Hello fellows…
I’ve experienced a very whicked problem…
It happens once a week or twice…All my mikrotiks(about 5 on the chain) reboot one after another..and there is no visible reason?
Can someone tell me if he/she experienced the same problem and what is the solution?
Regards Promind
enable all logs and set them to disk and then see what caused a reboot. either a power problem, or something else.
Do you by any chance have the system watchdog enabled and watching its’ “neighbours” ip address?
I saw that domino effect once, where one router rebooted because of a power outage, and then all other routers in the chain did the same 
Best regards,
Christian Meis
yes I did…but didn’t set any neighbour address
…but the fact is that when I disable watchdog machines begin blocking one after another.
all logs stored in disk…and nothing again…
log just says router was rebooted without proper shutdown
no other messages…
also it’s not power failure I’m 100% sure
but it looks like it is. it is nearly impossible for a software/hardware error to occur at the same time on all routers.
I’m pretty sure it’s not power failure…
1st router 0km
2nd router 13km
3rd router 47km from 2nd
4th router 36km from 3rd
5th router 32km from 4th
6th router 7km from 5th
All reboot one after another…and there is no visible reason for this…I think this is hack attack…log says someone is trying to connect via ssh and after 10 minutes router reboots…and after that all routers one by one begin rebooting…I’ve stopped telnet/ftp/ssh/www for now..just left winbox and we’ll see if that was the problem
P.S. is there any way to limit winbox connections to particular mac addresses?
change winbox port in ip services, set up firewall in input chain to drop all connections except for your IP, change ssh port, read the manual about how to protect your router
I’ve done that…no effect for ssh..just disabled it…
I connect through mac address via winbox…
and also I don’t see winbox port in services
there are ftp/telnet/ssh/www/www-ssl
www
done that..no effect connects via winbox without any problems
disabled user admin
added random generated user with 12 symbols
added 64 symbol default password for the new user
disabled services all except winbox…and when I do nmap I see that ports 1720 2000 3986 are open?
why are they open? I don’t see other services that I should close.
you said you use MAC winbox. that’s something completely different. see this page about ports RouterOS uses:
http://www.mikrotik.com/docs/ros/2.9/ip/service
if you done all that i recommended - it is not a hack attack. check for power problems. bring down one of the routers, attach it somewhere else and see if it still reboots
you see…all routers have backup power device … it is NOT power failure I’m sure of that… I have other mikrotik with 2.4Ghz card configured as wds on the same electric chain…and this mikrotik does not reboot…I have not configured any ips for this one and probably that saved it!
it happened again!
16:30 first mikrotik reboots 30 seconds after the second one and so on and so on…
I think you’ll have to post your configs to see if it’s something misconfigured…
Very strange, otherwise…
Best regards,
Christian Meis
I’ve figured out the problem…but I don’t understand why mikrotik depends on system time?
the battery of the bios has gone away and it always shows time of machine export / p3 866Mhz DELL/ nov/02/2000 . and mikrotik just expires when I fix time manually system licence reports 2 years outage , else 8 hours.
how can that be fixed?
send this file to support, we will see what’s wrong:
http://wiki.mikrotik.com/wiki/Supout
exported config…watched it all over twice and nothing wrong…
and now the real reason is not license key…it’s ok…too much traffic goes through the machines…about 20Mbit on P3 866Mhz, can someone tell me what machines should I use for best performance?
your machines are enough for the task
not enough…I use mikrotik just for bridge…I had enabled connection tracking…that was the problem…connection tracking reduces my cpu usage with about 30% and when the first machine reboots next was “attacked” by the big traffic going to it…and so on and so on…just disabled connection tracking and all went fine…for now 
P.S: Thank you for your time…and please accept my appologies if I’d disturbed you with my odd questions