Skip to content. | Skip to navigation

Personal tools

You are here: Home / Sonstiges / Usefull insigths / Mikrotik switch acl invert

Mikrotik switch acl invert

Be careful with "invert" from the GUI

This is about the ACL part of the switch part. This is not for general RouterOS, but as in the cheaper switches the RouterOS part is connected with 1Gb/s to the switch while the switch works at 10Gb/s per SFP+ Port, you have to use vlan/acl from this menu.

Seemingly "invert"  in the "new ACL" dialog does not only invert matching for ports (as suggested by the surroundig box) but for everything, so you mostly end up matching way more than you want,

I wanted to match all dhcp server packets not from the uplink port, but it matched all not (dhcp server packets from the uplink port) and completely locked me and everybody out. So I hat to connect to the serial port (only other choice: full reset) to fix this. 

Btw. the pinout for the serial cable on the mikrotik website is flipped. Check out pinouts for "Cisco serial" to see better descriptions. And finally: a speed of 115200 worked for me.