MikroTik

Hey,

i foolishly added a filter rule to my bridge and that is preventing access to RouterOS.

What i did. Quick Config PtP CPE. After running for a while, i added two forward rules for pppoe-session, pppoe-discovery to
the bridge filter. Everything fine so far... Then i follishly added a drop everything input rule to the filter.

So now i am able to do a PPPoE Session via the Link but have no further access to the device.
Because the ethernet and wlan are bridged and the device has only these interfaces,
everything will be dropped (except PPPoE). No matter which way i am trying to access the device.

Is there a way to reset the Routerboard without climbing to the Antenna? Some way (tftp, ..., ...) to stop the booting process
and pushing a clean firmware or config to the device.

thanks in advance
MTer

Hey. Try MAC Telnet access. If there will be no luck, then only hard reset.

2 things:

1. Use mac telnet as stated above. You'll need to be in the same layer2 domain and it's probably not activated on the WAN interface.

2. ALWAYS use safe mode when doing anything remotely. You can turn it on, do a few commands and ensure they work, then turn it off. Or leave it on the whole time but you risk a large rollback if your last of many commands is bad.

Locking yourself out of a device is something all network people do at least once. Learn from it.

tried that already local over ethernet and remote over the wireless link.

But the Filter does what he does - he drops at position 3 ALL incoming packages.

I want to hard reset the Board but first finding a way to do that without climbing to the Antenna.

if ipv6 package was enabled then you can connect to ipv6 ll address. If not then you're screwed.

thanks for all the answers...

ipv6 is definitely disabled.
hoped that there is a way to halt the system at boot und push a recovery firmware to it
and configure it as a new device.

I will go up and push the Button.

This also teaches you to set the routerboard boot mode to "try ethernet once then nand" instead of the default "nand if fail then ethernet"
when your tower-mounted device is on a reasonably safe local network. At least you can powercycle it and netinstall without pushing the button.
(of course there is the risk that someone else sets up a system with netinstall and hijacks your device when it reboots, but you
can judge yourself what is the chance of that happening on your local network)

Not familiar with bridge filter but for my input rules I have an accept rule for my admin PCs or admin network BEFORE my drop rule.