mac telnet

tuckerdog · March 7, 2025, 7:00pm

we cannot connect from 1100-ahx4 to a CRS125-24G-1S-2HnD by mac telnet…it does respond to mac-ping, and is in the neighbors list. the option “ALL” is chosen under tools/mac server, but still nothing. we had a tech on-site with a pc plug directly into this switch and use winbox, but unable to connect either.

Any thoughts?

Firmwares are 7.18.1

anav · March 7, 2025, 7:11pm

Two actually…

One or both configs is wrong
Why are you using unencrypted method for connectivity between two devices, use at least mac-server mac-winbox ( not mac-server )
But then again I dont understand the purpose of using telnet here…
If you simply want to reach the other device within the same network use winbox which is secure not plain telnet.

My bad if you were NOT using mac-telnet but telnet tool in winbox WITH SSH!!!

tuckerdog · March 7, 2025, 10:40pm

ok…winbox from my network segment is not happening, but even plugged directly onto the switch, winbox doesn’t link up…
I was using mac-telnet from the main 'Tik, giving this router it’s dhcp… same subnet.
As to configuration, i’ve set a ton of Tiks up and haven’t seen this one before.

anav · March 8, 2025, 12:16am

if they are on the same network system ( not at different locations ) then each smart device other than the main router gets an IP address in the trusted/managment vlan.
The iP discovery should be set to the TRUSTED interface of which the managment/vlan is a member
mac-winbox-mac should be set to the same TRUSTED interface.
winbox will work.
I assume you allow admin on input chain.

tuckerdog · March 8, 2025, 12:51pm

thanks…networking-101.

a notebook plugged directly into the mikrotik is unable to winbox connect. this type of connection does not require anything of the ip or vlan…as long as winbox can see the device in the neighbors tab (it does) then you should be able to login with the correct user/password.

tdw · March 8, 2025, 1:34pm

I’ve seen mac-telnet fail to work on a CRS318 with 7.14.1 which I believe was caused by a combination of unsuitable bridge port and neighbour discovery settings.

Do you have an /export of the configuration, if not you will have to use the serial console interface to gain access.

anav · March 8, 2025, 3:46pm

Already asked for.

anav · March 8, 2025, 3:46pm

/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys) ( both devices)

mkx · March 8, 2025, 3:50pm

winbox MAC connection can be controlled with settings under /tool/mac-server (MAC telnet and MAC winbox are configured separately) … indeed default is allowed-interface-list=all, but it’s easy to change it to anything else, including none (I’ve seen posts on this forum where posters claimed this is a very secure thing to do … which IMO might even be true but risky as well). Or somebody set it to some management interface list and then abandoned that list. Or forgot that it’s about interfaces not ports … so it’s bridge and VLAN interfaces, not individual ports (e.g. ether1 or sfp-sfpplus1). Also verify that there isn’t manually constructed interface list called “all” (I’m not sure if it could be created, but I’ve seen my share of weirdess in ROS).