I disagree with your premise as Mikrotik is making things more secure so that even the idiots are forced to practice some good network/router security. Perhaps you have forgotten about the 300,000 router botnets of recent past? Not even crappy Netgear/D-link etc routers have no passwords or no firewall config.In a last few years, MIkrotik's devices and ROS became more and more resistant to fools, from irritating mandatory password entry, to unnecessary default configurations and so on.
"If you think your users are idiots, only idiots will use it."
Excause me but you already have it! Anyone having physical access can simply press the buttonush and router is in default config.You're looking for a button press. I get it.
Ain't gonna happen.
ANYONE having physical access to the device can then simply press that button and goodbye network.
You want that ?
Didn't think so ...
So yes, if you think users are idiots, treat them like idiots. And make sure they can't simply break a network when doing idiot stuff. Done.
System-Reset-No Default ConfigAs easier alternative to Netinstall, Flashfig can also be used (on first power up)
The CCR products have this.What I want is ... no def config but clear router, so you missed the point...
Please tell me what exacly I misquoted???Don't misquote Linus Torvalds for your winy "I want my reset button" agenda.
See full quote: https://mail.gnome.org/archives/usabili ... 00021.html
see viewtopic.php?t=206196how about enabling us to boot the router as it used to be without a password
Other places have passed similar laws too. I was unaware that the EU had such guidelines.After several incidents (not only for MikroTik but also for other brands), finally the EU introduced the requirement to have these unique passwords, or else you cannot sell the device on the EU market.
And it is sensible, so probably other areas will follow and it was easier to change this for everyone than to have a EU-specific version.
(note that wireless devices DO have a US-specific version that is locked down so wireless parameters cannot be changed beyond US law limits)
You can use NetInstall one time to install the default-config script you want - which is blank (or whatever YOU want). And then anytime you hit the reset button it goes back to /that/ default, not the one it shipped with.Excause me but you already have it! Anyone having physical access can simply press the buttonush and router is in default config.
What I want is ... no def config but clear router, so you missed the point...
Certainly for their products intended for, or likely to end up on, the consumer market.Will this apply to Cisco, Juniper, Arista, etc. as well?
Agree, this is really one of the silliest things I have ever seen. And it is still the case on devices without default password-sticker. Horrible.And I mean really force you, not the silly implementation of MikroTik's before the random password stickers, where you can hit cancel (or ctrl+c on CLI) and start using the router with an empty admin password.
It is very common on other consumer e.g. wifi access points to print the passphrase of the default pre-configured SSID on a label on the backside of the device. MT did it the other way: print admin password on the sticker -> but create a SSID without passphrase in default configuration script. ROFLMAOBut it won't happen. MikroTik are just stubborn in their ways.
The password is set to 'Expired' which causes the prompt. I didn't know you could cancel it.. Neat.. First thing I do is remove the admin account anyways.And I mean really force you, not the silly implementation of MikroTik's before the random password stickers, where you can hit cancel (or ctrl+c on CLI) and start using the router with an empty admin password.
I suspect in a future update, for units with the pre-set admin password, that they will use that admin password as the default WiFi password too.It is very common on other consumer e.g. wifi access points to print the passphrase of the default pre-configured SSID on a label on the backside of the device. MT did it the other way: print admin password on the sticker -> but create a SSID without passphrase in default configuration script. ROFLMAO
So sounds like it might already be in place for new units.The user name: admin, by default there is no password (or, for some models, check user and wireless
passwords on the sticker);
This is not sufficient for devices that work by default without you ever having to log in.All other brands I've used so far (from cheap Chinese ones to 50k Cisco ones - with the exception of Fritz), simply force you to set a password on first login.
Or like all companies do, it is printed on the product, usually near the serial number.Imagine you have to try to find the shipping box a year later for your $25k Cisco-switch to able to set ut up....
Easy, just apply the default "WAN" config only after you set your initial password. Problem solved.This is not sufficient for devices that work by default without you ever having to log in.All other brands I've used so far (from cheap Chinese ones to 50k Cisco ones - with the exception of Fritz), simply force you to set a password on first login.
50k Cisco devices do absolutely nothing when you power them up first time, you need to do a lot of configuration.
But a MikroTik router connected to a line with DHCP will often work with the default config, and the user never has to log in.
And how would you code such a task to fit with the existing processes?Easy, just apply the default "WAN" config only after you set your initial password. Problem solved.
Apparently there are ISPs that give a MikroTik as a CPE to their customers.Easy, just apply the default "WAN" config only after you set your initial password. Problem solved.
This is not sufficient for devices that work by default without you ever having to log in.
50k Cisco devices do absolutely nothing when you power them up first time, you need to do a lot of configuration.
But a MikroTik router connected to a line with DHCP will often work with the default config, and the user never has to log in.
If someone goes out of their way to buy a MikroTik router just to plug it in without ever logging in, then they probably don't even need a MikroTik router and can just use whatever CPE the ISP gave them.