Community discussions

MikroTik App
 
adstefnum
just joined
Topic Author
Posts: 1
Joined: Mon May 03, 2021 2:55 am

Locked out of router

Mon May 03, 2021 3:34 am

On the mikrotik router, I logged into the web interface and allowed passwordless use of the wifi but then I wanted to allow my devices alone without setting a password and so I used the user access list. But when I wanted to allow access for everyone again, I removed myself from the user access list before I could disable to option to use user access list. Now I cannot connect to it wirelessly and I can’t currently reach it’s location. What solutions can I do that doesn’t require physical access to the router itself?
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: Locked out of router

Mon May 03, 2021 12:58 pm

If not all MAC addresses are removed from the access list ... and you know what that MAC address is ...
... Take a MT router (hAP Lite, mAP Lite, ... any other that you can apply power to), set the WLAN MAC address to the known value, set "station" mode, scan for the SSID and connect.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Locked out of router

Mon May 03, 2021 2:31 pm

Do you remember to press / set "Safe Mode"?

If you do the same bad habit I see on the forum of disabling MAC Telnet / WinBox on WAN interface...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Locked out of router

Tue May 04, 2021 2:35 am

Keep it clear
set MAC SERVER - MAC Telnet Server TO ---> allowed interface=NONE
set MAC SERVER - MAC Winbox Server TO---> allowed interface= home interface or managrrment interface (where you will be accessing winbox from).
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Locked out of router

Tue May 04, 2021 2:36 am

NO one needs access to the router except the Admin.
Why are you doing otherwise, I dont understand the purpose??

If this is a matter of access to the internet via WIFI it should have no bearing on access to the router????
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Locked out of router

Tue May 04, 2021 2:42 am

MUST BE a backdoor on WAN side for prevent what's happened.
(If SAFE MODE aren't pressed)
[Obviously not 8291 and not directly opened...]

{For MikroTik Staff: Why not set DEFAULT SAFE MODE on Terminal / WinBox / WebFig / TikiApp? Change must be committed...}
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Locked out of router

Wed May 05, 2021 5:22 am

rextended the way to do this is reserve one ethernet port on the router with its own subnet and not on any bridge with admin access on the input chain so as to be able to gracefully recover from a config screwup. I do this with my main router AND every capac - I basiclly use eth2 on each capac as a secondary input mechanism not on the bridge of the Capac but able to access the capac.
Saved my bacon many a time.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Locked out of router

Wed May 05, 2021 2:42 pm

rextended the way to do this is reserve one ethernet port on the router with its own subnet and not on any bridge with admin access on the input chain so as to be able to gracefully recover from a config screwup. I do this with my main router AND every capac - I basiclly use eth2 on each capac as a secondary input mechanism not on the bridge of the Capac but able to access the capac.
Saved my bacon many a time.
Probably you do not go often over 50 meter pylon/trellis (ehm... put the right word for english here...)
or go away for 200/300km for plug one damn cable on one port...
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 997
Joined: Fri Jun 26, 2020 4:37 pm

Re: Locked out of router

Wed May 05, 2021 3:37 pm

This is why I leave the MAC server to run on LAN interfaces. Easy access via L2 that's never affected by L3 changes.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: Locked out of router

Wed May 05, 2021 6:19 pm

".... allowed passwordless use of the wifi but then I wanted to allow my devices alone without setting a password and so I used the user access list.... I removed myself from the user access list before I could disable to option to use user access list. Now I cannot connect to it wirelessly and I can’t currently reach it’s location. What solutions can I do that doesn’t require physical access to the router itself?" .... do NETINSTALL . A very big step, there are many in between steps! ( I assume the access list is the "wireless access list", eg. no default authenticate, only authenticate if MAC is in the access list)

No physical access ... what does that mean? But still in the range of the wifi of the device (that allowed you in through that "access list"? If you know any MAC address in that list, then spoofing the MAC address with a (small portable) Mikrotik router is super easy. Just fill in that MAC address and wifi connect as station. You're in.

If you have physical access there is probably an ethernet port that can be used. If not and the MT has a USB connector use a MT Woobm. If not just reset the MT at power on to default config, and reload the config.

NETINSTALL ? Why should it be needed?

Who is online

Users browsing this forum: Ahrefs [Bot], lurker888, Scoox, wojtag and 36 guests