  Interface index: 654, SNMP ifIndex: 509
  Speed: 800mbps
  Device flags   : Present Running
  Link flags     : None
  Last flapped   : Never
    Input packets : 0
    Output packets: 0

  Logical interface pfe-0/0/0.16383 (Index 565) (SNMP ifIndex 510)
    Flags: Up SNMP-Traps Encapsulation: ENET2
    Bandwidth: 0
    Input packets : 0
    Output packets: 0
    Protocol inet, MTU: Unlimited
    Max nh cache: 0, New hold nh limit: 0, Curr nh cnt: 0,
    Curr new hold cnt: 0, NH drop cnt: 0
      Flags: User-MTU
    Protocol inet6, MTU: Unlimited
    Max nh cache: 0, New hold nh limit: 0, Curr nh cnt: 0,
    Curr new hold cnt: 0, NH drop cnt: 0
      Flags: Is-Primary, User-MTU

Physical interface: pfh-0/0/0, Enabled, Physical link is Up
  Interface index: 653, SNMP ifIndex: 508
  Speed: 800mbps
---(more)---

List DHCP leases:

MikroTik: Click IP > DHCP Server, then click the Leases tab

image.png

Juniper:

root@nycmesh-1934-core> show dhcp server binding
IP address        Session Id  Hardware address   Expires     State      Interface
10.70.188.20      2536927     00:18:dd:0a:19:a7  510         BOUND      irb.12
10.70.188.19      3215990     00:d2:b1:58:87:46  263         BOUND      irb.12
10.70.188.64      282708      02:27:22:da:a6:7c  521         BOUND      irb.12
10.70.188.26      2533153     0c:62:a6:ad:ab:c5  337         BOUND      irb.12
10.70.188.192     334522      18:e8:29:26:ef:25  518         BOUND      irb.12
10.70.188.217     2778822     18:e8:29:59:f5:ab  586         BOUND      irb.12
10.70.188.241     2536920     18:fd:74:58:20:2e  321         BOUND      irb.12
10.70.188.202     2536918     18:fd:74:cb:d0:2d  311         BOUND      irb.12
10.70.188.21      3207138     18:fd:74:ef:6d:8a  506         BOUND      irb.12
10.70.188.132     3217186     1c:91:80:c8:51:d3  10          BOUND      irb.12
10.70.188.47      50490       28:29:86:5a:f4:15  533         BOUND      irb.12
10.70.188.197     2536785     28:29:86:6a:51:82  487         BOUND      irb.12
10.70.188.24      2536919     28:76:10:1e:35:8e  386         BOUND      irb.12
10.70.188.183     3213552     3a:e0:38:60:bb:91  198         BOUND      irb.12
10.70.188.172     2416730     3c:9b:d6:75:c8:f8  571         BOUND      irb.12
10.70.188.107     3216907     56:9d:3f:a6:d7:0f  57          BOUND      irb.12
10.70.188.193     2604196     5c:e9:31:7c:56:ff  537         BOUND      irb.12
10.70.188.130     3217152     5e:48:5d:5b:79:90  415         BOUND      irb.12
10.70.188.129     3217128     5e:8f:1b:e9:16:8a  2           BOUND      irb.12
10.70.188.44      1931696     60:22:32:4f:2b:fe  380         BOUND      irb.12
10.70.188.136     3217238     62:45:45:e2:0a:39  500         BOUND      irb.12
10.70.188.240     2857437     68:d7:9a:76:d4:f7  316         BOUND      irb.12
10.70.188.203     331465      68:d7:9a:a2:07:10  453         BOUND      irb.12
10.70.188.188     3213574     6a:5c:64:e1:8c:d4  439         BOUND      irb.12
10.70.184.90      3026881     70:a7:41:3e:aa:91  522         BOUND      irb.11
10.70.184.65      2953063     70:a7:41:3e:ab:d5  331         BOUND      irb.11
10.70.187.244     2730465     70:a7:41:3e:ab:f9  336         BOUND      irb.11
10.70.187.178     2476746     70:a7:41:3e:ac:51  589         BOUND      irb.11
10.70.184.93      3027863     70:a7:41:3e:ac:71  318         BOUND      irb.11
10.70.188.93      170763      70:a7:41:42:76:31  300         BOUND      irb.12
10.70.188.45      781270      74:83:c2:9c:92:fc  394         BOUND      irb.12
10.70.188.215     1945827     74:83:c2:c0:bb:90  582         BOUND      irb.12
10.70.188.36      2825439     74:83:c2:c3:d1:75  354         BOUND      irb.12
10.70.188.134     3147069     74:83:c2:c3:d1:83  533         BOUND      irb.12
10.70.188.86      25849       74:ac:b9:0c:9a:1d  360         BOUND      irb.12
10.70.188.161     71710       74:ac:b9:72:3f:33  454         BOUND      irb.12
10.70.188.75      2857433     74:ac:b9:b9:92:cc  559         BOUND      irb.12
10.70.188.53      2857440     74:ac:b9:bc:a7:2a  500         BOUND      irb.12
10.70.188.49      2857438     74:ac:b9:bc:ab:83  346         BOUND      irb.12
10.70.187.109     2182001     78:45:58:06:3c:9b  516         BOUND      irb.11
10.70.187.27      573697      78:45:58:06:3c:a5  549         BOUND      irb.11
10.70.187.31      573715      78:45:58:06:41:94  510         BOUND      irb.11
---(more)---

Show Device Address:

MikroTik: Click IP > Addresses.

image.png

Juniper:

Every Layer 3 (IP) network is attached to an irb which in turn is attached to a VLAN, unlike RouterOS where the IPs are attached to the interfaces directly, irrespective of Layer 2 interface type.

root@nycmesh-1934-core> show configuration interfaces irb
unit 0 {
    family inet {
        dhcp {
            vendor-id Juniper-qfx5100-48s-6q;
        }
    }
}
unit 10 {
    description "mesh bridge";
    family inet {
        address 10.69.19.34/16;
        address 10.70.189.1/24;
    }
}
unit 11 {
    description "Grand St OLTS";
    family inet {
        address 10.70.184.1/22;
    }
}
unit 12 {
    description "Grand St OOB";
    family inet {
        address 10.70.188.1/24;
    }
}
unit 51 {
    description nycmesh-1932-af24-227;
    family inet {
        address 10.70.251.18/30;
    }
}
unit 115 {
    description nycmesh-1933-mlq1-407;
    family inet {
        address 10.70.251.69/30;
    }
}
unit 202 {
    description nycmesh-1933-af60lr-7512;
    family inet {
        address 10.70.251.9/30;
    }
---(more)---

Each irb would then be attached to a VLAN, which in turn gets attached to interfaces.

root@nycmesh-1934-core> show configuration vlans
default {
    vlan-id 1;
    l3-interface irb.0;
}
grandstolts {
    vlan-id 11;
    l3-interface irb.11;
}
grandstoob {
    vlan-id 12;
    l3-interface irb.12;
}
mesh {
    vlan-id 10;
    l3-interface irb.10;
    isolated-vlan sectors;
}
nycmesh-1932-af24-227 {
    vlan-id 51;
    l3-interface irb.51;
}
nycmesh-1932-lhg60-2463 {
    vlan-id 500;
    l3-interface irb.500;
}
nycmesh-1933-af60lr-7512 {
    vlan-id 202;
    l3-interface irb.202;
}
nycmesh-1933-eh8010-5916 {
    vlan-id 302;
    l3-interface irb.302;
}
nycmesh-1933-mlq1-407 {
    vlan-id 115;
    l3-interface irb.115;
}
sectors {
    vlan-id 15;
    private-vlan isolated;
}

...which then get attached to interfaces (see above).