So the other day when I was playing with my RB4011 I managed to disable my bridge1 interface and lock out from my router.
Luckily, I was able to dial in via VPN and solve the issue.
After this incident I decided to follow the suggestions found in this forum and created an ethernet interface (eth6-emerg) outside my bridge.
However after connecting this interface to my computer I cannot access the router via winbox nor via SSH, it's says wrong username/password which is clearly not true.
(The user/pass is saved in winbox).
I left out the firewall settings on purpose because I already tried disabling all of them, but still cannot connect to router.
Could you please tell me what I'm missing?
Many thanks,
Cheers,
Gerhard
Here is my config:
Code: Select all
# oct/03/2022 19:20:30 by RouterOS 7.5
# model = RB4011iGS+
/interface bridge
add igmp-snooping=yes name=bridge1 priority=0x1000
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] l2mtu=1592 name=SFP+ rx-flow-control=\
auto tx-flow-control=auto
set [ find default-name=ether1 ] name=WAN rx-flow-control=auto \
tx-flow-control=auto
set [ find default-name=ether2 ] disabled=yes
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] name=ether6-emerg
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether10 ] poe-out=off rx-flow-control=auto \
tx-flow-control=auto
set WAN disabled=no
set ether2 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set SFP+ disabled=no
/interface vlan
add interface=bridge1 name=vlan20 vlan-id=20
add interface=bridge1 name=vlan107 vlan-id=107
/interface bonding
add mode=802.3ad name="US-24 LACP" slaves=ether9,ether10
/interface list
add exclude=dynamic name=discover
add exclude=dynamic include=all name=internet
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=LAN_pool ranges=10.0.0.50-10.0.0.250
add name=vlan107_pool ranges=10.0.107.50-10.0.107.98
add name=vlan20_pool ranges=10.0.20.50-10.0.20.100
add name=emerg_pool ranges=10.10.10.2-10.10.10.10
/ip dhcp-server
add address-pool=LAN_pool interface=bridge1 lease-time=6h name="LAN dhcp"
add address-pool=vlan107_pool interface=vlan107 lease-time=6h name="IoT dhcp"
add address-pool=vlan20_pool interface=vlan20 lease-time=6h name="Cam dhcp"
add address-pool=emerg_pool interface=ether6-emerg lease-time=1h name=\
"Emergency DHCP"
/interface bridge port
add bridge=bridge1 fast-leave=yes ingress-filtering=no interface=SFP+
add bridge=bridge1 fast-leave=yes ingress-filtering=no interface="US-24 LACP"
/ip neighbor discovery-settings
set discover-interface-list=none
/ip address
add address=10.0.0.1/24 comment=LAN interface=bridge1 network=10.0.0.0
add address=10.0.107.1/24 comment=IoT interface=vlan107 network=10.0.107.0
add address=10.0.20.1/24 comment=Cameras interface=vlan20 network=10.0.20.0
add address=10.10.10.1/28 comment="Emergecy access" interface=ether6-emerg \
network=10.10.10.0
/ip firewall filter
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=10.0.0.0/24,10.0.66.0/27,10.10.10.0/28
set api disabled=yes
set winbox address=10.0.0.0/24,10.0.66.0/27,10.10.10.0/28
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/system identity
set name=RB4011
/system routerboard settings
set auto-upgrade=yes
/system watchdog
set automatic-supout=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no