Versions Compared

Old Version 15

changes.mady.by.user Normunds R.

Saved on

compared with

New Version 16

changes.mady.by.user Oskars K.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note

It is possible that in the future there will be a number of devices that will be set to mode home at the factory, which means that they will reach users with limited functionality, and then if you want advanced features, you will have to change it yourself.

Properties

Following properties are available in the system/device-mode/ console path.

...

Property

Description

container, fetch, scheduler, traffic-gen,   
ipsec, pptp, smb, l2tp, proxy, sniffer, zerotier, bandwidth-test, email, hotspot, romon, socks. (yes | no; Default: yes, for enterprise mode)		The list of available features can be disabled with the device-mode option.
activation-timeout (default: 5m);The reset button or power off activation timer can be set in range (00:00:10 .. 1d00:00:00).
flagging-enabled (yes | no; Default: yes)Enable or disable the flagging feature. See Flagged notice for a detailed description.
flagged (yes | no; Default: no)If the system has detected unauthorized access, the status "flagged" is set to yes. 
mode: (home, enterprise; default: enterprise);Allows choosing from available modes that will limit device functionality. In the future, various modes can be added. 

By default, enterprise mode allows all options except container. So to use the container feature, you will need to turn it on by performing a device-mode update.

By default, home mode disables the following features: scheduler, socks, fetch, bandwidth-test, traffic-gen, sniffer, romon, proxy, hotspot, email, zerotier, container.

Configuration

More specific control over the available features is possible. Each of the features controlled by device-mode can be specifically turned on or off, for example:

...

Code Block
languageros
[admin@MikroTik] > ip hotspot/add interface=ether1 
[admin@MikroTik] > ip hotspot/print 
Flags: X, S - HTTPS
Columns: NAME, INTERFACE, PROFILE, IDLE-TIMEOUT
#   NAME      INTERFACE  PROFILE  IDLE-TIMEOUT
;;; inactivated, not allowed by device-mode
0 X hotspot1  ether1     default  5m

Flagged notice

The Flag is another important "option". Along with the device-mode feature, ROS has implemented code that analyzes the whole configuration at system startup to determine if there are any signs of unauthorized access. If suspicious configurations are detected, the flagged flag is set at device-mode (and the corresponding configuration is disabled):

...