Community discussions

MikroTik App
 
massimo79m
just joined
Topic Author
Posts: 13
Joined: Thu Jan 14, 2016 9:29 am

Default configuration for AX lite

Wed May 31, 2023 1:07 am

i think my AX lite has problems with the configuration, i resetted it but same problems, so i think maybe it was a second hand and someone changed something.
is there a way to download the original configuration for this router?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Default configuration for AX lite

Wed May 31, 2023 1:31 am

All is useless only if is branded.
Reset the device... reset the device...

If you have some doubt, netinstall it.

You do not provide any smart info, like the RouterOS version, or how you reset the device, by button or by system reset-configuration.
/system default print command on terminal, show the default configuration of the device.

Any other supposition is completely useless and a waste of time.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Default configuration for AX lite

Wed May 31, 2023 8:14 am

When in doubt about usage of reset button and you can still get in, reset from terminal command line.
/system reset-configuration
 
massimo79m
just joined
Topic Author
Posts: 13
Joined: Thu Jan 14, 2016 9:29 am

Re: Default configuration for AX lite

Wed May 31, 2023 5:12 pm

All is useless only if is branded.
Reset the device... reset the device...
I'm sorry, maybe I did not say it clear enough.
I would know if, on the mikrotik site or elsewhere, i can find the original configuration (HOME-AP) that you can find in a AXLITE when it's brand new.

I did a "led blinking reset" but the still the configuration didn't work.
After this, i did a "solid green led reset", and it deleted also some important configuration (the wifi is not under "bridge" anymore, the wifi is turned off, the firewall rules are much fewer, the password is empty instead of the same on the label under the mik, and so on).
after the "solid green" i did another "blinking" reset, but the configuration is still "lost".

I have the "out of the box configuration" backup and i tried to reload it, but i think it's not the original (maybe the router it was already used and the previous owner made a mistake on the configuration).
If it can be useful, tonight i will post the current configuration, i know that the routeros version is 7.9.1.

tonight i will try a netinstall.

Thank you
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Default configuration for AX lite  [SOLVED]

Wed May 31, 2023 5:34 pm

AX Lite is only out for some months. Would be hard to believe someone else already had it (but not impossible).

Def conf (be advised: running on 7.10rc1 but that should not matter)
# 2023-05-31 16:34:00 by RouterOS 7.10rc1
# software id = 100Z-8W7H
#
            script: #| Welcome to RouterOS!
                    #|    1) Set a strong router password in the System > Users menu
                    #|    2) Upgrade the software in the System > Packages menu
                    #|    3) Enable firewall on untrusted networks
                    #|    4) Set your country name to observe wireless regulations
                    #| -----------------------------------------------------------------------------
                    #| RouterMode:
                    #|  * WAN port is protected by firewall and enabled DHCP client
                    #|  * Wireless and Ethernet interfaces (except WAN port/s)
                    #|    are part of LAN bridge
                    #| LAN Configuration:
                    #|     IP address 192.168.88.1/24 is set on bridge (LAN port)
                    #|     DHCP Server: enabled;
                    #|     DNS: enabled;
                    #| wifi1 Configuration:
                    #|     mode:                ap;
                    #|     band:                2ghz-ax;
                    #|     tx-chains:           0;1;
                    #|     rx-chains:           0;1;
                    #|     installation:        indoor;
                    #|     ht-extension:        20/40mhz;
                    #|     wpa2:          yes;
                    #| WAN (gateway) Configuration:
                    #|     gateway:  ether1 ;
                    #|     ip4 firewall:  enabled;
                    #|     ip6 firewall:  enabled;
                    #|     NAT:   enabled;
                    #|     DHCP Client: enabled;
                    #| Login
                    #|     admin user protected by password
                    
                    :global ssid;
                    :global defconfMode;
                    :log info "Starting defconf script";
                    #-------------------------------------------------------------------------------
                    # Apply configuration.
                    # these commands are executed after installation or configuration reset
                    #-------------------------------------------------------------------------------
                    :if ($action = "apply") do={
                      # wait for interfaces
                      :local count 0;
                      :while ([/interface ethernet find] = "") do={
                        :if ($count = 30) do={
                          :log warning "DefConf: Unable to find ethernet interfaces";
                          /quit;
                        }
                        :delay 1s; :set count ($count +1); 
                      };
                      :local count 0;
                      :while ([/interface wifiwave2 print count-only] < 1) do={ 
                        :set count ($count +1);
                        :if ($count = 40) do={
                          :log warning "DefConf: Unable to find wireless interface(s)"; 
                          /ip address add address=192.168.88.1/24 interface=ether1 comment="defconf";
                          /quit
                        }
                        :delay 1s;
                      };
                     /interface list add name=WAN comment="defconf"
                     /interface list add name=LAN comment="defconf"
                     /interface bridge
                       add name=bridge disabled=no auto-mac=yes protocol-mode=rstp comment=defconf;
                     :local bMACIsSet 0;
                     :foreach k in=[/interface find where !(slave=yes   || name="ether1" || passthrough=yes   || name="ether1" || name~"bridge")] do={
                       :local tmpPortName [/interface get $k name];
                       :if ($bMACIsSet = 0) do={
                         :if ([/interface get $k type] = "ether") do={
                           /interface bridge set "bridge" auto-mac=no admin-mac=[/interface get $tmpPortName mac-address];
                           :set bMACIsSet 1;
                         }
                       }
                         :if (([/interface get $k type] != "ppp-out") && ([/interface get $k type] != "lte")) do={
                           /interface bridge port
                             add bridge=bridge interface=$tmpPortName comment=defconf;
                         }
                       }
                       /ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254;
                       /ip dhcp-server
                         add name=defconf address-pool="default-dhcp" interface=bridge lease-time=10m disabled=no;
                       /ip dhcp-server network
                         add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1 comment="defconf";
                      /ip address add address=192.168.88.1/24 interface=bridge comment="defconf";
                     /ip dns {
                         set allow-remote-requests=yes
                         static add name=router.lan address=192.168.88.1 comment=defconf
                     }
                    
                      /interface wifiwave2 {
                    :local ifcId [/interface wifiwave2 find where default-name=wifi1]
                        set $ifcId configuration.mode=ap channel.band=2ghz-ax disabled=no
                        set $ifcId channel.width=20/40mhz;
                        set $ifcId channel.skip-dfs-channels=10min-cac;
                       set $ifcId security.authentication-types=wpa2-psk,wpa3-psk security.passphrase=$defconfWifiPassword
                        :local wlanMac  [/interface get [/interface find where default-name=wifi1] mac-address];
                        :set ssid "MikroTik-$[:pick $wlanMac 9 11]$[:pick $wlanMac 12 14]$[:pick $wlanMac 15 17]"
                        set $ifcId configuration.ssid=$ssid
                      }
                       /ip dhcp-client add interface=ether1 disabled=no comment="defconf";
                     /interface list member add list=LAN interface=bridge comment="defconf"
                     /interface list member add list=WAN interface=ether1 comment="defconf"
                     /ip firewall nat add chain=srcnat out-interface-list=WAN ipsec-policy=out,none action=masquerade comment="defconf: masquerade"
                     /ip firewall {
                       filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
                       filter add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"
                       filter add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
                       filter add chain=input action=accept dst-address=127.0.0.1 comment="defconf: accept to local loopback (for CAPsMAN)"
                       filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
                       filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept in ipsec policy"
                       filter add chain=forward action=accept ipsec-policy=out,ipsec comment="defconf: accept out ipsec policy"
                       filter add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"
                       filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related, untracked"
                       filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
                       filter add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN comment="defconf: drop all from WAN not DSTNATed"
                     }
                     /ipv6 firewall {
                       address-list add list=bad_ipv6 address=::/128 comment="defconf: unspecified address"
                       address-list add list=bad_ipv6 address=::1 comment="defconf: lo"
                       address-list add list=bad_ipv6 address=fec0::/10 comment="defconf: site-local"
                       address-list add list=bad_ipv6 address=::ffff:0:0/96 comment="defconf: ipv4-mapped"
                       address-list add list=bad_ipv6 address=::/96 comment="defconf: ipv4 compat"
                       address-list add list=bad_ipv6 address=100::/64 comment="defconf: discard only "
                       address-list add list=bad_ipv6 address=2001:db8::/32 comment="defconf: documentation"
                       address-list add list=bad_ipv6 address=2001:10::/28 comment="defconf: ORCHID"
                       address-list add list=bad_ipv6 address=3ffe::/16 comment="defconf: 6bone"
                       filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
                       filter add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"
                       filter add chain=input action=accept protocol=icmpv6 comment="defconf: accept ICMPv6"
                       filter add chain=input action=accept protocol=udp port=33434-33534 comment="defconf: accept UDP traceroute"
                       filter add chain=input action=accept protocol=udp dst-port=546 src-address=fe80::/10 comment="defconf: accept DHCPv6-Client prefix delegation."
                       filter add chain=input action=accept protocol=udp dst-port=500,4500 comment="defconf: accept IKE"
                       filter add chain=input action=accept protocol=ipsec-ah comment="defconf: accept ipsec AH"
                       filter add chain=input action=accept protocol=ipsec-esp comment="defconf: accept ipsec ESP"
                       filter add chain=input action=accept ipsec-policy=in,ipsec comment="defconf: accept all that matches ipsec policy"
                       filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop everything else not coming from LAN"
                       filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
                       filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
                       filter add chain=forward action=drop src-address-list=bad_ipv6 comment="defconf: drop packets with bad src ipv6"
                       filter add chain=forward action=drop dst-address-list=bad_ipv6 comment="defconf: drop packets with bad dst ipv6"
                       filter add chain=forward action=drop protocol=icmpv6 hop-limit=equal:1 comment="defconf: rfc4890 drop hop-limit=1"
                       filter add chain=forward action=accept protocol=icmpv6 comment="defconf: accept ICMPv6"
                       filter add chain=forward action=accept protocol=139 comment="defconf: accept HIP"
                       filter add chain=forward action=accept protocol=udp dst-port=500,4500 comment="defconf: accept IKE"
                       filter add chain=forward action=accept protocol=ipsec-ah comment="defconf: accept ipsec AH"
                       filter add chain=forward action=accept protocol=ipsec-esp comment="defconf: accept ipsec ESP"
                       filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept all that matches ipsec policy"
                       filter add chain=forward action=drop in-interface-list=!LAN comment="defconf: drop everything else not coming from LAN"
                     }
                       /ip neighbor discovery-settings set discover-interface-list=LAN
                       /tool mac-server set allowed-interface-list=LAN
                       /tool mac-server mac-winbox set allowed-interface-list=LAN
                     :if (!($defconfPassword = "" || $defconfPassword = nil)) do={
                       /user set admin password=$defconfPassword
                       :delay 0.5
                       /user expire-password admin 
                     }
                    }
                    #-------------------------------------------------------------------------------
                    # Revert configuration.
                    # these commands are executed if user requests to remove default configuration
                    #-------------------------------------------------------------------------------
                    :if ($action = "revert") do={
                    /user set admin password=""
                     /system routerboard mode-button set enabled=no
                     /system routerboard mode-button set on-event=""
                     /system script remove [find comment~"defconf"]
                     /ip firewall filter remove [find comment~"defconf"]
                     /ipv6 firewall filter remove [find comment~"defconf"]
                     /ipv6 firewall address-list remove [find comment~"defconf"]
                     /ip firewall nat remove [find comment~"defconf"]
                     /interface list member remove [find comment~"defconf"]
                     /interface detect-internet set detect-interface-list=none
                     /interface detect-internet set lan-interface-list=none
                     /interface detect-internet set wan-interface-list=none
                     /interface detect-internet set internet-interface-list=none
                     /interface list remove [find comment~"defconf"]
                     /tool mac-server set allowed-interface-list=all
                     /tool mac-server mac-winbox set allowed-interface-list=all
                     /ip neighbor discovery-settings set discover-interface-list=!dynamic
                       :local o [/ip dhcp-server network find comment="defconf"]
                       :if ([:len $o] != 0) do={ /ip dhcp-server network remove $o }
                       :local o [/ip dhcp-server find name="defconf" !disabled]
                       :if ([:len $o] != 0) do={ /ip dhcp-server remove $o }
                       /ip pool {
                         :local o [find name="default-dhcp" ranges=192.168.88.10-192.168.88.254]
                         :if ([:len $o] != 0) do={ remove $o }
                       }
                       :local o [/ip dhcp-client find comment="defconf"]
                       :if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
                     /ip dns {
                       set allow-remote-requests=no
                       :local o [static find comment="defconf"]
                       :if ([:len $o] != 0) do={ static remove $o }
                     }
                     /ip address {
                       :local o [find comment="defconf"]
                       :if ([:len $o] != 0) do={ remove $o }
                     }
                     :foreach iface in=[/interface ethernet find] do={
                       /interface ethernet set $iface name=[get $iface default-name]
                     }
                     /interface bridge port remove [find comment="defconf"]
                     /interface bridge remove [find comment="defconf"]
                     /interface bonding remove [find comment="defconf"]
                     /interface wifiwave2 reset wifi1
                    }
                    :log info Defconf_script_finished;
                    :set defconfMode;
                    :set ssid;
                    
  caps-mode-script: #| CAP configuration
                    #|
                    #|   Wireless interfaces are set to be managed by CAPsMAN.
                    #|   All ethernet interfaces and CAPsMAN managed interfaces are bridged.
                    #|   DHCP client is set on bridge interface.
                    
                    :global action;
                    
                    # bridge port name
                    :local brName  "bridgeLocal";
                    :local logPref "defconf:";
                    :local wirelessMenu "wireless"
                    :local ww2Enabled false;
                    
                    :if ([:len [/system package find name="wifiwave2" !disabled]] != 0) do={
                      :set ww2Enabled true;
                      :set wirelessMenu "wifiwave2";
                    }
                    
                    :if ($action = "apply") do={
                    
                      # wait for ethernet interfaces
                      :local count 0;
                      :while ([/interface ethernet find] = "") do={
                        :if ($count = 30) do={
                          :log warning "DefConf: Unable to find ethernet interfaces";
                          /quit;
                        }
                        :delay 1s; :set count ($count + 1);
                      }
                    
                      :local macSet 0;
                      :local tmpMac "";
                    
                      :foreach k in=[/interface ethernet find] do={
                        # first ethernet is found; add bridge and set mac address of the ethernet port
                        :if ($macSet = 0) do={
                          :set tmpMac [/interface ethernet get $k mac-address];
                          /interface bridge add name=$brName auto-mac=no admin-mac=$tmpMac comment="defconf";
                          :set macSet 1;
                        }
                        # add bridge ports
                        /interface bridge port add bridge=$brName interface=$k comment="defconf"
                      }
                    
                      # try to add dhcp client on bridge interface (may fail if already exist)
                      :do {
                        /ip dhcp-client add interface=$brName disabled=no comment="defconf"
                      } on-error={ :log warning "$logPref unable to add dhcp client";}
                    
                    
                      # try to configure caps (may fail if for example specified interfaces are missing)
                    
                    
                      :local findWireless [:parse ":local count 0;
                      :while ([/interface $wirelessMenu find] = \"\") do={
                          :if (\$count = 30) do={
                            :log warning \"DefConf: Unable to find wireless interfaces\"; /quit
                          };
                          :delay 1s;
                          :set count (\$count + 1)
                        }"]
                      [$findWireless]
                    
                      :if ($ww2Enabled) do={
                        :local addDatapath [:parse "/interface $wirelessMenu datapath
                        add comment=\"defconf\" name=capdp disabled=no bridge=$brName"]
                        [$addDatapath]
                      }
                    
                      # delay just to make sure that all wireless interfaces are loaded
                      :delay 5s;
                    
                      :do {
                        :local setCap ""
                        if ($ww2Enabled) do={
                          :set setCap [:parse ":foreach i in=[/interface $wirelessMenu find] do={
                            /interface $wirelessMenu set \$i configuration.manager=capsman datapath=capdp
                          }
                          /interface $wirelessMenu cap
                          set enabled=yes discovery-interfaces=$brName slaves-datapath=capdp"]
                        } else={
                    
                          :set setCap [:parse "
                          :local interfacesList \"\";
                          :local bFirst 1;
                          :foreach i in=[/interface $wirelessMenu find] do={
                            if (\$bFirst = 1) do={
                              :set interfacesList [/interface $wirelessMenu get \$i name];
                              :set bFirst 0;
                            } else={
                              :set interfacesList \"\$interfacesList,\$[/interface wireless get \$i name]\";
                            }
                          }
                          /interface $wirelessMenu cap set enabled=yes interfaces=\$interfacesList \\
                            discovery-interfaces=$brName bridge=$brName"]
                        }
                        [$setCap]
                      } on-error={ :log warning "$logPref unable to configure caps";}
                    }
                    
                    :if ($action = "revert") do={
                      :do {
                        :local removeCap ""
                        if ($ww2Enabled) do={
                          :set removeCap [:parse ":foreach i in=[/interface $wirelessMenu find] do={
                            /interface $wirelessMenu set \$i !configuration.manager !datapath }
                          /interface $wirelessMenu cap
                          set enabled=no !slaves-datapath !discovery-interfaces"]
                        } else={
                          :set removeCap [:parse "/interface $wirelessMenu cap
                          set enabled=no interfaces=\"\" discovery-interfaces=\"\" bridge=none"]
                        }
                        [$removeCap]
                      } on-error={ :log warning "$logPref unable to unset caps";}
                    
                      :if ($ww2Enabled) do={
                        :local removeDatapath [:parse "/interface $wirelessMenu datapath remove [find comment=\"defconf\"]"]
                        [$removeDatapath]
                      }
                    
                      :local o [/ip dhcp-client find comment="defconf"]
                      :if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
                    
                      /interface bridge port remove [find comment="defconf"]
                      /interface bridge remove [find comment="defconf"]
                    
                    }
     custom-script: 
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Default configuration for AX lite

Wed May 31, 2023 6:26 pm

Side note, it's curious that the default lease-time is 10m — I thought it was changed to 30m in 7.9...
Def conf (be advised: running on 7.10rc1 but that should not matter)
# 2023-05-31 16:34:00 by RouterOS 7.10rc1
   /ip dhcp-server
                         add name=defconf address-pool="default-dhcp" interface=bridge lease-time=10m disabled=no;
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Default configuration for AX lite

Wed May 31, 2023 6:37 pm

Good observation !

But ...
release note for 7.9 says:
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes
And when I create a new DHCP server on that device, it defaults to 30m.

So ... behavior is in accordance with release notes.
But was that the intended change ?
I suppose you are thinking towards changing default lease time to 30m overall ?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Default configuration for AX lite

Wed May 31, 2023 6:39 pm

The autoconfig script is not the place where the RouterOS read the default values...
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Default configuration for AX lite

Wed May 31, 2023 6:41 pm

I think the point of Amm0 is that while NEW DHCP servers get a default lease time of 30m, the one created by default script gets a lease time of 10m.
The value is there. There is nothing to read elsewhere.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Default configuration for AX lite

Wed May 31, 2023 7:13 pm

I suppose you are thinking towards changing default lease time to 30m overall ?
Didn't mean to hijack the thread... I thought lease-time= was also going to be defconf, so even the 1st one pick up the attribute's default value. In at least one device's defconf, they just don't set lease-time= so first DHCP server uses 30m... Not a big deal, just inconsistent (even if RN is correct)...

Although, I do wish they published the defconf per device someplace – I've run into same problem of trying to find the defconf to restore back after using a branding package.
 
massimo79m
just joined
Topic Author
Posts: 13
Joined: Thu Jan 14, 2016 9:29 am

Re: Default configuration for AX lite

Thu Jun 01, 2023 12:19 am

AX Lite is only out for some months. Would be hard to believe someone else already had it (but not impossible).
it works perfectly, thank you very much!

Who is online

Users browsing this forum: No registered users and 32 guests