Page 1 of 1
Unable to change default IP on RB5009
Posted: Sun Dec 03, 2023 11:06 am
by MTeeker
Dear Gurus,
My new RB5009UPr+S+IN works fine with its default IP of 192.168.88.1.
But after changed its default IP to 192.168.100.1, I lost the connection to the Internet. In addition I can only access the RB5009 via its MAC address despite having made the necessary changes in /ip address, pool and dhcp server.
I have used MikroTik since 2011 and this is not the first time i change MikroTik's default IP to suit my need. But I am dumbfounded in this case. Can some gurus please give me a hand in solving this issue.
It's on 7.12.1.
Thank you in anticipation.
MTeeker
Re: Unable to change default IP on RB5009
Posted: Sun Dec 03, 2023 11:28 am
by erlinden
Sure you renewed your IP address on the client befor connecting to the new IP address?
Can you make all changes,export config and share it here?
/export file=anynameyoulike
Remove serial and any other private info and post here in between code tags (by use of the </> button)
Re: Unable to change default IP on RB5009
Posted: Sun Dec 03, 2023 8:24 pm
by MTeeker
Thanks for your reply.
Actually, I did execute the commands
ipconfig /release then
/renew as well as restarting my PC after the change, but it did not get a dhcp IP address from RB5009 following the change. After a reset, it has no issue connecting though. I never use the default IP of 192.168.88.1 on my several MikroTik routers. So I am dumbfounded.
Here is the exported file:
# 2023-12-03 20:51:24 by RouterOS 7.12.1
# software id = XXXX-XXXX
#
# model = RB5009UG+S+
# serial number = Hxxxxxxxxx
/interface bridge
add admin-mac=AA:BB:CC:DD:EE"FF to-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool1 ranges=192.168.100.32-192.168.100.127
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=sfp-sfpplus1
/interface bridge settings
set use-ip-firewall=yes
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.100.1/25 interface=bridge network=192.168.100.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server
add address-pool=*1 interface=bridge lease-time=10m name=defconf
/ip dhcp-server network
add address=192.168.100.0/25 comment=defconf dns-server=192.168.100.1 \
gateway=192.168.100.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.100.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/system clock
set time-zone-name=Australia/Melbourne
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Re: Unable to change default IP on RB5009
Posted: Sun Dec 03, 2023 8:43 pm
by holvoetn
Here is your problem
/ip dhcp-server
add address-pool=*1 interface=bridge lease-time=10m name=defconf
Check pool settings on dhcp server.
Pretty basic to check dhcp first when it's not giving out lease.
Re: Unable to change default IP on RB5009
Posted: Mon Dec 04, 2023 1:44 am
by MTeeker
Thanks for the hint.
I deleted R5009's default dhcp server and recreated it using DHCP Setup Tab (rather than simply changing relevant parameters as done earlier). The process forces it to make the proper link to the gateway router in my home network (R5009 is deployed behind the gateway).
It now works. Cheers.
Re: Unable to change default IP on RB5009
Posted: Mon Dec 04, 2023 2:18 am
by anav
Word of advice, assign to an empty port an IP address and work safely from that port to do all your config initially and then later acts as an emergency access, besides lot of use of SAFE MODE!!
viewtopic.php?t=181718
Re: Unable to change default IP on RB5009
Posted: Mon Dec 04, 2023 2:53 am
by MTeeker
Thank you anav,
Very useful and comprehensive post. Thanks again for a clever appoach.
Re: Unable to change default IP on RB5009
Posted: Mon Dec 04, 2023 4:42 pm
by paulz
Another approach would be to have your second address assigned in IP/Address right to the same interface (but do try before to set up your second network DHCP anyway to avoid a manual IP address on the accessing device) according to
https://wiki.mikrotik.com/wiki/Manual:IP/Address saying "It is possible to add multiple IP addresses to an interface or to leave the interface without any addresses assigned to it."
Also there are three little helpers, before OR in case you are leaving yourself outside of the router, until you do it right (sometimes order matters):
- use initially the winbox's "Quick set" magic wizard upper left corner
- winbox's local neighbours discovery
- USB-only WOOBM-USB device at hand
This way you can hardly be left outside and you can experiment all you want.
Did I say WOOBM-USB is a must hardware tool?
Kind regards.
Re: Unable to change default IP on RB5009
Posted: Mon Dec 04, 2023 6:29 pm
by anav
NM , posted in error
Re: Unable to change default IP on RB5009
Posted: Mon Dec 04, 2023 7:22 pm
by mkx
Please stop spamming threads with WOOMB usb ...............
Why do you consider those posts as spam? Woobm is MT's own product and works quite well (if device is alive enough to enable console on USB port).
Re: Unable to change default IP on RB5009
Posted: Mon Dec 04, 2023 7:45 pm
by anav
Not sure what it has to do with changing IP but okay.....
Re: Unable to change default IP on RB5009
Posted: Mon Dec 04, 2023 7:54 pm
by mkx
It has to do with backup way into ROS device ... just as much as your suggestion about dedicated off-bridge ether port.
Re: Unable to change default IP on RB5009
Posted: Mon Dec 04, 2023 8:49 pm
by anav
So you can enter the router via the USB device? Just curious, how do you type on the usb device? small keyboard?
Re: Unable to change default IP on RB5009
Posted: Mon Dec 04, 2023 8:56 pm
by holvoetn
Connect via wifi.
But I see it has been discontinued ?
https://mikrotik.com/product/woobm
So is MQS ?
Re: Unable to change default IP on RB5009
Posted: Mon Dec 04, 2023 9:00 pm
by paulz
Thank you
mkx. It is unbelievable, flamed for recommending a Mikrotik product on a Mikrotik forum.
Anav is refering to one post in another topic, I recommended this device (not promote!@??!) also there and I said that I do not recommend a specific MT router without USB just because you cannot use it and you can get locked out very easily.
I am not a guy that do a backup every five minutes or exporting configuration with show-sensitive and verbose every time I am experimenting so I still have my three recommendations from my post.
Now, let me tell you something.
MTeeker used for sure the "Quick set" wizards from winbox since 2011, but lately is not working properly on some devices. So here comes the stick, neighbours discovery by mac address and luck in order to not reset or load a backup until you got the DHCP right.
I have used MikroTik since 2011 and this is not the first time i change MikroTik's default IP to suit my need. But I am dumbfounded in this case. Can some gurus please give me a hand in solving this issue.
Thanks and regards.
Re: Unable to change default IP on RB5009
Posted: Mon Dec 04, 2023 9:11 pm
by anav
Maybe it doesnt work with the new wifiwave wave of products.
Or it was a big security risk?
Re: Unable to change default IP on RB5009
Posted: Mon Dec 04, 2023 9:18 pm
by paulz
Thank you
holvoetn for pointing me to the MQS, pricewise is very close. Maybe I can still get one of those. I am sure that you are not spamming here, right?
But -flame-on-me- it is not giving me a terminal to change thing unless I can connect it to the router, right? Which maybe I messed up in firewall.
It is like a winbox on wifi not a direct terminal. Maybe I even switched off discovery in settings by mistake.
I am still giving thanks right now, but good luck connecting to RB5009 with wifi
Yes, yes, I sometimes have a MT in AP mode connected to it.
Many thanks.
Re: Unable to change default IP on RB5009
Posted: Mon Dec 04, 2023 9:25 pm
by mkx
Basic functionality of woobm has nothing to do with drivers on ROS device. In principle it acts as AP itsrlf, one uses a wifi device to connect to it and then use web browser to open woobm pages. One of features, available on woobm's web page, is terminal window.
My favourite conspiracy theory about it's discontinuation is that only a few usrrs (MT device admins) were aware of its usability and hence low sales. I'm affraid that @anav's decission to buy 10 pieces today is too little too late
If I understand MQS right, then it requires a working IP port (possibly it allows MAC access so port on connected RB needs to allow that as well). Which makes it usable, but much less usable than woobm (but woobm requires USB port on device and that is not guaranteed on newer models).
Re: Unable to change default IP on RB5009
Posted: Mon Dec 04, 2023 9:30 pm
by paulz
So you can enter the router via the USB device? Just curious, how do you type on the usb device? small keyboard?
You clearly do not know this MT product. You plug it in the USB, it is powered and becomes a hotspot.
You can then connect with anything from a phone, tablet or any PC or laptop that has WIFI.
After connecting you to the default address 192.168.4.1 and you have access to settings and...
miracle happens, access to a full MT terminal to the very device it is plugged in! Of course you are prompted for credentials...
It is so sad that they discontinued.
Let me tell a small scenario: I create a VPN in order to have local access to a PC that have a wifi card, I log in that computer, connect to that USB hotspot and do the magic.
Yes: VPN has to work. Yes: I can have both wired routes and wifi routes without colliding or messing with the gateways. It can appear stuck sometimes but it solves the shortest routes. (not in the case of phones)
Re: Unable to change default IP on RB5009
Posted: Mon Dec 04, 2023 9:38 pm
by paulz
Basic functionality of woobm has nothing to do with drivers on ROS device. In principle it acts as AP itsrlf, one uses a wifi device to connect to it and then use web browser to open woobm pages. One of features, available on woobm's web page, is terminal window.
My favourite conspiracy theory about it's discontinuation is that only a few usrrs (MT device admins) were aware of its usability and hence low sales. I'm affraid that @anav's decission to buy 10 pieces today is too little too late
If I understand MQS right, then it requires a working IP port (possibly it allows MAC access so port on connected RB needs to allow that as well). Which makes it usable, but much less usable than woobm (but woobm requires USB port on device and that is not guaranteed on newer models).
I have just three of them, one at work plugged all the time in the main router, one at home plugged all the time in the main router and one in my backpack just in case someone needs one.
But going back to the topic, it can save you time getting back in the router and change little things like DHCP setting if you are locked out.
No backup restore, not importing saved configurations, just using terminal.
Kind regards.
Re: Unable to change default IP on RB5009
Posted: Mon Dec 04, 2023 9:47 pm
by paulz
If I understand MQS right, then it requires a working IP port (possibly it allows MAC access so port on connected RB needs to allow that as well). Which makes it usable, but much less usable than woobm (but woobm requires USB port on device and that is not guaranteed on newer models).
Not usable if you disable discovery by mistake or on purpose and get locked out by firewall. "
if you stare into the abyss the abyss stares back" kind of situation.
Yes, discovery on your MT can discover your own and some other MTs on WAN, but they can discover you as well. Not a happy result sometimes.
Even if you have it locked discovery on LAN... you need to trust your locals very well, there is no firewall for mac address unless you allocate some MT processing power to the firewall.