Can't connect to one of my 2 RBSXT 5HnD

Hello!
I am struggling a while with the following issue.
I’ve a link connected. I mean established. The Link wasn’t in use for a long time.
Since few days I connect everything together and it seems to work. I mean, I have on the client’s side internet.
This Link is with 2 RB SXT 5HnD.
Unfortunately I can’t connect to one of these 2 RB SXT 5HnD and I am wondeig if this coould be a setings issue or if this could be something from the hardware.
To be more accurate some times I connected, but only for some secοnds and only from the Mobile app by using the MAC address.
I already have tried to connect via Winbox, and via the IP (webfig), but without success.

Winbox listed both, but I can’t connect to them to make any change in the settings or to update or so.
Through the IP I can connectonl only to one of them. Could this be something I do wrongly with the settings?
Both are in the Version 6.47 (stable).

Thank you in advance for any help!

Hello, my suggestion is to try access from a neighboring mikrotik router, in winbox go to IP neigbhors and try a MAC Telnet;

If successful, now activate ROMON
/tools romon set enable=yes

If all your MikroTik equipment has ROMON active, you can easily access it using ROMON on the winbox to have access even if the SXT did not have an IP;

https://help.mikrotik.com/docs/display/ROS/RoMON

…almost 1 year later!

I connected through winbox to both. Unfortunately it is still not possible for me to connect to the client side with the Mikrotik App or through the web-interface. I get always the Message Conection refused!

• I have the correct Username and Password
• I have tried multiple times through the IP address as well as through the MAC address, I get always the message “connection refused”.
  
  
  I want to be able to connect from my mikrotik app to both.

and following some additional questions:
From my AP side in the Quick Set I see:

• Antenna Gain: 0 dBi
• Max Distance 10 km
  given the fact that the distance is much, much shorter ( <500m ), should I change something in these fields?
  My Client side shows a Tx/Rx Signal Strength [ -63/-62 dBm ] and idk is this good? Should it be better? or could it be better? e.g. if I change something in the different fields?

Thank you in advance for every help!

Show us configuration of both devices … and mention IP address of management PC (running Winbox or web browser) and where it’s connected (physically). Without seeing exact configuration it’s impossible to tell the reason why it doesn’t work the way you wanted it to.

I hope the picure will help.
I connected via WinBox from the AP-side to the AP through IP-Address and to the client through MAC address!
It is not possible to connect to the AP through MAC address and it is not possible to connect to the client through the IP address! wierd! …or not?
(see picture)

if there is somthing in the picture I have to hide, please let me know to change the picture!

Many thanx in advance!

Screenshots are (mostly) useless, you can remove it as well. Open terminal window and execute /export file=aynnameyouwish … fetch resulting file to your management computer, open it with your favourite text editor, redact any sensitive information (such as serial number, public IP address, wireless PSK, etc.) and copy-paste it inside [__code] [/code] tag pair ( icon in the button bar above post editing frame).

Thank you for your assistance!
“redacted” is added by me.
Unfortunately I am from the client’s side now and on a MAC using WInBox via Vine. I did it for the 1st time. (Vine, etc.)
The connection to the client’s menu interface, is still not possible via Mikrotik App (MAC&IP), via IP entering in the browser, via WinBox via Vine.
Although the Link is working properly!
[
…but I have A thought now…this Link was established when it was reverse (contrary), so maybe I am on the AP side right now. ( I have to check it again ) …but can this be the issue that i can’t connect from the Mikrotik App or the Browser?
]

Following the export from the AP

# dec/03/2024 12:27:06 by RouterOS 6.47
# software id = 8HIJ-YPH7
#
# model = SXT 5HPnD
# serial number = ***redacted***
/interface bridge
add fast-forward=no mtu=1500 name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n channel-width=20/40mhz-eC \
    country=***redacted*** default-authentication=no disabled=no frequency=***redacted*** mode=\
    bridge name=wlan1-gateway nv2-cell-radius=10 ssid=***redacted*** \
    wireless-protocol=nv2
/interface ethernet
set [ find default-name=ether1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
    ether1-local
/interface list
add name=mactel
add name=mac-winbox
add name=LAN
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=***redacted***
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay interface=\
    ether1-local lease-time=3d name=default
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge filter
add action=drop chain=input dst-port=68 in-interface=ether1-local \
    ip-protocol=udp mac-protocol=ip
/interface bridge port
add bridge=bridge1 hw=no interface=ether1-local
add bridge=bridge1 interface=wlan1-gateway
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=ether1-local list=mactel
add interface=ether1-local list=mac-winbox
add interface=ether1-local list=WAN
add interface=wlan1-gateway list=LAN
/interface wireless access-list
add interface=wlan1-gateway mac-address=D4:CA:6D:4E:BF:F7
/interface wireless connect-list
add interface=wlan1-gateway mac-address=D4:CA:6D:4E:BF:F7
add interface=wlan1-gateway mac-address=D4:CA:6D:4E:BF:F7
/ip address
add address=192.168.88.1/24 comment="default configuration" disabled=yes \
    interface=ether1-local network=192.168.88.0
add address=192.168.1.111/24 disabled=yes interface=bridge1 network=\
    192.168.1.0
/ip dhcp-client
add comment="default configuration" disabled=no interface=bridge1
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
    192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router type=A
/ip firewall filter
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" \
    connection-state=established
add action=accept chain=input comment="default configuration" \
    connection-state=related
# in/out-interface matcher not possible when interface (wlan1-gateway) is slave - use master instead (bridge1)
add action=accept chain=input comment="default configuration" in-interface=\
    wlan1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=\
    yes out-interface=wlan1-gateway
/ip proxy
set cache-path=web-proxy1 parent-proxy=0.0.0.0
/ip service
set api disabled=yes
/system clock
set time-zone-name=Europe/Athens
/system identity
set name=GioR
/system leds
set 0 interface=wlan1-gateway
add interface=ether1-local leds=user-led type=interface-activity
/tool graphing interface
add
/tool graphing resource
add
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool netwatch
add disabled=yes host=192.168.1.1
/tool romon
set enabled=yes

in case there’s anything else that needs to be hidden, let me know.

It would be great if you could post also configuration of the other end (the one you can’t get into).

While looking at config of “this end”, I see a few things:

• there’s some firewall, but with a few errors (like using interface which is “enslaved” to bridge as in- or out-interface)
  There’s no “drop everything else” rule, so that would not explain why you wouldn’t be able to connect via IP … but this may be different on the other end.
• there are some remntants of default config (IP address, DNS entry, enabled DHCP server, …) which should be removed not to make any disturbances
• MAC winbox access is restricted to members of mac-winbox interface list … which has no members. Which effectively blocks any MAC winbox access.

Thank you for the answer!
I hope it will be for me possible to post the export from the other side today.
Until then, what is your assessment of the quality / speed of the connection (see also the screenshot above …I don’t know if there is a command for the terminal) ?
I mean, is Rx/Tx ~= -61/-62 dBm for the RBSXT’s good, acceptable, bad?
Could it be better?
Should the field Max Distance change?

In CLI you can get radio link details by running command

/interface wireless registration-table print stats

IMO, signal strength of around -60dBm is pretty decent. Ideally signal-to-noise value will be as high as possible (30dB or more) which then should offer good service.

One value which does show how good link performs is CCQ .. the re are both tx-ccq and rx-ccq … values are in % and ideally they would be near 100 … and anything higher than 90 is very good. But make sure that link is utilized (to the max if possible) while looking at the values, with idle link numbers are meaningless.
Another pair of values, which tell quite a lot about link performance, is tx-rate and rx-rate … depending on channel configuration (20/40/80MHz) and hardware capabilities (number of chains on both sides) as well as on RSSI and SINR displayed values cna vary, ideally they would be at maximum possible for channel configuration. Again these can throttle down if radio link is idle.

Re distance: I think that when operating in nv2 mode, relevant parameter is nv2-cell-radius … check the description in nv2 manual. In short: it’s set in units of kilometer and setting of 10km is plenty … but at the same time it’s the lowest valid value (valid range is 10..200). So I guess you can just leave it be.

Many thanx!

where can I find the RSSI and SINR values? In which menu or with which command?

I have now the export from the other side:

# dec/04/2024 17:38:42 by RouterOS 6.47
# software id = ASFP-8PIM
#
# model = SXT 5HPnD
# serial number = ***redacted***
/interface bridge
add fast-forward=no mtu=1500 name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n channel-width=20/40mhz-eC \
    country=***redacted*** disabled=no frequency=***redacted*** ht-supported-mcs="mcs-0,mcs-1,mc\
    s-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,\
    mcs-14,mcs-15" mode=station-bridge name=wlan1-gateway ssid=***redacted*** \
    wireless-protocol=nv2
/interface ethernet
set [ find default-name=ether1 ] name=ether1-local
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=***redacted***
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay interface=\
    ether1-local lease-time=3d name=default
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge1 interface=wlan1-gateway
add bridge=bridge1 hw=no interface=ether1-local
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=ether1-local list=discover
add interface=wlan1-gateway list=discover
add interface=bridge1 list=discover
add interface=ether1-local list=mactel
add interface=ether1-local list=mac-winbox
add interface=wlan1-gateway
add interface=wlan1-gateway list=WAN
/ip address
add address=192.168.88.2/24 comment="default configuration" interface=\
    ether1-local network=192.168.88.0
add address=192.168.1.108/24 interface=ether1-local network=192.168.1.0
/ip dhcp-client
add comment="default configuration" interface=bridge1
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
    192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=192.168.1.1
/ip dns static
add address=192.168.88.1 name=router type=A
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=!*2000014
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=\
    yes out-interface=wlan1-gateway
/ip proxy
set cache-path=web-proxy1 max-cache-size=none parent-proxy=0.0.0.0
/ip route
add distance=1 gateway=192.168.1.1
/ip service
set api disabled=yes
/system clock
set time-zone-name=Europe/Athens
/system identity
set name=Gio@June
/system leds
set 0 interface=wlan1-gateway
add interface=ether1-local leds=user-led type=interface-activity
/tool graphing interface
add
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool romon
set enabled=yes

“redacted” is added by me
in case there’s anything else that needs to be hidden, let me know.
I saw under ip firewall filter the following that I guess is the issue, (but I am not sure):
*add action=drop chain=input in-interface-list=!2000014

I disabled this ( add action=drop chain=input in-interface-list=!*2000014 )
→ and I can now connect from my MikroTik App to both via IP and only to one of them (xxx.108) via MAC.
→ and to both of them via IP from a regular Browser

…but was this maybe set for more security ???

As a general rule, whenever you find in a Mikrotik a value that is normally text replaced by an asterisk “*” followed by a number (often a hex number) it basically means:
"Here is a placeholder for something that did exist but has been removed/renamed/whatever and now I cannot find it anymore.

Usually this firewall rule:
add action=drop chain=input in-interface-list=!*2000014

would be to drop everything not coming from LAN, i.e.
add action=drop chain=input in-interface-list=!LAN

but you have a non-default interface list set:

/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN

so in you case it could be:
add action=drop chain=input in-interface-list=!mac-winbox
aka access only possible from ether1:

/interface list member
add interface=ether1-local list=discover
add interface=wlan1-gateway list=discover
add interface=bridge1 list=discover
add interface=ether1-local list=mactel
add interface=ether1-local list=mac-winbox
add interface=wlan1-gateway
add interface=wlan1-gateway list=WAN

if this is what you want.

Update!

From my clients side I am still not possible to connect the client Except only to my AP but I figure out that I was confused where is what.
So, Ι downloaded the RBSXT (I mean I taked it down from the mast) from the side I thought it was the client but I saw that this RBSXT was set as the Bridge AP!
So it also works the other way around.

(Place One with internet connection )- RBSXT (Client) ~~~~~ RBSXT (AP) -(Place Two)

I know it is a little confusing, but the primary connection (the p2p-link) was established when the internet connection was on Place Two.

regarding the quality of the connection I want to know how can I measure it?
The command “/interface wireless registration-table print stats” gave me this results, but I can’t do something with them…

[admin@GioR] > /interface wireless registration-table print stats
 0 interface=wlan1-gateway radio-name="D4CA6D4EBFF7" mac-address=D4:CA:6D:4E:BF:F7 ap=no wds=no bridge=yes 
   rx-rate="120Mbps-40MHz/1S/SGI" tx-rate="108Mbps-40MHz/1S" packets=383344,1329231 bytes=82990994,1266411093 
   frames=260657,864639 frame-bytes=83523511,1267974940 uptime=19h53m14s last-activity=0ms signal-strength=-62dBm 
   signal-to-noise=56dB signal-strength-ch0=-64dBm signal-strength-ch1=-67dBm tx-signal-strength-ch0=-65dBm 
   tx-signal-strength-ch1=-67dBm strength-at-rates=-62dBm@6Mbps 0ms,-63dBm@9Mbps 19h28m8s460ms,-62dBm@12Mbps 
                  19h14m18s850ms,-64dBm@18Mbps 19h3m7s600ms,-61dBm@24Mbps 12m59s480ms,-62dBm@36Mbps 12m59s480ms,-
                  62dBm@48Mbps 3s860ms,-62dBm@54Mbps 3s810ms,-63dBm@HT20-0 19h48m19s530ms,-63dBm@HT20-1 19h44m55s440ms,-
                  62dBm@HT20-2 1h9m38s70ms,-62dBm@HT20-3 21m40s790ms,-62dBm@HT20-4 3s690ms,-62dBm@HT20-5 3s630ms,-
                  62dBm@HT20-6 3s420ms,-61dBm@HT20-7 3s310ms,-65dBm@HT40-0 18h38m50s560ms,-65dBm@HT40-1 46m44s740ms,-
                  64dBm@HT40-2 440ms,-64dBm@HT40-3 430ms,-64dBm@HT40-4 380ms,-65dBm@HT40-5 220ms,-64dBm@HT40-6 1s620ms,-
                  65dBm@HT40-7 1s390ms 
   tx-signal-strength=-62dBm tx-ccq=62% rx-ccq=74% distance=1 routeros-version="6.47" last-ip=192.168.1.1 
   tx-rate-set="OFDM:6-54 BW:1x-2x SGI:2x HT:0-15" tdma-timing-offset=1 tdma-tx-size=496 tdma-rx-size=496 
   tdma-retx=699 tdma-winfull=0

How could I measure my connection, let’s say to be able to say " I have an excellent / good / acceptable / bad connection "

In WinBox via MacOS I can see both, but I can connect only to the one of them. ( GioR the AP )

At first I thought a chip had broken. <–That thought begins to recede.