...
Code Block |
---|
|
[admin@MikroTik] > ip hotspot/add interface=ether1
[admin@MikroTik] > ip hotspot/print
Flags: X, S - HTTPS
Columns: NAME, INTERFACE, PROFILE, IDLE-TIMEOUT
# NAME INTERFACE PROFILE IDLE-TIMEOUT
;;; inactivated, not allowed by device-mode
0 X hotspot1 ether1 default 5m |
Flagged notice
The Flag is another important "option". Along with the device-mode feature, ROS has implemented code that analyzes RouterOS now can analyse the whole configuration at system startup, to determine if there are any signs of unauthorized access to your router. If suspicious configurations are detected, the flagged flag is set at device-mode (and the corresponding configuration is disabled) parameter is changed to "yes":
Code Block |
---|
|
[admin@MikroTik] > system/device-mode/print
mode: enterprise
flagged: yes
sniffer: no
hotspot: no |
If the system has this flagged notice status, then the current configuration works, but it is not possible to perform a series of actions. If the action is restricted:
bandwidth-test, traffic-generator, sniffer, as well as configuration actions that enable or create new configuration entries (it will still be possible to disable or delete) for the following programs: system scheduler, SOCKS proxy, pptp, l2tp, ipsec, proxy, smb.
When performing the aforementioned actions while the router is "flagged", you will receive an error message when doing so:
Code Block |
---|
|
[admin@MikroTik] > /tool sniffer/quick
failure: configuration flagged, check all router configuration for unauthorized changes and update device-mode
[admin@MikroTik] > /int l2tp-client/add connect-to=1.1.1.1 user=user
failure: configuration flagged, check all router configuration for unauthorized changes and update device-mode |
To remove the flagged notice, you must perform the command "/system/device-mode/update flagged=noThe following interactive actions will not be possible on the flagged device: bandwidth-test, traffic-generator, sniffer, as well as configuration actions that enable or create new configuration entries (it will still be possible to disable or delete) for the following contacts: scheduler, socks, pptp, l2tp, ipsec, proxy, smb."