No WinBox connection over IP/MAC

Hi!

I can not connect to my router over WinBox (all other Mikrotik devices work fine).
I can not connect via MAC address.
I can access the router over serial and WebFig.
I can ping it from another Mikrotik device and my PC.
I can connect over RoMON.
My PC is connected on ether3.

Any ideas?

# 2024-11-29 01:55:28 by RouterOS 7.16.2
# software id = XXX
#
# model = RB2011UiAS-2HnD
# serial number = XXX

/interface bridge
add admin-mac=64:D1:54:80:E4:98 auto-mac=no name=main-bridge port-cost-mode=short
/interface wireless
# managed by CAPsMAN
# channel: 2447/20-eC/gn(26dBm), SSID: lord-of-the-ping, CAPsMAN forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik-80E4A1 wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] comment="PoE IN" name="ether1[lag9]"
set [ find default-name=ether2 ] name="ether2[lag10]"
set [ find default-name=ether6 ]
set [ find default-name=ether7 ]
set [ find default-name=ether8 ]
set [ find default-name=ether9 ]
set [ find default-name=ether10 ]
/interface bonding
add comment="Bonding dg 1,2 === core-switch 6,8" mode=802.3ad name=bonding-core-router slaves="ether1[lag9],ether2[lag10]"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/interface bridge port
add bridge=main-bridge interface=ether3
add bridge=main-bridge interface=ether4
add bridge=main-bridge interface=ether5
add bridge=main-bridge interface=ether6
add bridge=main-bridge interface=ether7
add bridge=main-bridge interface=ether8
add bridge=main-bridge interface=ether9
add bridge=main-bridge interface=ether10
add bridge=main-bridge interface=sfp1
add bridge=main-bridge interface=bonding-core-router
add bridge=main-bridge interface=wlan1
add bridge=main-bridge interface=*14
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=*2000011
/ipv6 settings
set disable-ipv6=yes forward=no
/interface wireless cap
# 
set certificate=request discovery-interfaces="ether1[lag9]" enabled=yes interfaces=wlan1
/ip dhcp-client
add interface=main-bridge
/ip dns
set allow-remote-requests=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=*2000010
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip service
set ftp disabled=yes
set winbox address=10.10.0.0/16
/snmp
set contact="aaron" enabled=yes location=DG
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=dg-router
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=pool.ntp.org
/tool mac-server ping
set enabled=no
/tool romon
set enabled=yes
/tool romon port
add disabled=no forbid=yes interface=wlan1

It looks like you’ve been adding and deleting a lot of items (dangling references with ***** prefix), but more importantly you’ve deleted the default “LAN” and “WAN” interface lists.
Out-of-the-box config for the MAC-Telnet and MAC-Winbox has “allowed interface list = LAN”, so now it’s either “allowed interface list = (deleted reference)” or it auto switched back to “none”.

Try to see what it reports in print.

[admin@MikroTik] > /tool/mac-server/print 
  allowed-interface-list: (mystery here)
[admin@MikroTik] > /tool/mac-server/mac-winbox/print 
  allowed-interface-list: (mystery here)
[admin@MikroTik] >

Then create a new interface list (doesn’t have to be “LAN”, can be “allow-macwinbox-from” for example), put the ports you want in it, and assign in those two menus.

Thanks @wrkq! It was indeed a dangling interface identifier in /ip/neighbor/discovery-settings, setting it over the UI did not save it correctly, so after setting it over the terminal, it worked again!

/ip/neighbor/discovery-settings set discover-interface-list=all