Mikrotik Safe Mode

Safe Mode is a configuration fail safe for Mikrotik routers. If enabled and you make a change that disconnects your session to the router, whatever changes were made will be rolled back, which should let you get back in the router.

If your in WinBox you can hit the Safe Mode button at the top left

If your in a telnet or ssh session just hit

ctrl + x

You should see the following to let you know that safe mode is active

[Safe Mode taken]

Hit ctrl + x again to release Safe Mode

Mikrotik RouterOS view and set Simple Queue speeds

list all simple queues

queue simple print 

Print queue that matches part of name

queue simple print where name~"John"

Example results

Flags: X - disabled, I - invalid, D - dynamic 
0 name="John Smith" target= parent=none packet-marks="" priority=8/8 queue=sfq-up/sfq-down limit-at=0/0
max-limit=1M/10M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s bucket-size=0.1/0.1 total-queue=default

Change max speed on queue for client name. The Upload is specified first.

queue simple set max-limit=10M/100M "John Smith"

Setup SNMP v3 on Mikrotik Router

Setting up SNMP via WinBox is straight forward, the following commands are how to set it up from the command line with some troubleshooting info at the end.

Setup SNMPv3

Setup Community (Change v3Private,encpass, and authpass to their respective names or passwords)

snmp community add name=v3Private encryption-protocol=DES encryption-password=encpass authentication-password=authpass security=private

Enable and set SNMP community (Trap Community needs to match the above command.  Change contact and the location as needed.)

snmp set contact=admin@incredigeek.com location=DeviceLocation trap-community=V3Private


Sometimes, for no apparent reason it seems, routerOS will have issues using the default community.  Work around is to create and use a new community.

Cannot connect with AES encryption

AES doesn’t always seem to work reliably.  Seems to work on some and not other.  Work around is to use DES.

Log shows Permission Denied

Double check the allowed from addresses, user, and passwords

Add multiple IP bindings to Mikrotik Hotspot – Bash Script

Copy and paste the following into a file named mtbypass.sh and then “chmod +x mtbypass.sh”  Or download from this direct link.  Be sure to change the username and password


for i in `cat ${filelist}`
address=`echo $i | cut -d= -f1`
mac=`echo $i | cut -d= -f2`
sshpass -p ${password} ssh ${username}@${ip} "ip hotspot ip-binding add address=${address} mac-address=${mac} type=bypassed"

Now create a file named bypasslist.txt and put all the addresses you want bypassed.  You’ll need the Mac Address and the IP Address.

Example file

Usage of script is

./mtbypass.sh MikrotikIP