I have 5 off RB3011 OS version 6.49.6 linked by OSPF, I noticed that somebody was trying to access one of the routers via it’s public IP, they did not find my password.
I decided to add to ip/services an available from address, as I have done to my CSS106’s, I added 192.168.121.0/24. This blocked all access, including me.
Any good ideas how I can resolve this situation? Or is it wipe the working router?
David.
Where is this 192.168.121.0/24 range actually used then ? On 1 of these remote sites ?
Just get a working-PC on that range, teamviewer/RDP into it and from there Winbox/WebFig to your RouterOS boxes ?
Thank you for the reply, 192.168.121 etc, is used on another router, I’m using that one at present.
Bur I cannot access the router that I set the restrictions on, it’s still working, but I cannot get into it to configure it.
David.
When using Winbox you might be able to connect by MAC address.
Unfortunately I have disabled winbox access, I only have HTTP access enabled.
David.
And no ROMON access either via other nearby Mikrotik device ?
So you close the door, throw away the key and then additionally put a wall in front of the door.
How is anyone supposed to help with that ?
If there is still a way in, you should know about it.
Hopefully 1 ether port off-bridge or a serial port but that means local access.
No so long ago locked myself out of my RB5009.
I had “some sort of recent backup” and needed to factory-default it + restore that config.
That part went OK
Since then I have indeed 1 dedicated physical port “off-bridge” so I can gain some last-resort access … anytime!
Never too old for some lessons 
Unless you have disabled this option.
The Mikrotik woobm is handy for this scenario.
Plug into the usb port, looks like a serial console interface to the Mikrotik.
Connect to it wirelessly from your laptop.
Perhaps a router between you and the target router is doing NAT, so the target router is not seeing a 192.168.121.x IP address?
Also crossed my mind.
Too bad it has been discontinued… so those still having it, make sure to keep it safe !
The RB3011 has a console port on the back. So access should be always possible.
Cheers Michael
Thank you for the suggestions, I think using the console port or the USB port is my only option I had left 192.168.88.1 on ether 10, but that is also connected to a bridge, I’m learning some hard lessons. I have been reconfiguring other routers so that 192.168.88.1 is on it’s own port WITHOUT a bridge connection.
I had a thought that the OSPF connection to this router uses 172.16.1.1/30, could I use that?
Is there a guide to using the console port or the USB port?
David.
USB-Serial adapter and a null-modem cable works similarly, just isn’t wireless.