...
Note |
---|
It is possible that in the future there will be a number of devices that will be set to mode home at the factory, which means that they will reach users with limited functionality, and then if you want advanced features, you will have to change it yourself. |
Properties
Following properties are available in the system/device-mode/ console path.
...
Property | Description |
---|---|
container, fetch, scheduler, traffic-gen, ipsec, pptp, smb, l2tp, proxy, sniffer, zerotier, bandwidth-test, email, hotspot, romon, socks. (yes | no; Default: yes, for enterprise mode) | The list of available features can be disabled with the device-mode option. |
activation-timeout (default: 5m); | The reset button or power off activation timer can be set in range (00:00:10 .. 1d00:00:00). |
flagging-enabled (yes | no; Default: yes) | Enable or disable the flagging feature. See Flagged notice for a detailed description. |
flagged (yes | no; Default: no) | If the system has detected unauthorized access, the status "flagged" is set to yes. |
mode: (home, enterprise; default: enterprise); | Allows choosing from available modes that will limit device functionality. In the future, various modes can be added. By default, enterprise mode allows all options except container. So to use the container feature, you will need to turn it on by performing a device-mode update. By default, home mode disables the following features: scheduler, socks, fetch, bandwidth-test, traffic-gen, sniffer, romon, proxy, hotspot, email, zerotier, container. |
Configuration
More specific control over the available features is possible. Each of the features controlled by device-mode can be specifically turned on or off, for example:
...
Code Block | ||
---|---|---|
| ||
[admin@MikroTik] > ip hotspot/add interface=ether1 [admin@MikroTik] > ip hotspot/print Flags: X, S - HTTPS Columns: NAME, INTERFACE, PROFILE, IDLE-TIMEOUT # NAME INTERFACE PROFILE IDLE-TIMEOUT ;;; inactivated, not allowed by device-mode 0 X hotspot1 ether1 default 5m |
Flagged notice
The Flag is another important "option". Along with the device-mode feature, ROS has implemented code that analyzes the whole configuration at system startup to determine if there are any signs of unauthorized access. If suspicious configurations are detected, the flagged flag is set at device-mode (and the corresponding configuration is disabled):
...