I have an LHG LTE6 that I had set up 2.5 years ago and last accessed (I think) about a year ago. Not easily accessible physically. I set it up with LTE passthrough, with an additional management interface on 192.168.89.1/24 VLAN 1001.
I tried accessing it recently to check/update RouterOS and modem firmware versions and set up a watchdog, but I couldn’t. If I set up my laptop as 192.168.89.5/24 VLAN 1001, I can ping 192.168.89.1 and it responds, but does not accept any TCP connections on any port. I can only get it to respond to pings.
I even brought a Windows laptop (I normally use MacOS) and installed Winbox. When configured with NO VLAN, it detects my LTE6 as 192.168.88.1 (note the difference). I tried adding 192.168.88.5/24 to my ethernet and connecting to 192.168.88.1 with VLAN 1 (e.g. no VLAN), but that doesn’t work either: 192.168.88.1 is not even pingable.
I’m looking for advice here on what to do next — I might have messed something up, or my notes might be wrong, but what can I do, short of eventually climbing on a ladder, pulling the thing down, and setting it up from scratch?
I’m sorry for not including configs or versions, but as you can see I am in a situation where I simply don’t know.
If that address shown in Winbox is differently then the one you had setup earlier, it might be the device has gone through a config reset (why and how ? That’s another discussion).
But in that case Winbox should be able to get access via MAC address, user/passwd will then most likely also be reset to default (since it’s an older device, most likely admin/)
So via WInbox, click on MAC address and see if you can get in that way.
Thanks. I did try that, connecting with the MAC address did not work either. Not on VLAN 1001, and not on VLAN 1.
I’m puzzled, because the device is pingable on that VLAN 1001 using the management address from my notes (192.168.89.1/24). But it won’t accept connections.
@holvoeth
I have noticed that when an interface has more than one IP address the “lower” one is shown in Winbox (but also comes out in tools trace).
Cannot say if it applies to older versions or if it changes on different devices, but I have a setup where LAN interface has both 192.168.1.1 and 10.0.0.1 and Winbox sees the 10.0.0.1 address.
If the original default 192.168.88.1 has not been removed it would “win” over 192.168.89.1.
On the other hand if an accidental reset happened there would not be the 192.168.89.1, it must be something else. @jrychter
If the things is PoE powered or however it is easy to cut power, you can try power cycling it, before getting the ladder.
Also try rebooting the laptop, sometimes Winbox connections (by MAC) can be finnicky.
Oh, it’s being rebooted regularly. And I tried power cycling it to see if it would start responding at least temporarily, for example before LTE passthrough gets fully established (before the client device gets an address through DHCP). None of it helps. I have an LTE6 that works and performs LTE passthrough, but I can’t access it.
Assuming I climb and reach it, what are my next options? A full hardware reset to factory defaults?
Are you sure that (since you installed Winbox specifically for this task on a Windows notebook) that it is not something in the Windows settings (ip address subnet, firewall, other network devices, public vs. private network, etc.) that is preventing the connection via MAC?
If you have any other Mikrotik device, can you try connecting to it via Winbox on that laptop, so that a mis-configuration of the laptop can be excluded?
It’s unlikely to be the Windows laptop, because before trying it, I did everything on my Mac, which I normally use. No Winbox, but I tried all the VLAN and IP configurations and connecting with ssh.
The results were exactly the same: I can ping the router interface on 192.168.89.1/24 VLAN 1001, but I can’t connect to it. nmap shows no TCP ports responding on that address.
That said, while the IP situation should be the same on both laptops, connecting via MAC might indeed be prevented by something. I am slightly suspicious there because the router does not appear in the list immediately, it sometimes takes a long time (as in, more than 15 minutes) for it to appear.
FWIW, the Windows laptop is as simple as I can make it: Windows 11, realtek ethernet, wifi, minimal software installed, no VPNs or anything fancy. This laptop is only used as a console and to run various crappy Windows-only apps shipped by hardware manufacturers (like Victron).
I don’t know, the board is full of reports by people reporting issues with Winbox on Windows 10 or 11, so that is a common enough event.
The 15 minutes to “see” the device is instead very “strange”, if it was a “complex” network I would suspect a loop or something like that, but if you are directly connecting to the Mikrotik thingy it makes no sense.
Could it be - by any chance - a power issue?
I have seen routers/access points (not necessarily Mikroitk) doing “queer” things with an only partially failed power supply (providing under voltage or under current).
I think that after all you really need to get the ladder …
Cannot you get (without the ladder) get to the “other end” (presumably going to a router or switch) of the cable going to the LHG LTE6, disconnect it from the network and plug it directly on the laptop?
This way you would exclude any possible issue due to (mis-) configuration of other devices on the network, a working device should be visible in Winbox immediately or however in a few seconds, not 15 minutes, then (normally, but maybe when using VLAN it is different) you should be able to connect to it via MAC.
It is possible that you restricted access to the device to a given IP and that IP is not 192.168.89.5?
If you cannot access the device (due to wrong IP, credentials, VLAN, whatever) you will need to take it down and then you have reset or netinstall available only (by pressing the button).
Of course the issue wiil be recreating the configuration, unless you saved (or printed an /export) and you can find it, it will likely be a PITA.
As it turned out, the reason why I couldn’t connect to the device over my VLAN was because the VLAN wasn’t added to the “LAN” interface group. As a result, the firewall did not permit connections to the management interface. So, my fault!
I hope this helps someone. If you want to connect to your router via a VLAN, make sure that VLAN is in the LAN interface group for the firewall to let you through.
