Yesterday I got this new switch, with the card & factory info: MAC, SN, login/password. Logged in fine with factory password. I did change it soon after first login.
I was able to config the switch almost all the way, it was running and working just hadn’t set up VPAN filtering. I thought I had changed the factory password. Even wrote it down. Today I need to get in to the switch but can't seem to get past the password auth. I thought no big deal, I wanted to change my port layout anyway, let's do a factory reset.
I did this multiple times and different ways. Each time it would finish booting I can ssh to it ( not before I have to delete the old/ previous key)
Ok search ... hmm people are having luck after performing factory reset, I did it the same way & different ways too. Even held reset 30 seconds while power is on- disconnect keep holding 30 seconds- plug in hold 30 seconds.
You only get one shot at the password before it rejects you. Ugh. I'm frustrated and lost. I’ve attempted so many passwords, what I wrote down, everything on the card, can’t get in. Any ideas?
I would use winbox, there is a version for linux and mac (as well as traditional one for windows)
You can then login via mac address (when it has no ip address assigned) It also remembers your password for you. (And you can copy/paste the password into it from notepad or similar)
After a factory reset, it should be back at the factory password. (You could try blank password too)
Failing this, then netinstall, It will take some practice to get this right…
I am having a hell of a time getting this switch to enter netinstall mode. Any tricks? This is what I have done: power off, hold reset, plug in& keep holding, blue lite flashes about 9 seconds in, stops flashing around 15 seconds in, goes off, release button, lite comes on solid around 22 seconds. The other method, power on, hold switch 30 seconds, unplug, hold for 30, plug in hold for 30. Same result.
I tried setting en5s0 to ip 192.168.88.3. Sudo netinstall-cli-7.16.2 ( as well as the latest 7.20.2) -r -v -i enp5s0 routeros--arm.npk. The output always hangs at Waiting for RouterBOARD.
It feels like a brick looks like a brick and acts like a brick. I think it’s a brick
On windows at least, You have to disable all other network interfaces.
Apparently, a dumb switch between your PC and ether1 (the netinstall port) on the device can sometimes help.
Maybe firewall off (and no internet access) if running something other than defender.
When I get it into bootloader mode (LED off, doesn’t boot normally), I ran tcpdump and can see the switch gets a DHCP address (192.168.88.10) then starts spamming TFTP requests for a file called “vmlinux” - it’s NOT using the netinstall protocol. I set up both tftpd-hpa and atftpd servers, put the RouterOS .npk file in there, even made a “vmlinux” symlink and copy of the file. The TFTP servers are definitely receiving the requests (I see them in tcpdump) but they just don’t respond - no errors in logs, nothing. After about 30 seconds the bootloader gives up and boots into the locked RouterOS.
And hence the requirement (strictly speaking it's a strong recommendation, but for most purposes it's a requirement) to perform netinstall over network which connects only two devices: MT device being netinstalled (i.e. CRS310) and device running netinstall (windows/linux computer). Which is the most certain way of not having "standard" services (TFTP, DHCP) mess with the delicate netinstall process.
I have to add more info to this.
Netinstall tftp process is in 2 stages.
I have also been in contact with Mikrotik's support division, where I have made a suggestion that they can add support for netinstall-cli to also support ip address assignment via dhcp.
To avoid having to do what I did. That is, changed routerboot from bootp to dhcp.
Get a ip with bootp.(if that not being changed to dhcp like i did on my old thread1thread2
Get the netinstall device specific file for arm, arm64, mips, mipsbe and so on via tftp.
Device runs that netinstall device specific file.
Then it's running it's get the RouterOS image for the specific device via tftp.
Flashes the RouterOS image to nand flash.
@tangent So if you in the vm you could also support dnsmasq and extracting the netinstall device specific file for also unbrick these devices.
