Community discussions

MikroTik App
 
adstefnum
just joined
Topic Author
Posts: 1
Joined: Mon May 03, 2021 2:55 am

Locked out of router

Mon May 03, 2021 3:34 am

On the mikrotik router, I logged into the web interface and allowed passwordless use of the wifi but then I wanted to allow my devices alone without setting a password and so I used the user access list. But when I wanted to allow access for everyone again, I removed myself from the user access list before I could disable to option to use user access list. Now I cannot connect to it wirelessly and I can’t currently reach it’s location. What solutions can I do that doesn’t require physical access to the router itself?
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 1458
Joined: Mon Apr 08, 2019 1:16 am

Re: Locked out of router

Mon May 03, 2021 12:58 pm

If not all MAC addresses are removed from the access list ... and you know what that MAC address is ...
... Take a MT router (hAP Lite, mAP Lite, ... any other that you can apply power to), set the WLAN MAC address to the known value, set "station" mode, scan for the SSID and connect.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3895
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Locked out of router

Mon May 03, 2021 2:31 pm

Do you remember to press / set "Safe Mode"?

If you do the same bad habit I see on the forum of disabling MAC Telnet / WinBox on WAN interface...
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7404
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Locked out of router

Tue May 04, 2021 2:35 am

Keep it clear
set MAC SERVER - MAC Telnet Server TO ---> allowed interface=NONE
set MAC SERVER - MAC Winbox Server TO---> allowed interface= home interface or managrrment interface (where you will be accessing winbox from).
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7404
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Locked out of router

Tue May 04, 2021 2:36 am

NO one needs access to the router except the Admin.
Why are you doing otherwise, I dont understand the purpose??

If this is a matter of access to the internet via WIFI it should have no bearing on access to the router????
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3895
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Locked out of router

Tue May 04, 2021 2:42 am

MUST BE a backdoor on WAN side for prevent what's happened.
(If SAFE MODE aren't pressed)
[Obviously not 8291 and not directly opened...]

{For MikroTik Staff: Why not set DEFAULT SAFE MODE on Terminal / WinBox / WebFig / TikiApp? Change must be committed...}
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7404
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Locked out of router

Wed May 05, 2021 5:22 am

rextended the way to do this is reserve one ethernet port on the router with its own subnet and not on any bridge with admin access on the input chain so as to be able to gracefully recover from a config screwup. I do this with my main router AND every capac - I basiclly use eth2 on each capac as a secondary input mechanism not on the bridge of the Capac but able to access the capac.
Saved my bacon many a time.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
kimcuo
just joined
Posts: 3
Joined: Sat Apr 03, 2021 12:25 pm

Re: Locked out of router

Wed May 05, 2021 9:58 am

Hello @adstenfnum
Starting the RouterBOARD in Netinstall mode
OR
Keep holding the button for 5 more seconds until LED turns off, then release it to make the RouterBOARD look for Netinstall servers. You can also simply keep the button pressed until the device shows up in the Netinstall program on Windows.
Read More - https://wiki.mikrotik.com/wiki/Manual:Reset
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3895
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Locked out of router

Wed May 05, 2021 2:42 pm

rextended the way to do this is reserve one ethernet port on the router with its own subnet and not on any bridge with admin access on the input chain so as to be able to gracefully recover from a config screwup. I do this with my main router AND every capac - I basiclly use eth2 on each capac as a secondary input mechanism not on the bridge of the Capac but able to access the capac.
Saved my bacon many a time.
Probably you do not go often over 50 meter pylon/trellis (ehm... put the right word for english here...)
or go away for 200/300km for plug one damn cable on one port...
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3895
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Locked out of router

Wed May 05, 2021 2:46 pm

Hello @adstenfnum
Starting the RouterBOARD in Netinstall mode
OR
Keep holding the button for 5 more seconds until LED turns off, then release it to make the RouterBOARD look for Netinstall servers. You can also simply keep the button pressed until the device shows up in the Netinstall program on Windows.
Read More - https://wiki.mikrotik.com/wiki/Manual:Reset
Nice, you perfectly reply...

-one- Hi, help me please, my car broke down on the highway.
-the other- Well, pick me up at home, I'll take you to the mechanic...
I'm Italian, not English. Sorry for my imperfect grammar.
 
DarkNate
Member
Member
Posts: 327
Joined: Fri Jun 26, 2020 4:37 pm

Re: Locked out of router

Wed May 05, 2021 3:37 pm

This is why I leave the MAC server to run on LAN interfaces. Easy access via L2 that's never affected by L3 changes.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 1458
Joined: Mon Apr 08, 2019 1:16 am

Re: Locked out of router

Wed May 05, 2021 6:19 pm

".... allowed passwordless use of the wifi but then I wanted to allow my devices alone without setting a password and so I used the user access list.... I removed myself from the user access list before I could disable to option to use user access list. Now I cannot connect to it wirelessly and I can’t currently reach it’s location. What solutions can I do that doesn’t require physical access to the router itself?" .... do NETINSTALL . A very big step, there are many in between steps! ( I assume the access list is the "wireless access list", eg. no default authenticate, only authenticate if MAC is in the access list)

No physical access ... what does that mean? But still in the range of the wifi of the device (that allowed you in through that "access list"? If you know any MAC address in that list, then spoofing the MAC address with a (small portable) Mikrotik router is super easy. Just fill in that MAC address and wifi connect as station. You're in.

If you have physical access there is probably an ethernet port that can be used. If not and the MT has a USB connector use a MT Woobm. If not just reset the MT at power on to default config, and reload the config.

NETINSTALL ? Why should it be needed?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7404
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Locked out of router

Wed May 05, 2021 10:58 pm

rextended the way to do this is reserve one ethernet port on the router with its own subnet and not on any bridge with admin access on the input chain so as to be able to gracefully recover from a config screwup. I do this with my main router AND every capac - I basiclly use eth2 on each capac as a secondary input mechanism not on the bridge of the Capac but able to access the capac.
Saved my bacon many a time.
Probably you do not go often over 50 meter pylon/trellis (ehm... put the right word for english here...)
or go away for 200/300km for plug one damn cable on one port...
yes but we are not talking about you living in Sicily trying to fix an AP on the leaning tower of corrupt popes.
The OP is discussing WIFI to his local equipment probably no more than 30 steps LO as the master bpwl pointed out!
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3895
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Locked out of router

Thu May 06, 2021 1:38 am

...we are not talking about you living in Sicily trying to fix an AP on the leaning tower of corrupt popes...
You really have writed this shit?
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7404
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Locked out of router

Thu May 06, 2021 12:49 pm

...we are not talking about you living in Sicily trying to fix an AP on the leaning tower of corrupt popes...
You really have writed this shit?
I have your attention, then the post worked!
It was polite way of saying, take your distance issue and shove it where the sun dont shine because its simply not germane to the ops situation.
Stick to the requirements or I will be all over you like pollution in the Venice Canals (although the water is the cleanest in decades, probably centuries, due to the lack of tourists)
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3895
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Locked out of router

Thu May 06, 2021 2:16 pm

...we are not talking about you living in Sicily trying to fix an AP on the leaning tower of corrupt popes...
You really have writed this shit?
I have your attention, then the post worked!
It was polite way of saying, take your distance issue and shove it where the sun dont shine because its simply not germane to the ops situation.
Stick to the requirements or I will be all over you like pollution in the Venice Canals (although the water is the cleanest in decades, probably centuries, due to the lack of tourists)
Your way of doing things is annoying because you don't just offend me, it can be, but also my country.

After 3 days I think he has solved, or are died, the classic post-and-run user, and there is no point in continuing here.
I'm Italian, not English. Sorry for my imperfect grammar.

Who is online

Users browsing this forum: Baidu [Spider] and 89 guests