Community discussions

MikroTik App
 
User avatar
Kelalatir
newbie
Topic Author
Posts: 42
Joined: Mon Feb 29, 2016 7:22 pm

Locked out due to vlan filtering

Wed Jul 28, 2021 2:49 am

Hello,

Today I was configuring a new CRS354 48 Port switch following this guide: https://wiki.mikrotik.com/wiki/Manual:I ... s_Ports.29

I was connected to the switch via winbox using the mac-address. I added ethers 1-48 to the appropriate vlans. I setup one of the sfp ports as a trunk port. I had not yet configured an IP address for the device when I reached the point in the guide where it said to turn on vlan filtering. As soon as I turned on vlan filtering, I could not longer connect to the CRS324 through the mac address.

I see the switch has both a management port and a console port. Based on my research, it looks like I could get into the switch with the console port if I can track down a cisco console cable. Is there a way to get back into the switch using the management port, or via some other method besides the console port?

Thank you
 
Cablenut9
Long time Member
Long time Member
Posts: 542
Joined: Fri Jan 08, 2021 5:30 am

Re: Locked out due to vlan filtering

Wed Jul 28, 2021 3:25 am

Try to connect through all the possible VLANs, so that means multiple ports. Other than that, you might be out of luck.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Locked out due to vlan filtering

Wed Jul 28, 2021 4:02 am

This is also a good link........
https://www.youtube.com/watch?v=Rj9aPoyZOPo
 
User avatar
feranmi
just joined
Posts: 14
Joined: Tue Aug 20, 2019 11:11 am
Location: Surulere, Lagos

Re: Locked out due to vlan filtering

Wed Jul 28, 2021 3:33 pm

From the manual of this device, it has a single ethernet port rated has 10/100. Try accessing from that port and continue your cofiguration
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Locked out due to vlan filtering

Wed Jul 28, 2021 4:01 pm

Simply put a pc on MGMT port and use WinBox?
 
User avatar
Kelalatir
newbie
Topic Author
Posts: 42
Joined: Mon Feb 29, 2016 7:22 pm

Re: Locked out due to vlan filtering

Fri Jul 30, 2021 2:59 am

Thank you all for your replies.

@Cablenut9, feranmi, and rextended, I tried accessing the switch from the management port directly and from various ports covering all the vlans, including the sfp trunk port, and was not able to get a response from the switch.

@anav Thank you for the link. I'm going to try the steps in the video the next time I setup a Mikrotik switch.

I feel like i have inadvertently stumbled upon a way to make your switch completely secure, as long as you never need remote access to change anything.

I'm going to try the console port next, I think I can find a cisco serial rj45 console cable around the office.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Locked out due to vlan filtering

Fri Jul 30, 2021 10:30 am

Try on MGMT port winbox over MAC address, put directly the 1ST or the last MAC on the label under the router.
Can eighboor discovery turned off but MAC server still active...
 
User avatar
Kelalatir
newbie
Topic Author
Posts: 42
Joined: Mon Feb 29, 2016 7:22 pm

Re: Locked out due to vlan filtering

Fri Apr 14, 2023 2:29 am

This ticket is way old, but we finally resolved the issue today. No matter what MAC address we tried, we could not get in via winbox. We were able to get access using a cisco console cable. We discovered that our configuration had ether49, which is the management port, listed in the bridge. Once we removed ether49 from the bridge, we were able use winbox while plugged into the management port.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 883
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: Locked out due to vlan filtering

Fri Apr 14, 2023 3:59 am

I'm going to try the console port next, I think I can find a cisco serial rj45 console cable around the office.
The cable must have been well hidden!

Who is online

Users browsing this forum: aoravent, Bing [Bot], donkeyKong, Google [Bot] and 88 guests