[Issue/Bug] RB5009UPr+S+IN suffering with log spam saying "etherX detected poe-out status: no_valid_psu"

Hi Guys,

I have recently purchased a RB5009UPr+S+IN (https://mikrotik.com/product/rb5009upr_s_in) and configrued it tonight. I have this powered by a CISCO SG250-08HP POE Switch with POE power being sent though ether1. Its has a bond (LACP) with ether1 and ether2 going back to the CISCO switch for my LAN as I don’t have 2.5Gb/s LAN POE switches yet.

Everything is operating correctly, but I have noticed a warning which is now spamming the log every few mins and is coming from every port which is saying:

etherX detected poe-out status: no_valid_psu
etherX detected poe-out status: disabled

This wasn’t happening when it was connected via DC jack earlier tonight, but started as soon as its ONLY being now powered by ether1 (POE).

I have made sure that all ports have POE set to OFF but the messages keeps coming, despite the router staying online/powered up.

I am running 7.6 latest stable release of ROS. Also the routerboard firmware is also running 7.6.

Is there away to stop these messages, or is something I have forgotten to do? or maybe a bug?

Summery

SPF connected to ONT via vlan911 which provides my internet using PPOE.
ether1 and ether2 connected to CISCO POE switch.
Power is being sent on both but I believe its only working into ether1 (from what I can see this is normal even on this version)

Below is a full copy of my running config, just with a few bits XX or YY out, but nothing which would make the config unreadable.

# nov/21/2022 21:43:21 by RouterOS 7.6
# software id = JJNA-ABWH
#
# model = RB5009UPr+S+
# serial number = XXXXXXX
/interface bridge
add admin-mac=18:FD:XX:XX:XX:XX auto-mac=no disabled=yes name=bridge
/interface ethernet
set [ find default-name=ether1 ] comment="CISCO | SW01 | LAG| PORT 1" poe-out=off
set [ find default-name=ether2 ] comment="CISCO | SW01 | LAG | PORT 2" poe-out=off
set [ find default-name=ether3 ] disabled=yes poe-out=off
set [ find default-name=ether4 ] disabled=yes poe-out=off
set [ find default-name=ether5 ] disabled=yes poe-out=off
set [ find default-name=ether6 ] disabled=yes poe-out=off
set [ find default-name=ether7 ] disabled=yes poe-out=off
set [ find default-name=ether8 ] disabled=yes poe-out=off
set [ find default-name=sfp-sfpplus1 ] comment="City Fibre | ONT"
/interface vlan
add comment="Briant Broadband | VLAN" interface=sfp-sfpplus1 name=vlan911 vlan-id=911
/interface bonding
add comment="CISCO | SW01 | LCAP" mode=802.3ad name=bond0 slaves=ether1,ether2 transmit-hash-policy=layer-2-and-3
/interface pppoe-client
add add-default-route=yes comment="Briant Broadband | Internet" disabled=no interface=vlan911 name=pppoe0 use-peer-dns=yes user=XXXXXXXXXX
/interface vlan
add comment="Core | Network" interface=bond0 name=vlan2910 vlan-id=2910
add comment="Trusted | Network" interface=bond0 name=vlan2920 vlan-id=2920
add comment="Work | Network" interface=bond0 name=vlan2930 vlan-id=2930
add comment="Guest | Network" interface=bond0 name=vlan2950 vlan-id=2950
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=vlan2910 ranges=10.29.10.80-10.29.10.200
add name=vlan2920 ranges=10.29.20.80-10.29.20.200
add name=vlan2930 ranges=10.29.30.80-10.29.30.200
add name=vlan2950 ranges=10.29.50.80-10.29.50.200
/ip dhcp-server
add address-pool=vlan2910 interface=vlan2910 name=vlan2910
add address-pool=vlan2920 interface=vlan2920 name=vlan2920
add address-pool=vlan2930 interface=vlan2930 name=vlan2930
add address-pool=vlan2950 interface=vlan2950 name=vlan2950
/interface bridge port
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=sfp-sfpplus1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=untagged interface=bond0 list=LAN
add comment=untagged interface=sfp-sfpplus1 list=WAN
add comment="Core | Network" interface=vlan2910 list=LAN
add comment="Trusted | Network" interface=vlan2920 list=LAN
add comment="Work | Network" interface=vlan2930 list=LAN
add comment="Guest | Network" interface=vlan2950 list=LAN
add comment="Briant | Broadband" interface=vlan911 list=WAN
add comment="WAN | Internet" interface=pppoe0 list=WAN
/ip address
add address=10.29.10.254/24 interface=vlan2910 network=10.29.10.0
add address=10.29.20.254/24 interface=vlan2920 network=10.29.20.0
add address=10.29.30.254/24 interface=vlan2930 network=10.29.30.0
add address=10.29.50.254/24 interface=vlan2950 network=10.29.50.0
add address=10.29.10.1/24 interface=vlan2910 network=10.29.10.0
add address=10.29.20.1/24 interface=vlan2920 network=10.29.20.0
add address=10.29.30.1/24 interface=vlan2930 network=10.29.30.0
add address=10.29.50.1/24 interface=vlan2950 network=10.29.50.0
/ip dhcp-server network
add address=10.29.10.0/24 comment=vlan2910 dns-server=10.29.10.1 gateway=10.29.10.1 netmask=24
add address=10.29.20.0/24 comment=vlan2920 dns-server=10.29.20.1 gateway=10.29.20.1 netmask=24
add address=10.29.30.0/24 comment=vlan2930 dns-server=10.29.30.1 gateway=10.29.30.1 netmask=24
add address=10.29.50.0/24 comment=vlan2950 dns-server=10.29.50.1 gateway=10.29.50.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=10.29.10.35,10.29.10.36
/ip firewall address-list
add address=82.XX.XX.XX comment="Dad's | Home" list=TRUSTED
add address=159.XX.XX.XX comment="Simons | Home" list=TRUSTED
add address=62.XX.XX.XX comment="Steven's | Work" list=TRUSTED
add address=212.XX.XX.XX comment="Trudie's | Home" list=TRUSTED
add address=10.XX.XX.0/24 comment="Core | Network" list=TRUSTED
add address=10.XX.YY.0/24 comment="Trusted | Network" list=TRUSTED
add address=176.XX.XX.XX comment="Hetzner | Dedicated" list=TRUSTED
/ip firewall filter
add action=accept chain=input comment="accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input comment="accept to local loopback" dst-address=127.0.0.1
add action=jump chain=input comment="allow icmp" jump-target=icmp
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=jump chain=input comment="allow access to router" jump-target=router
add action=drop chain=input comment="drop all not coming from LAN" in-interface-list=!LAN log=yes log-prefix=drop_not_LAN
add action=accept chain=forward comment="accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=fasttrack connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=jump chain=forward comment="allow access to lan" jump-target=lan
add action=drop chain=forward comment="drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=accept chain=icmp comment="0:0 and limit for 5 packets per second" icmp-options=0:0-255 limit=5,5:packet protocol=icmp
add action=accept chain=icmp comment="3:3 and limit for 5 packets per second" icmp-options=3:3 limit=5,5:packet protocol=icmp
add action=accept chain=icmp comment="3:4 and limit for 5 packets per second" icmp-options=3:4 limit=5,5:packet protocol=icmp
add action=accept chain=icmp comment="8:0 and limit for 5 packets per second" icmp-options=8:0-255 limit=5,5:packet protocol=icmp
add action=accept chain=icmp comment="11:0 and limit for 5 packets per second" icmp-options=11:0-255 limit=5,5:packet protocol=icmp
add action=accept chain=router comment="accept SSH to router *trusted*" dst-port=22 log=yes log-prefix=test_log protocol=tcp src-address-list=TRUSTED
add action=accept chain=router comment="accept Winbox to router *trusted*" dst-port=8291 protocol=tcp src-address-list=TRUSTED
add action=accept chain=lan comment="accept access to mgmt01 *trusted*" dst-port=10022 in-interface-list=WAN protocol=tcp src-address-list=TRUSTED
add action=accept chain=router comment="accept udp dns queries from lan" dst-port=53 in-interface-list=LAN protocol=udp
add action=accept chain=router comment="accept tcp dns queries from lan" dst-port=53 in-interface-list=LAN protocol=tcp
add action=accept chain=router comment="accept udp ntp queries from lan" dst-port=123 in-interface-list=LAN protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=10022 in-interface-list=WAN protocol=tcp to-addresses=10.XX.XX.100 to-ports=10022
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www-ssl certificate=XXXX.xyz disabled=no tls-version=only-1.2
set api disabled=yes
set api-ssl certificate=XXXX.xyz tls-version=only-1.2
/ipv6 firewall address-list
add address=::/128 comment="unspecified address" list=bad_ipv6
add address=::1/128 comment=lo list=bad_ipv6
add address=fec0::/10 comment=site-local list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment=ipv4-mapped list=bad_ipv6
add address=::/96 comment="ipv4 compat" list=bad_ipv6
add address=100::/64 comment="discard only " list=bad_ipv6
add address=2001:db8::/32 comment=documentation list=bad_ipv6
add address=2001:10::/28 comment=ORCHID list=bad_ipv6
add address=3ffe::/16 comment=6bone list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=accept chain=input comment="accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=drop chain=forward comment="drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="accept HIP" protocol=139
add action=accept chain=forward comment="accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-autodetect=no time-zone-name=UTC
/system identity
set name=router01
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes
/system ntp client servers
add address=ntp0.linx.net
add address=ntp1.linx.net
add address=ntp2.linx.net
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Also last note, if anyone has any suggestions for tweaks or improvements, please let me know.
I am kinda rusty with MTK as been using UBNT over these past recent years.

Looking forward to your reply.

Simon

4th topic’s the charm.
File a bug report.

Thanks, will do.

Applogies, I didn’t notice any others, my bad.

I now see that you were refering to myself/posts.
This was an accdent, the post wasn’t submitting, so I was shrinking it down as I thought the code was causing the problem. I then found saving a draft then saved fine and could edit it. After looking for what you mentioned, I noticed my post a few times. This really was not my intention, Applogies, I have just deleted the duplcate posts.

Confirmed with Mikrotik support that there is a bug in 7.6 ROS with the RB5009UPr+S+IN which they managed to reproduce in their labs. This I am told will be fixed in the upcoming new release but no ETA on when this will be (yet).

Thanks Mikrotik support for reproducing and creating a fix for this.

Kind Regards,

Simon

Can you please provide the ticket number for reference? We’re getting this error on a remote solar site and have exhausted every last idea of what it could be. Checking the RouterOS change logs from 7.6 to 7.8rc2, I’m not seeing this fix mentioned anywhere. It seems amazing to me that they haven’t fixed it yet so I’m going to open another ticket, hopefully referencing yours, and ask for an update.

Hi @brotherdust,

Sorry for the delay, only just noticed the reply.

The support case ID is
SUP-98865

This has not been fixed yet, ive been testing and also checking change logs but still not resolved. ATM I have had to add power supply as the spam was getting stupid.

I have pasted below their answer, I hope this helps.

Oļegs Š.23/Nov/22 6:55 AM

Hello,

Thank you for the report!

We have managed to reproduce the issue locally in our labs and look forward to fixing it on upcoming RouterOS versions, unfortunately, I cannot provide a release date now.

Best regards,

Have you resolved your problem？
I also encountered similar issues when using routerOS 7.8. When I use the original power supply, it will appear “etherX detected poe-out status: no_valid_psu” once in the startup log every time. This log only appears once after rebooting. At first, I suspected it was a power issue, but I didn’t see this message again after upgrading to 7.9.