The device is mAP lite.
I've updated ROS and firmware. Then proceeded to trying to configure wireless bridge.
Some articles suggested to reset configuration of the router with "No Default" option enabled. I've done that.
This made the device inaccessible through wifi. Ok, I've connected with ethernet and was able to get into ROS.
Before trying anything else, I've tried to understand how to get the original factory configuration back. And it fails every time.
If I use Reset Configuration without any options enabled - it doesn't change anything, and WLAN stays disabled. Also there is no DHCP servers in configuration.
If I hold Reset button on device for 5 seconds - upon connection ROS says that "default configuration has been installed" and even allows to view a script that does this. In this script I can see DHCP server from the factory defaults, among many other lines. There are buttons Remove configuration and OK. I don't really understand what these buttons do. Was the configuration already installed and this can be reverted by pressing Remove configuration or do I need to press Remove configuration in order for newly installed configuration to be applied? In these cases I'd name the button either "Revert to original cfg" or "Accept new cfg".
Anyway, I can see that pressing either button does not change anything in ROS configuration - the WLAN is still disabled and there are no DHCP servers. If I go to Terminal and execute "export", it'll return less than 10 lines with some very basic config. The script I mentioned contained more than 100 lines for sure.
I've also tried reinstalling latest ROS by dropping the .npk file. But seems like it's being ignored, as I don't notice a delay on device reboot.
Am I missing something?
Re: Unable to return to default configuration
It might be that the script that restores the configuration has a bug, or the firmware it not initializing properly. For instance, the script posted below tries 40 times to find the wireless interfaces, and they might take more time to initialize than this...
You can try to understand what is going on by printing yout default configuration script.
The one I see is in a mAP Lite is (they depend on model and release, so yours might be different):
Also, on first login after a "reset to defaults" the log will tell you what went wrong.
As you can see in the configuration script above, the script willl /quit in two cases:
* when it can't find an ethernet
* when it can't find the wlan interface, this time it leaves ether1 configured as 192.168.88.1/24 but no dhcp
So what you observed can be due to a wlan that refuses to initialize. Once I saw a mAP Lite reboot loosing the wireless, and I had to power it off to properly reset it, as further reboots would make no difference. It might be a transient problem like this, no idea.
If you can get a command line you can apply configuration by opening brackets "{" and pasting by hand relevant expressions from the script I posted above, with whatever modifications you need. It is tricky, but doable for complicated configurations.
You can try to understand what is going on by printing yout default configuration script.
Code: Select all
:put [/system default-configuration get script ]
Code: Select all
:global ssid;
#| RouterMode:
#| * WAN port is protected by firewall and enabled DHCP client
#| * Wireless and Ethernet interfaces (except WAN port/s)
#| are part of LAN bridge
#| LAN Configuration:
#| IP address 192.168.88.1/24 is set on bridge (LAN port)
#| DHCP Server: enabled;
#| DNS: enabled;
#| wlan1 Configuration:
#| mode: ap-bridge;
#| band: 2ghz-b/g/n;
#| tx-chains: 0;1;
#| rx-chains: 0;1;
#| installation: indoor;
#| ht-extension: 20/40mhz-XX;
#| WAN (gateway) Configuration:
#| gateway: ether1 ;
#| ip4 firewall: enabled;
#| ip6 firewall: enabled;
#| NAT: enabled;
#| DHCP Client: enabled;
:global defconfMode;
:log info Starting_defconf_script_;
#-------------------------------------------------------------------------------
# Apply configuration.
# these commands are executed after installation or configuration reset
#-------------------------------------------------------------------------------
:if ($action = "apply") do={
# wait for interfaces
:local count 0;
:while ([/interface ethernet find] = "") do={
:if ($count = 30) do={
:log warning "DefConf: Unable to find ethernet interfaces";
/quit;
}
:delay 1s; :set count ($count +1);
};
:local count 0;
:while ([/interface wireless print count-only] < 1) do={
:set count ($count +1);
:if ($count = 40) do={
:log warning "DefConf: Unable to find wireless interface(s)";
/ip address add address=192.168.88.1/24 interface=ether1 comment="defconf";
/quit
}
:delay 1s;
};
/interface list add name=WAN comment="defconf"
/interface list add name=LAN comment="defconf"
/interface bridge
add name=bridge disabled=no auto-mac=yes protocol-mode=rstp comment=defconf;
:local bMACIsSet 0;
:foreach k in=[/interface find where !(slave=yes || name="ether1" || name~"bridge")] do={
:local tmpPortName [/interface get $k name];
:log info "port: $tmpPortName"
:if ($bMACIsSet = 0) do={
:if ([/interface get $k type] = "ether") do={
/interface bridge set "bridge" auto-mac=no admin-mac=[/interface ethernet get $tmpPortName mac-address];
:set bMACIsSet 1;
}
}
/interface bridge port
add bridge=bridge interface=$tmpPortName comment=defconf;
}
/ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254;
/ip dhcp-server
add name=defconf address-pool="default-dhcp" interface=bridge lease-time=10m disabled=no;
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1 comment="defconf";
/ip address add address=192.168.88.1/24 interface=bridge comment="defconf";
/ip dns {
set allow-remote-requests=yes
static add name=router.lan address=192.168.88.1 comment=defconf
}
/interface wireless {
set wlan1 mode=ap-bridge band=2ghz-b/g/n disabled=no wireless-protocol=802.11 \
distance=indoors installation=indoor
set wlan1 channel-width=20/40mhz-XX;
set wlan1 frequency=auto
:local wlanMac [/interface wireless get wlan1 mac-address];
:set ssid "MikroTik-$[:pick $wlanMac 9 11]$[:pick $wlanMac 12 14]$[:pick $wlanMac 15 17]"
set wlan1 ssid=$ssid
}
/ip dhcp-client add interface=ether1 disabled=no comment="defconf";
/interface list member add list=LAN interface=bridge comment="defconf"
/interface list member add list=WAN interface=ether1 comment="defconf"
/ip firewall nat add chain=srcnat out-interface-list=WAN ipsec-policy=out,none action=masquerade comment="defconf: masquerade"
/ip firewall {
filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
filter add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"
filter add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
filter add chain=input action=accept dst-address=127.0.0.1 comment="defconf: accept to local loopback (for CAPsMAN)"
filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept in ipsec policy"
filter add chain=forward action=accept ipsec-policy=out,ipsec comment="defconf: accept out ipsec policy"
filter add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"
filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related, untracked"
filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
filter add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN comment="defconf: drop all from WAN not DSTNATed"
}
/ipv6 firewall {
address-list add list=bad_ipv6 address=::/128 comment="defconf: unspecified address"
address-list add list=bad_ipv6 address=::1 comment="defconf: lo"
address-list add list=bad_ipv6 address=fec0::/10 comment="defconf: site-local"
address-list add list=bad_ipv6 address=::ffff:0:0/96 comment="defconf: ipv4-mapped"
address-list add list=bad_ipv6 address=::/96 comment="defconf: ipv4 compat"
address-list add list=bad_ipv6 address=100::/64 comment="defconf: discard only "
address-list add list=bad_ipv6 address=2001:db8::/32 comment="defconf: documentation"
address-list add list=bad_ipv6 address=2001:10::/28 comment="defconf: ORCHID"
address-list add list=bad_ipv6 address=3ffe::/16 comment="defconf: 6bone"
address-list add list=bad_ipv6 address=::224.0.0.0/100 comment="defconf: other"
address-list add list=bad_ipv6 address=::127.0.0.0/104 comment="defconf: other"
address-list add list=bad_ipv6 address=::/104 comment="defconf: other"
address-list add list=bad_ipv6 address=::255.0.0.0/104 comment="defconf: other"
filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
filter add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"
filter add chain=input action=accept protocol=icmpv6 comment="defconf: accept ICMPv6"
filter add chain=input action=accept protocol=udp port=33434-33534 comment="defconf: accept UDP traceroute"
filter add chain=input action=accept protocol=udp dst-port=546 src-address=fe80::/10 comment="defconf: accept DHCPv6-Client prefix delegation."
filter add chain=input action=accept protocol=udp dst-port=500,4500 comment="defconf: accept IKE"
filter add chain=input action=accept protocol=ipsec-ah comment="defconf: accept ipsec AH"
filter add chain=input action=accept protocol=ipsec-esp comment="defconf: accept ipsec ESP"
filter add chain=input action=accept ipsec-policy=in,ipsec comment="defconf: accept all that matches ipsec policy"
filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop everything else not coming from LAN"
filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
filter add chain=forward action=drop src-address-list=bad_ipv6 comment="defconf: drop packets with bad src ipv6"
filter add chain=forward action=drop dst-address-list=bad_ipv6 comment="defconf: drop packets with bad dst ipv6"
filter add chain=forward action=drop protocol=icmpv6 hop-limit=equal:1 comment="defconf: rfc4890 drop hop-limit=1"
filter add chain=forward action=accept protocol=icmpv6 comment="defconf: accept ICMPv6"
filter add chain=forward action=accept protocol=139 comment="defconf: accept HIP"
filter add chain=forward action=accept protocol=udp dst-port=500,4500 comment="defconf: accept IKE"
filter add chain=forward action=accept protocol=ipsec-ah comment="defconf: accept ipsec AH"
filter add chain=forward action=accept protocol=ipsec-esp comment="defconf: accept ipsec ESP"
filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept all that matches ipsec policy"
filter add chain=forward action=drop in-interface-list=!LAN comment="defconf: drop everything else not coming from LAN"
}
/ip neighbor discovery-settings set discover-interface-list=LAN
/tool mac-server set allowed-interface-list=LAN
/tool mac-server mac-winbox set allowed-interface-list=LAN
}
#-------------------------------------------------------------------------------
# Revert configuration.
# these commands are executed if user requests to remove default configuration
#-------------------------------------------------------------------------------
:if ($action = "revert") do={
/user set admin password=""
/system routerboard mode-button set enabled=no
/system routerboard mode-button set on-event=""
/system script remove [find comment~"defconf"]
/ip firewall filter remove [find comment~"defconf"]
/ipv6 firewall filter remove [find comment~"defconf"]
/ipv6 firewall address-list remove [find comment~"defconf"]
/ip firewall nat remove [find comment~"defconf"]
/interface list member remove [find comment~"defconf"]
/interface detect-internet set detect-interface-list=none
/interface detect-internet set lan-interface-list=none
/interface detect-internet set wan-interface-list=none
/interface detect-internet set internet-interface-list=none
/interface list remove [find comment~"defconf"]
/tool mac-server set allowed-interface-list=all
/tool mac-server mac-winbox set allowed-interface-list=all
/ip neighbor discovery-settings set discover-interface-list=!dynamic
:local o [/ip dhcp-server network find comment="defconf"]
:if ([:len $o] != 0) do={ /ip dhcp-server network remove $o }
:local o [/ip dhcp-server find name="defconf" !disabled]
:if ([:len $o] != 0) do={ /ip dhcp-server remove $o }
/ip pool {
:local o [find name="default-dhcp" ranges=192.168.88.10-192.168.88.254]
:if ([:len $o] != 0) do={ remove $o }
}
:local o [/ip dhcp-client find comment="defconf"]
:if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
/ip dns {
set allow-remote-requests=no
:local o [static find comment="defconf"]
:if ([:len $o] != 0) do={ static remove $o }
}
/ip address {
:local o [find comment="defconf"]
:if ([:len $o] != 0) do={ remove $o }
}
:foreach iface in=[/interface ethernet find] do={
/interface ethernet set $iface name=[get $iface default-name]
}
/interface bridge port remove [find comment="defconf"]
/interface bridge remove [find comment="defconf"]
/interface wireless cap set enabled=no interfaces="" caps-man-addresses=""
/interface wireless reset-configuration wlan1
/caps-man manager set enabled=no
/caps-man manager interface remove [find comment="defconf"]
/caps-man manager interface set [ find default=yes ] forbid=no
/caps-man provisioning remove [find comment="defconf"]
/caps-man configuration remove [find comment="defconf"]
}
:log info Defconf_script_finished;
:set defconfMode;
:set ssid;
As you can see in the configuration script above, the script willl /quit in two cases:
* when it can't find an ethernet
* when it can't find the wlan interface, this time it leaves ether1 configured as 192.168.88.1/24 but no dhcp
So what you observed can be due to a wlan that refuses to initialize. Once I saw a mAP Lite reboot loosing the wireless, and I had to power it off to properly reset it, as further reboots would make no difference. It might be a transient problem like this, no idea.
If you can get a command line you can apply configuration by opening brackets "{" and pasting by hand relevant expressions from the script I posted above, with whatever modifications you need. It is tricky, but doable for complicated configurations.
Who is online
Users browsing this forum: No registered users and 50 guests