MikroTik

After I managed to lock myself out of a router 9,000 miles away I wanted to know if there is a good way of getting routeros to respond to ssh on all interfaces. I would like o configure things so I can get a network kvm on one of the servers on the internal side and use that to reconfigure the routeros box if I break it once more ( and for the other sites ).

Hello

Do You know Safe Mode?
http://wiki.mikrotik.com/index.php?titl ... #Safe_Mode

Is Your router has Console port (serial port)? by this port You can do everything - I know You must have access to it.

Regards
SLawek

@slv: he just can not use a serial port 9000 miles away...

@james:
Add a firewall rule on the top to accept port 22:

Thanks for the replies,

I put the acl allowing traffic in to port 22 in the fip filters area at the top and I can see it getting hits however it does not see a service responding ( I just get timed out ).

Safe mode looks useful in the future, I am more used to the cisco approach of get it working and save or power cycle if you break it....

My colo provider can connect a kvm up to one of my machines, I just suspect that the cable he has also plugged in to the serial console on the kvm ( which is for a brocade ) rather than a routeros box so I will send him the page that describes the pin outs ( should I expect that a blue cisco cable would work if I posted him one ? )

( After writing the reply above it occurred to me to connect to the external interface from the inside world and worked, I hadn't deleted the external interface I had bound an ip address to one of the next hop devices ( one of the redundant vvrp interfaces ) so I had stopped the routeros box knowing about its next hop. I would still like to know to contact the routeros box on the internal network as well as the external one ).

Make sure you enable the ssh service for all IPs under IP->services.

I have looked in ip->services->ssh and it has no restrictions on where you can connect from ? however if I try and ssh to the internal address I can see that the packets get to the routeros box but there is no response.

@docmarius

we a talking about internet conection so miles doesnt matter.
What about simple modem connection? I know that Young people may not know what I'm talking abut ...

http://www.cisco.com/c/en/us/support/do ... ml#alt_usr

or any of serial over ethernet adapters - i know that also dedicated network for management is nessasary (and probably another router for such purposes) but as usually everything depends on needs and budget.

I'm using USR modem with Juniper SSG router.

Regards
Slawek

C'mon, do you really think all people have an analog phone connection or a leased line available on an isolated remote tower to use a modem? Most don't even now what that is, and never heard of US Robotics. Maybe only in "I, robot"...

But a GSM data module with a serial port could be a choice...

This box is in a datacenter and the last time I used a modem it was a Courier Dual Standard ...

So it makes little sense to have one in this case.

@docmarius

Why You assume that every people has only smartphones with LTE? In my opinion most people buy Mikrotik routers because are cheap and powerfull.
If You have money You can buy NGF like PaloAlto - mcuh more stable and reliable than Mikrotik in my opinion.

Consider that - even when You have router for $$$$$$ from time to time (Do You know Morphys low?) You need to connect to them for emergancy purposes so in my opinion is good to have "backup" connection for You devices.

Second problem - even if You have GSM modem mostly GSM operators doesn't allow to estabilish remote connection to You modem from internet - this is another problem to solve ...

I'm looking for cheap solution that allow me to remotly connect to at least two console ports - it could be analog or GSM connection - do You know such solution. Problem is that most cheap routers have only one Serial port.
I know solution like Poseidon http://www.hw-group.com/products/poseid ... 02_en.html - this isnt for my wallet


Regards
SLawek

Yes, you are right Slawek.

I just pointed out that, while a modem is a good solution for the remote access problem, you need a landline there.
And since one usually does not have that - speak in leased spaces in data centers and in remote locations, a GSM/LTE solution could be an option.

There are GSM modules offering a serial data port, keyword being "Industrial Serial GSM Modem":
Moxa has some at $166,
Wavecom FASTRACK below $100, at about $45 from China
There is also Elpro, NTI, Nimbus and others.

If you are a hobbist, even an Arduino GSM Shield can do the job.

And if I am not mistaken, you need a direct GSM call for modem access using GPRS, no special setup, just a regular phone number.

Regarding data access: while mobile operators do not offer inbound data access on regular data plans, most of them do have special data plans for home automation and security monitoring.