If so, please allow either NetInstall or Branding package to set device-mode.
We had a nice system:
Connect new deivce to PoE switch while holding reset button
Update firmware and apply Branding package
Send to customer.
Now that we are receiving hardware with > 7.17 that’s all gone out the window because we use a scheduler in our default config to look for connectivity and pull a custom config.
We’ve tried Flashfig (ugh!) to update device-mode before netinstall but it bricks as often as it works, and tried using netwatch to trigger our script (if you really want to lock scheduling down you also need to disallow that!) but it’s too hacky, and are now stuck with two options:
log in manually, press the buttons and do the reboot dance
find suitable new hardware, maybe OpenWRT?
Come on Mikrotik, listen to your customer! I really can’t believe that the one-off home buyer is your primary market.
At least for the password sticker, there was, eventually, a solution for netinstall to control admin password... But still nothing to set device-mode from netinstall.
There has been plenty of discussion of ills of device-mode in the various release thread — so MikroTik is aware... They just claim it critical to prevent large scale DoS attacks who fail to configure the router.
Yeah wonder myself. RouterOS is pretty ill-suited for most homes that want plug-and-play. It has never been user-friendly for consumers, and now not even good with bulk provisioning for ISP/OEMs as a result of device-mode. Who is the market? As I do feel like ISP/OEM needs are just being ignored these days, which I would have thought is their primary market.
I meant Mikrotik's thinking. As you wrote, there should be a feature to set it at Netinstall, and some way to not enable further restrictions when first updating to a version with (additional) restrictions.
In fact, I really don't understand why it should be applied retroactively to those who have installed a radio link 200km away and have to make a trip to press the button... Better to leave the old software forever... Or at least until we can get there...
I would have expected at least a cli-only update flag that signals to the new version not to disable additional things. If it was disabled before (e.g. upgraded then downgraded) then leave it, just don't apply additional restrictions. This way, even though you would have to take special care, non-accessible things could be updated.
I’ve been trying your code.
It works in a script (but I can’t schedule it to be run…)
It doesn’t work via netinstall as I can include script in branding but not schedule to run (netwatch hack works but not consistently)
It doesn’t seem to work at all via Flashfig (ugh!) which appears to be replacing the entire default config with the command to update device-mode, then re-running that multiple times and bricking the device (when I can get in the log is full of errors about retries exceeded)
We'll have to see how it interacts with existing scripts.
In my tests, it has never failed (if the correct version is used).
If used on older versions that have the mode=enterprise command instead of the mode=advanced one in the script,
it doesn't work...
No, you have 1day of time to power off the device.
Powering off the device with disconnecting power, is what usually is do after programming a device.................
What I do not understand is that during the deployment of this high-impact change “to prevent abuse of badly configured devices” there still was no default setting to automatically upgrade RouterOS (even if via some “critical” channel). When an existing version has critical vulnerabilities, it will still be on devices in 10 years time because nobody in that target audience ever does a RouterOS upgrade…
Also, they have made all those individual settings to disallow certain things, but in practice those who encounter a problem will likely set all flags to “yes” (or encounter an example how to do that). They could just as well have limited it to a “mode” only (home/advanced/unlimited)…
this new feature really sucks i have 2 batches of router one manufactured in malysia - no issues because old firmware 7.14 –> Netinstall dont work on first boot automatic
other batch made in latvia firmware 7.18 also here no netinstall boot without pressing the button …
i have 300 Units my finger is hurting plenty
also have hex refresh - first boot netinstall without button press
+1