Skip to main content

MIKRO101 - Failed to Add MikroTik Address-List Entry

Agent error code #MIKRO101 indicates that the agent could not add an entry to the firewall address-list. The user was authenticated but the PUT /rest/ip/firewall/address-list call failed.

Common causes include:

  • The user lacks the write policy on its group
  • A static or dynamic entry with the same address already exists and RouterOS rejected the duplicate
  • The router is at its license tier's resource limit, though CCR/CHR devices generally have huge limits
  • An upstream firewall has started filtering REST traffic since the agent started

Steps to Resolve

Verify Write Permissions

  1. In RouterOS, open System > Users > Groups
  2. Confirm the service user's group has the write policy enabled in addition to rest-api and read
  3. Save and retry

Check for Conflicting Entries

  1. SSH into the router and run: /ip firewall address-list print where list="<your-list-name>"
  2. Look for entries with the same address that are static (created outside Knocknoc) or marked as dynamic from another source
  3. Remove or rename the conflicting entry, then retry from Knocknoc

Inspect the Agent Log

The agent logs the full RouterOS error message under the operation add entry <address>. Search the agent log for that operation to see the underlying message/detail returned by RouterOS.

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.

Back to top