Community discussions

 
MrGreg
just joined
Topic Author
Posts: 20
Joined: Thu Mar 08, 2018 3:43 pm

Locked out of 2 routers!

Sun Aug 04, 2019 10:37 pm

Hi Everyone,

Home - RB2011Ui - RouterOS 6.45.2 - WinBox 3.18 - IP 192.168.88.1
Work - CCR1016-12G - RouterOS 6.45.2 WinBox 3.18 - IP 192.168.0.1

I have managed to lock myself out of 2 routers. Both are fully functional. IP addresses are being assigned, Internet is working. Everything looks good when I run ipconfig. However I cannot ping either router. This means that I cannot login via WinBox. I should also mention the routers are not showing up under the Neighbors tab either. However I ran Advanced IP scanner at home and it does find the routers IP and Mac Address. I tried to manually enter the Mac Address and login via WinBox but no joy. Let me explain what happened in both cases.

On the Home unit, I made a change to my wireless settings via Quick Set. I think I had the wrong mode selected. I think I made the change under mode CPE when I should of been using HomeAP mode. I applied my changes and thought all was well. Once I logged off, I can no longer login.

On the Work unit, I was working on a dual wan setup. I was trying to start over and clean up the routes for the secondary wan. I removed the network cable from secondary wan ether2. However I could not remove the routes. So I looked at the Address List entries. I noticed that I had 2 that were the same except for the interface. They both had an address of 192.168.0.1/24 and network of 192.168.0.0. The first one had an interface of bridge and the second of ether2. I removed the second one with the ether2 interface since this is the interface that connect to my secondary wan device. I still was not able to remove the routes for the secondary wan ether2. So I decided to reboot the router to see if they would go away. Once again just like the home unit, I can no longer login.

I suspect in both cases that I have lost the default lan route with gateway of bridge and Preferred Source of router IP. Perhaps the Address List entry for lan bridge as well.

Both of these routers have the LCD touch screen. On the home unit, I tried to enter an address of 192.168.88.1/24 on a spare ether interface. I cannot find a way to make the interface bridge from the touch screen interface. This did not fix my problem. Is there anything I can do from the touch screen to fix this? The work unit has a serial interface. Do I have to use it?

I can do a reset on the home unit if necessary because it is pretty much stock. However the work unit has been customized quite a bit so I really do not want to reset it. Any help would be greatly appreciated! Thanks for the support...
 
Sob
Forum Guru
Forum Guru
Posts: 4527
Joined: Mon Apr 20, 2009 9:11 pm

Re: Locked out of 2 routers!

Sun Aug 04, 2019 11:05 pm

I don't know what's possible with touch screen, but if you can connect using serial port, you're good. Command line is less intuitive than WinBox, but config structure is the same, so it shouldn't be too hard to either find what's wrong, or add some temporary address to free interface, firewall exception, etc... and then connect with WinBox and fix the rest.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
MrGreg
just joined
Topic Author
Posts: 20
Joined: Thu Mar 08, 2018 3:43 pm

Re: Locked out of 2 routers!

Sun Aug 04, 2019 11:45 pm

Hi SOB,

Thanks for your reply. The touch screen does allow me to add addresses to any interface except bridge. What I do not no is whether it will also create a route for an added address. https://wiki.mikrotik.com/wiki/Manual:L ... figuration. Can you suggest a fix using the touch screen?

As I stated, the work unit does have a serial RJ45 console port. However I am not familiar with it. I have found this document https://wiki.mikrotik.com/wiki/Serial_Port_Usage. However it seems to require preparations which require access to the RouterOS which I do not have. The three options for access in the document all require access to the RouterOS for configuration. Can you shed some light on how I can use the console port to gain access? Thanks for your support...
 
Sob
Forum Guru
Forum Guru
Posts: 4527
Joined: Mon Apr 20, 2009 9:11 pm

Re: Locked out of 2 routers!

Mon Aug 05, 2019 12:00 am

Connected route is created automatically. So if you have unused port, add address to it that you don't use anywhere else, so it won't conflict (192.168.88.1/24 is not good choice if it's already on bridge, use e.g. 192.168.99.1/24 if it's not anywhere), then connect your PC/laptop/whatever to this port with manually configured 192.168.99.x/24 and hopefully you'll be able to connect.

Serial port should be used by console by default (that's what you need), and changes should only be required if you want to use it for something else.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
wrkq
newbie
Posts: 42
Joined: Mon Jul 29, 2019 10:59 pm

Re: Locked out of 2 routers!

Mon Aug 05, 2019 12:07 am

Hey.

Serial port is direct access, any IP settings etc, don't matter.
If you connect your PC to serial port, open serial terminal at the right speed (usually 115200 but not on all models), and press enter in the terminal, you will see a RouterOS username prompt immediately.
It is possible to disable the serial console but it's not easy and not something you'd do by accident.

PS. After initial "first run setup" it's better to not use QuickSet, only the "full" webfig/winbox/CLI interface.
Otherwise there's a big chance quickset will mess up other parts of the config.
 
MrGreg
just joined
Topic Author
Posts: 20
Joined: Thu Mar 08, 2018 3:43 pm

Re: Locked out of 2 routers!

Mon Aug 05, 2019 12:08 am

Thanks SOB! That is just what I was looking for. I am not home now but I am on my way. I will use the LCD screen to add 192.168.99.1/24 on an unused port. The do a manual config on my pc as you suggest. I will let you know what happens...
 
MrGreg
just joined
Topic Author
Posts: 20
Joined: Thu Mar 08, 2018 3:43 pm

Re: Locked out of 2 routers!

Mon Aug 05, 2019 1:55 am

Hi sob and wrkq,

Sob, that did not work for me on my home unit. I did exactly as you said. New address 192.168.99.1/24 on spare ether4. Then set a static on my pc of 192.168.99.10 with subnet 255.255.255.0 and gateway 192.168.99.1. The connect the nic cable to ether4 and PC. ipconfig looks good but unfortunately ping 192.168.99.1 is not reachable and therefor no WinBox login. I will try the same on the work router tomorrow. Any other ideas? If not I will have to reset the home unit because it does not have a serial console port.

wrkq, for the work unit with the serial console, if the above does not get me in, I will use putty to try and connect. Do I need a crossover network cable? Thanks both of you for your support.
 
wrkq
newbie
Posts: 42
Joined: Mon Jul 29, 2019 10:59 pm

Re: Locked out of 2 routers!

Mon Aug 05, 2019 2:23 am

If your device has an RJ45 serial port, you need a cable with RJ45 plug on one end, and 9-pin serial port plug on the other.
If you ask around for a "Cisco serial cable" or generally "RJ45 to serial cable" you can find one easily - just about everyone in the networking business follows the same wiring standard as originally slapped together by Cisco.
https://webobjects2.cdw.com/is/image/CDW/3718050
https://community.cisco.com/legacyfs/on ... ecable.jpg

If your device has the standard serial port, you will most probably need a "null-modem serial cable" - the equivalent of cross-over ethernet cable, with Rx wired to Tx and vice versa.
With female plugs on both ends instead of male on one and female on the other.
https://webobjects2.cdw.com/is/image/CDW/3575479

You will also need a 9-pin serial port in your PC, which tend to be kinda rare nowadays, but a basic USB-serial adapter can be had for ten bucks.
(If you can find out what chip a particular cheap ebay adapter is based on, choose one based on FT232 over the ones based on PL2303 - tends to work better).
https://webobjects2.cdw.com/is/image/CDW/324158
https://c1.neweggimages.com/ProductImag ... 964-06.jpg

After you plug in the USB converter (and install driver) check Windows Device Manager for the COMxx number that got assigned to the new serial port.
Switch Putty to serial mode, enter that COMxx (e.g. COM4) and 115200 for speed, and if you get the blank terminal window instead of some initialization error, hit Enter.
RouterOS will announce its version and ask you for username, then password.
(If you will see some junk, restart putty and try different speeds - but MT typically uses 115200).

PS. If your devices have USB port, yet another option might be plugging a Woobm into it, and connecting through Woobm.
https://mikrotik.com/product/woobm
 
MrGreg
just joined
Topic Author
Posts: 20
Joined: Thu Mar 08, 2018 3:43 pm

Re: Locked out of 2 routers!

Mon Aug 05, 2019 3:02 am

wrkg,

Thanks for spending your time on this. My device has an RJ45 serial port for console access. With that being said. I wonder if I could use a crossover network cable with software. I found this https://www.virtual-serial-port.org/art ... net-tools/. What do you think?
 
Sob
Forum Guru
Forum Guru
Posts: 4527
Joined: Mon Apr 20, 2009 9:11 pm

Re: Locked out of 2 routers!

Mon Aug 05, 2019 3:08 am

Nope, that's completely different thing. Even if it has confusing RJ45 port, it has nothing to do with network, don't plug it there.

About the home device, it's possible that it's something with firewall. You can't get into that using LCD, can you? Connection to MAC address doesn't work either, I guess?
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
wrkq
newbie
Posts: 42
Joined: Mon Jul 29, 2019 10:59 pm

Re: Locked out of 2 routers!

Mon Aug 05, 2019 3:19 am

No, you can't.
The port has RJ45 shape (technically "8P8C shape" because RJ45 is a telecom wiring standard for phone cables, just the name got stuck in common speak).
But the electrical signals on it are not Ethernet, they are RS232.

If you plug it into a network interface in a PC or a switch it'll just tell you "the cable is not connected" because there'll be no recognizable Ethernet signal on the wires.
Same deal if you'd have an RJ45 port running analog phone or ISDN phone - plug may fit but it's not Ethernet so computer won't recognize it.
(And if you're super unlucky something may burn because most of those other technologies tend to use higher voltages than Ethernet).

https://en.wikipedia.org/wiki/Modular_connector#8P8C
https://en.wikipedia.org/wiki/TIA/EIA-5 ... ermination
https://en.wikipedia.org/wiki/RS-232
https://wiki.mikrotik.com/images/3/3a/R ... ut.gif.png
 
MrGreg
just joined
Topic Author
Posts: 20
Joined: Thu Mar 08, 2018 3:43 pm

Re: Locked out of 2 routers!

Mon Aug 05, 2019 3:56 am

Hey guys, sob the firewall is not accessible via the LCD. I cannot access the device via mac address either. As I stated earlier the device does not even show up under the Neighbors tab in WinBox. It is looking like a reset is inevitable. Not a big deal because it is pretty much a stock box.

As for the work box it is this one https://mikrotik.com/product/CCR1016-12G. As you can see it has the RJ45 serial port for console access. sob are you saying this port is not for terminal access? wrkg, it looks like the serial over ethernet software is a no go. I will come up with a RJ45 to serial cable. I have an older workstation that has a serial port on it. So no problem there.

Guys, I am wondering if ether12 can help me out. It is labeled as Boot. I know this port can be used for NetInstall "https://wiki.mikrotik.com/wiki/Manual:Netinstall but can it help me get into the box to resolve this issue? Thanks...
 
Sob
Forum Guru
Forum Guru
Posts: 4527
Joined: Mon Apr 20, 2009 9:11 pm

Re: Locked out of 2 routers!

Mon Aug 05, 2019 6:09 am

No, I'm saying that if you get the right serial cable, it should work. I understood you previous post as that you wanted to connect ethernet there and then use some software for virtual serial port to access, that would not work.

I don't know this exact device, if there's anything special about ether12, but I guess not.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
dnordenberg
just joined
Posts: 23
Joined: Wed Feb 24, 2016 8:00 pm

Re: Locked out of 2 routers!

Mon Aug 05, 2019 10:52 am

This is a bug of 6.45, it has happened to my with three different units. Factory default and rolling back 6.44 has been the solution it my cases. You can know for sure it really is a bug when the MAC addressing based connection in winbox also stops working, then it simply isn't an IP config issue :(
 
MrGreg
just joined
Topic Author
Posts: 20
Joined: Thu Mar 08, 2018 3:43 pm

Re: Locked out of 2 routers!

Tue Aug 06, 2019 4:33 am

Hi folks,

I thought I would update this topic...

dnordenberg - Thanks for your post. That is very interesting indeed. I am wondering if you can recall what changes you made to the 3 units that you were locked out of? Have you emailed support about this problem?

sob - On the work unit, I tried the same attempt as the home unit. Assigned an address via the touch screen and a static on a laptop. Unfortunately the result was the same. I was hoping it might work since I did it on ether2 which is not a part of the bridge. The home unit has all ports on the bridge except ether1 wan port.

sob and wrkq - I found a serial cable in the original box. It is a Cisco style with RJ45 on one end DB9 female on the other. However when I look at my unit (CCR1016-12G), it has a DB9 male connector console port. Yesterday, I was fooled by the gallery pics. I have Rev. 1 and the gallery pics on the products page are for Rev. 2. What a kick in the pants that the device was shipped with a Cisco style console cable for Rev. 2 when the device in the box is Rev. 1. So what I need is a serial null modem cable with female on both ends. I picked one up this evening. I will try and connect with a laptop tomorrow.

sob - If I get in via the console tomorrow, I will try and figure out what is wrong. If I cannot figure out the problem, I would like to post some details using print. What would you like to see? How can I output to a file instead of the terminal window? Can you please provide the commands to generate everything you would like to see?

Thanks to all for your support...
Last edited by MrGreg on Tue Aug 06, 2019 5:25 am, edited 1 time in total.
 
wrkq
newbie
Posts: 42
Joined: Mon Jul 29, 2019 10:59 pm

Re: Locked out of 2 routers!

Tue Aug 06, 2019 5:24 am

Honestly, seeing some other support posts around here, it's a pleasure to work with you - even if you're not familiar with some things, you're patient and very keen to understand.
Not just "no worky, give me magic spells to fix!".
That said, mega bummer with the mismatched cable. Sorry you ran into that. :(

After you log in to the CLI, just do
/export hide-sensitive
and plain text config should spill into the terminal.
Then you can right-click Putty's title bar, "Copy All To Clipboard", and paste to Notepad or your favourite plain-text editor for any cleanup.
Consider redacting things like device serial and license numbers, any public IPs, company/etc names in comments to preserve your privacy.

Then paste the rest in here between [ code ] ... [ /code ] tags.
 
MrGreg
just joined
Topic Author
Posts: 20
Joined: Thu Mar 08, 2018 3:43 pm

Re: Locked out of 2 routers!

Tue Aug 06, 2019 5:45 am

Thanks wrkq,

I really need to learn more about the CLI commands. All of the online manual pages are written with CLI examples. Also most folks that really know the RouterOS, seem to use the CLI exclusively. Will the /export hide-sensitive command export everything (i.e. routing table, address list, etc.)? Or do I have to do this...

[admin@MikroTik] ip route > export hide-sensitive
[admin@MikroTik] ip address > export hide-sensitive
[admin@MikroTik] ip firewall > export hide-sensitive
etc...
 
Sob
Forum Guru
Forum Guru
Posts: 4527
Joined: Mon Apr 20, 2009 9:11 pm

Re: Locked out of 2 routers!

Tue Aug 06, 2019 6:01 am

Config is hierarchical, same way how folders on disk are. So if you do /export (with "/" indicating root), it exports everything. If you need only some part, add prefix (e.g. "/ip route export").

And I don't think most people use CLI. It's just that even small part of config that can be expressed with few text lines would require several screenshots otherwise. And both CLI and GUI have same structure, so it's easy to read text config and add it using WinBox/WebFig.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
MrGreg
just joined
Topic Author
Posts: 20
Joined: Thu Mar 08, 2018 3:43 pm

Re: Locked out of 2 routers!

Tue Aug 06, 2019 6:19 am

Thanks sob. I understand. Your comments about CLI vs GUI makes perfect sense as well. If I cannot solve this problem tomorrow, I will export everything and post it. Excluding sensitive material of course.
 
MrGreg
just joined
Topic Author
Posts: 20
Joined: Thu Mar 08, 2018 3:43 pm

Re: Locked out of 2 routers!

Wed Aug 07, 2019 9:39 pm

Hi Sob and wrkq,

I have good news! I have fixed the work router! The console port rules! So do you guys because without you, I would of never been able to fix the device.

I should actually be calling work router, client site router. I am an IT tech. I should also mention that I have another client site with the same device and a very similar config. That was very helpful in resolving the issue. Let me explain how I fixed it.

I was able to get in via the console port with my null modem cable. I checked the config of the serial port on my other clients device which was helpful. Here are the settings for the server com port and Putty.

Baud Rate - 115200 (thanks wrkq)
Data Bits - 8
Parity - none
Stop Bits - 1
Flow Control - none

FYI, I will change the router serial console port Baud Rate from auto to 115200 since that what worked for me. I will also have the owner of the company purchase a longer null modem cable. I will leave it connected to the server at all times. This way if I mess up again, I can get back in. :wink:

I will explain the reproducible problem and how I caused it. The problem was directly related to changes I had made to Address List and Firewall entries and the use of Quick Set. I know I said that I did not use Quick Set on the work unit, but I am now sure that I did. Sorry for the misinformation guys.

To accommodate my dual wan setup, I made changes to the firewall. I created Interface List entries (wan - ether1,ether2) and (lan - bridge). I changed firewall entries to use wan and lan Interface Lists. I changed the Local Network Address List entry from (ether2) to (bridge). This config was working perfectly until I used Quick Set. I did not make any changes but I must of clicked the OK button before closing out. This caused the problem. Here is why.

Quick Set creates an Address List entry for the Local Network settings. It uses (ether2) by default. I then had 2 Address List entries for Local Network. One with Interface (bridge) the other with (ether2). It also changed my Interface List entries. I found that lan was now pointing to (ether2). I also had a rouge entry with no List Name and interface of (bridge). Of course I had no idea this was occurring. I think the fatal blow is when I deleted the Address List entry for Local Network with Interface (ether2). This broke the Firewall.

I was able to fix everything via the console. The export command made it all possible. Thanks guys! I decided to make the Interface for Local Network Address List entry (ether2). This way if Quick Set is ever used again, it will not mess things up. I cleaned up the Rouge entry in the Interface List and changed lan back to bridge. I will now use (ether12) for the secondary wan.

I am sure a similar thing has occurred on my home device. I also made wan and lan Interface Lists and changed the firewall rules and made changes using Quick Set. Unfortunately I do not have a console port on the home device. I do not think there is any way to boot the device with the firewall disabled. So I will have to do a reset.

I am sure that I will have some questions about my dual wan setup in the near future. Please look for my topic.

Helping folks out on the forums is not an easy thing to do and can be very time consuming. I thank you both for donating your time and your patience...
 
Sob
Forum Guru
Forum Guru
Posts: 4527
Joined: Mon Apr 20, 2009 9:11 pm

Re: Locked out of 2 routers!

Wed Aug 07, 2019 10:00 pm

Congratulations.

Quick Set is dangerous. If you can do everything using only Quick Set, it's fine. But once you touch anything outside of Quick Set, better forget that it exists. You'll find out that it doesn't really do much anyway, the config it creates is short and simple.

Btw, when doing dangerous changes, there's also Safe Mode.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
wrkq
newbie
Posts: 42
Joined: Mon Jul 29, 2019 10:59 pm

Re: Locked out of 2 routers!

Wed Aug 07, 2019 11:02 pm

Woot!
Congrats on resolving it - and well, you know, the only IT tech who never broke something is one who never really did any work. :)

If you'll ever have a chance to get one of these as a "lab", play with them to get more familiar with the various setups.
The nice thing about RouterOS is that it's the same* look'n'feel all across the product line, from the smallest to the biggest.
(* as long as we ignore the submenu that's specific to hardware switch chips on some models.)

Also, two good things to have is a full backup (/system backup save name=mydevice.backup) and a text export (/export file=mydevice.rsc) saved externally on a PC - you can download them via winbox, webfig, or ftp.

Then if worst happens, you can always do a device reset or netinstall (netinstall is sometimes a recommended troubleshooting step because it actually is equivalent of formatting the hard disk and installed OS afresh) then reload the config.

Now stupid question - if your home RB2011 is really an U-variant, it should have an RJ45 console port in the back... doesn't it?
If not I guess your two options are the Woobm USB stick or a reset, unfortunately.

PS. +1 to the "don't use Quickset other than maaaaybe for first-run-config out of the box" opinion.
 
MrGreg
just joined
Topic Author
Posts: 20
Joined: Thu Mar 08, 2018 3:43 pm

Re: Locked out of 2 routers!

Thu Aug 08, 2019 2:57 am

Thanks guys!

wrkq, I will be dipped in shit! You are correct! I have an RJ45 serial on the back of my device. Thanks for pointing that out! Now here is the super cool thing. I got the wrong cable on both of my client site units, but it is the correct Cisco style cable for my home unit. I will grab one tomorrow and fix up my home device. Honestly, it would be so easy to do a reset cause it is basically box stock. But then I do not learn a damn thing. I will let you know how I make out. Once again thanks to you both for your OUTSTANDING support!!!!!!
 
Sob
Forum Guru
Forum Guru
Posts: 4527
Joined: Mon Apr 20, 2009 9:11 pm

Re: Locked out of 2 routers!

Thu Aug 08, 2019 5:00 am

If you'll ever have a chance to get one of these as a "lab", play with them to get more familiar with the various setups.
You can have as many as you want with CHR (RouterOS for virtual machines). Get free VirtualBox or VMware Player, CHR is also free (with limited speed), you can create virtual networks and test almost anything you want (except wireless).
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
MrGreg
just joined
Topic Author
Posts: 20
Joined: Thu Mar 08, 2018 3:43 pm

Re: Locked out of 2 routers!

Thu Aug 08, 2019 5:11 am

I have worked with many routers over my years. I will just say that I have never ever seen any other that even comes close to the Mikrotik product line. It is not just the OS but the hardware. They will run circles around Sonicwall devices for a fraction of the price. There is nothing that you cannot do with a MIK!!!

Hey sob, I will be working at both sites with the dual wan setup. I am going to need some help. I have it kind of working but I am not happy with it. I will create a new topic very soon. Thanks again...
 
pe1chl
Forum Guru
Forum Guru
Posts: 5700
Joined: Mon Jun 08, 2015 12:09 pm

Re: Locked out of 2 routers!

Thu Aug 08, 2019 11:32 am

There is nothing that you cannot do with a MIK!!!
I would not claim that...
Explain me how to do 2 ISP uplinks with policy routing in IPv6.
"easy" to do in IPv4 (once you understand all the pitfalls) but impossible in IPv6 because essential features like "ipv6 route rule" and routing-mark in IPv6 mangle rules are missing.
 
sindy
Forum Guru
Forum Guru
Posts: 3803
Joined: Mon Dec 04, 2017 9:19 pm

Re: Locked out of 2 routers!

Thu Aug 08, 2019 12:26 pm

I would not claim that...
Yeah... what (censored) me most is that one of the largest resellers keeps declaring full support of IPv6 to be available on Tik. Needed a DHCPv6 server for end hosts, ended up with OpenWRT :(

However, with or without Mikrotik - unless you had NAT in IPv6, I can't imagine a dual-wan setup via two ISPs unless the two would help you in this or allow you to use BGP. Do you have any idea here?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5700
Joined: Mon Jun 08, 2015 12:09 pm

Re: Locked out of 2 routers!

Thu Aug 08, 2019 3:14 pm

It would help to have NAT (prefix translation) but even with only policy routing we could use one ISP for the LAN and the other ISP for the public WiFi, for example.
Now all IPv6 has to be done via one single ISP and the IPv4 can be balanced and failed-over.
The only thing I have now is disabled default route and local IPv6 network addresses for the second provider, that I can enable when the first one has an extended outage.
If outages would be frequent I could write a script for that.
Other than static routes for specific things for which the traffic originates from the router itself (like a DNS resolver or some tunnel) there is nothing I can do to use both provider's IPv6.

THIS IS BAD! However, when I asked MikroTIk they say that IPv6 support is not so widely asked by their clients that it would be high-priority to fix that.
(I guess this is a vicious circle because not providing such facilities you lose the customers from areas where IPv6 is in demand, and those 3rd world WISP customers won't ask for it)
 
sindy
Forum Guru
Forum Guru
Posts: 3803
Joined: Mon Dec 04, 2017 9:19 pm

Re: Locked out of 2 routers!

Thu Aug 08, 2019 4:27 pm

those 3rd world WISP customers won't ask for it
I'd say it's not so much a matter of 3rd world as of ISPs as such, why on earth should an ISP do things like policy routing or even static routing on the NNI - they have redundancy mechanisms for their own network and BGP for peering and that should be it. So it's rather the lack of demand from SOHO which makes the development priority low, and there seem to be just a few SOHO who want uplink redundancy and IPv6 at the same time.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
Sob
Forum Guru
Forum Guru
Posts: 4527
Joined: Mon Apr 20, 2009 9:11 pm

Re: Locked out of 2 routers!

Thu Aug 08, 2019 5:31 pm

You win anav's prize for great thread hijack. ;)
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
MrGreg
just joined
Topic Author
Posts: 20
Joined: Thu Mar 08, 2018 3:43 pm

Re: Locked out of 2 routers!

Fri Aug 09, 2019 3:15 am

Hi sob and wrkq,

I have fixed my home router! Thanks wrkq for alerting me of the serial port on the back! Similar problems were cause by my use of Quick Set. I fixed it with the console enough to get back in via WinBox. Then cleaned things up from GUI. I did the same as the work device. I made Address List entry for the Local Network settings use Interface (ether2). This way Quick Set will not mess things up. However I will follow both of your advise and stay the hell away from Quick Set! I will resume my dual wan effort at client site this weekend. Thanks again for the outstanding support!
 
pe1chl
Forum Guru
Forum Guru
Posts: 5700
Joined: Mon Jun 08, 2015 12:09 pm

Re: Locked out of 2 routers!

Fri Aug 09, 2019 11:01 am

Similar problems were cause by my use of Quick Set.
Ok there is one thing you need to understand very well: you can use Quick Set ONLY ONCE.
You powerup your new router, you go to the Quick Set page, you enter everything you want to set and hit the OK button and THAT'S IT for your use of Quick Set on that router.
NEVER NEVER NEVER use it again after you have done other tweaks in the remainder of the menus.
You can compare it to the "installation wizard" found in some other routers. Used to setup major things like the address and name of the thing.
You cannot use Quick Set to modify things after you have done other configuration, because it will overwrite random items at will and can make your entire configuration inconsistent.

Unfortunately, despite many requests for a way to render Quick Set read-only (preferably even automatically) after its initial use, this has not been implemented.
(another thing you cannot do with a MikroTik router: protect it against wrong use of Quick Set)
 
MrGreg
just joined
Topic Author
Posts: 20
Joined: Thu Mar 08, 2018 3:43 pm

Re: Locked out of 2 routers!

Fri Aug 09, 2019 5:27 pm

Hi pe1ch1,

Thanks for your in-site. I will you add you to my list of experts that are telling me not to use Quick Set after initial setup. I think my previous statement
However I will follow both of your advise and stay the hell away from Quick Set!
shows that I have learned my lesson.

With that being said, I cannot depend on this. There are other tech's in my company or future IT companies that could make the same mistake. This is why I made the following decisions for my config. (ether1) will always be wan and not in the bridge, (ether2) will always be lan and in the bridge. Then inadvertently clicking the OK button in Quick Set (Like I did with no changes on clients device), will not break the config. I have tested this on all three devices, home and 2 client sites. This works for me but may not work for all configs and should not be depended on by others!

You dinged me twice for the saying
There is nothing that you cannot do with a MIK!!!
. I stand corrected. Let me rephrase. RouterOS is very powerful! You can do ALMOST anything with a MIK!!!

Thanks for letting me know about the dual wan IPv6 problem! I am in the process of working on a dual wan setup at 2 of my client sites. Good news I am not using IPv6! BTW, I agree that the developers should fix this problem. Are there any other short comings with RouterOS that you would like to share before we let this thread rest? :)
Last edited by MrGreg on Fri Aug 09, 2019 5:52 pm, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5700
Joined: Mon Jun 08, 2015 12:09 pm

Re: Locked out of 2 routers!

Fri Aug 09, 2019 5:51 pm

You could try open another ticket saying that your router configuration is at risk and you would like some solution to be implemented.
Many have tried, but of course at some time someone at MikroTik should realize that it is better to make some change.
Things that have been suggested:
- automatically turn Quick Set into read-only once a setting has been changed outside of it
- add some checkbox somewhere in the system menu where an admin who knows about those issues can do this manually
- add a fat warning when clicking OK in Quick Set when it discovers that other settings have been done on the device (with a chance to abort the changes)
edit: I forgot this one:
- make Quick Set a separate package that is installed by default but you can remove it (like ipv6, wireless, hotspot etc) when you do not need or want it
etc

For now, techs in any company using MikroTik for a little more than a home router (where it doesn't cost much to just reset-to-defaults and Quick Set again) should indeed be very aware of this.

W.r.t. "what you cannot do": there are lots of things that you cannot do with RouterOS, it is too much to make a list.
But of course there are also many things that it can do, and you can often make it work well in your network. I use it all the time.
Last edited by pe1chl on Fri Aug 09, 2019 6:23 pm, edited 1 time in total.
 
Sob
Forum Guru
Forum Guru
Posts: 4527
Joined: Mon Apr 20, 2009 9:11 pm

Re: Locked out of 2 routers!

Fri Aug 09, 2019 5:58 pm

I'd put it like this, if you want to be able to do anything, use Linux. If you can live without some features and trade them for nice user-friedly package, use RouterOS. It's mostly in the right place, but some areas could use more improvements.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
MrGreg
just joined
Topic Author
Posts: 20
Joined: Thu Mar 08, 2018 3:43 pm

Re: Locked out of 2 routers!

Fri Aug 09, 2019 6:05 pm

pe1chi, I am in full agreement about Quick Set. I like all of your suggestions. I really like the warning message idea! If that was in there, I would not of locked myself out of 2 devices! Good news my devices had a serial console port. :) I have alerted those in my company about the problem. Thanks for your support!

Well said sob!
I'd put it like this, if you want to be able to do anything, use Linux. If you can live without some features and trade them for nice user-friedly package, use RouterOS. It's mostly in the right place, but some areas could use more improvements.
 
dnordenberg
just joined
Posts: 23
Joined: Wed Feb 24, 2016 8:00 pm

Re: Locked out of 2 routers!

Sun Aug 11, 2019 2:14 am

My problem must be something else then because i'm 100% sure I did not click ok in a quickset dialog. One of the routers was even failing after a upgrade from a working config and then there is no quick set auto opening. And at least in one case firmware downgrade worked for me (without config reset) so there is something fishy with 6.45. And one stopped responding to winbox after a few days. Wonder if it has something to do with bridges...
 
pe1chl
Forum Guru
Forum Guru
Posts: 5700
Joined: Mon Jun 08, 2015 12:09 pm

Re: Locked out of 2 routers!

Sun Aug 11, 2019 11:08 am

I have certainly seen issues when upgrading old versions that used "ethernet masterport" and had a little more than basic configuration into the newer versions that always use bridges.
Sometimes it proceeds smoothly, sometimes you end up with non-working local network.
As I use MikroTik routers mostly in classic routed networks (not the typical home configuration with NAT, but wired into many point-to-point links with BGP routing), it was usually easy for me to login to the router via the network and fix it with a couple of simple changes.
However, I can understand that users would get frustrated when this happens to them after an upgrade.

Of course this change is now a couple of versions ago and should not affect upgrades from 6.44.x to 6.45.x unless there still is some misdetection of a "need to change something" in the bridge configuration.
There is another known issue: those recent versions do not process the Quick Set option to set it to "bridge all ports" correctly! It is OK in router mode. When you want to use the router as a bridge between all ports, set it as a router and then change it using the usual menus.
 
billjellis
newbie
Posts: 36
Joined: Mon Dec 15, 2014 11:04 pm

Re: Locked out of 2 routers!

Sat Sep 14, 2019 2:02 am

You may have to upgrade Winbox to v3.19 I have the same thing happening....
Hi Everyone,

Home - RB2011Ui - RouterOS 6.45.2 - WinBox 3.18 - IP 192.168.88.1
Work - CCR1016-12G - RouterOS 6.45.2 WinBox 3.18 - IP 192.168.0.1

I have managed to lock myself out of 2 routers. Both are fully functional. IP addresses are being assigned, Internet is working. Everything looks good when I run ipconfig. However I cannot ping either router. This means that I cannot login via WinBox. I should also mention the routers are not showing up under the Neighbors tab either. However I ran Advanced IP scanner at home and it does find the routers IP and Mac Address. I tried to manually enter the Mac Address and login via WinBox but no joy. Let me explain what happened in both cases.

On the Home unit, I made a change to my wireless settings via Quick Set. I think I had the wrong mode selected. I think I made the change under mode CPE when I should of been using HomeAP mode. I applied my changes and thought all was well. Once I logged off, I can no longer login.

On the Work unit, I was working on a dual wan setup. I was trying to start over and clean up the routes for the secondary wan. I removed the network cable from secondary wan ether2. However I could not remove the routes. So I looked at the Address List entries. I noticed that I had 2 that were the same except for the interface. They both had an address of 192.168.0.1/24 and network of 192.168.0.0. The first one had an interface of bridge and the second of ether2. I removed the second one with the ether2 interface since this is the interface that connect to my secondary wan device. I still was not able to remove the routes for the secondary wan ether2. So I decided to reboot the router to see if they would go away. Once again just like the home unit, I can no longer login.

I suspect in both cases that I have lost the default lan route with gateway of bridge and Preferred Source of router IP. Perhaps the Address List entry for lan bridge as well.

Both of these routers have the LCD touch screen. On the home unit, I tried to enter an address of 192.168.88.1/24 on a spare ether interface. I cannot find a way to make the interface bridge from the touch screen interface. This did not fix my problem. Is there anything I can do from the touch screen to fix this? The work unit has a serial interface. Do I have to use it?

I can do a reset on the home unit if necessary because it is pretty much stock. However the work unit has been customized quite a bit so I really do not want to reset it. Any help would be greatly appreciated! Thanks for the support...

Who is online

Users browsing this forum: No registered users and 54 guests