Default device-mode "modes" exhaustive list

EmanK · September 4, 2025, 12:35pm

Hello everyone,

After getting used to device-mode, I was searching, without success, to find an exhaustive list of modes of device-mode, depending of the (brand new) router.

It is explaining on the documentation website (Device-mode - RouterOS - MikroTik Documentation) that brand new CCR and 1100 are going to be in "advanced mode" starting from 7.17, but there are no further explanation for other routers.

Some are described as "home router", and the remaining ones will be in "basic" mode.

But for example, in which category the hEX belongs to ? Is it or home router ? Or a Ethernet router ? If we look at the "Hardware" section on the main website, some category could be ambiguous.

Maybe someone has a list, or MikroTik published it somewhere.

Thank you,

mkx · September 4, 2025, 12:44pm

As far as I remember, MT staffers explained that devices with factory default software version preceeding 7.17 (preceeding device mode fame) will all have mode=advanced. Only devices with factory default newer than that will see default setting of mode set to something different.
But I don't recall any mention of particular devices and their modes.

Anyway, even if mode is set to advanced, changing any of properties requires fiddling with device button or device powering ... and same principle applies to changing mode from basic to advanced. So I don't see a big problem if device comes in device mode other than a particular device admin would like to have it. Even less should be this a criterium when deciding on which device fits a particular use case.

EmanK · September 4, 2025, 1:16pm

I agree with the fact that the default "mode" should not be a criterium dealing with deciding which device fits the most in each case.

I have to prepare a lot of brand new routers, and routers coming back from customers, and to apply configurations, brandings,...

Depending of our configuration, some require RoMON, some others not, and go on.

So I was wondering if the future "factory device-mode" (for the moment we do not have routers manufactured with 7.17 or newer), will be an issue to resolve with our configurations and our procedures.

Of course, device-mode has to be set up complying with the right securities / functionnalities for each of our customers, but I was thinking about the routers that would not need any particular configuration.

mkx · September 4, 2025, 1:36pm

Device mode will definitely affect your commissioning process. As does the new practice of having random factory admin password.

EmanK · September 4, 2025, 1:49pm

And there was my original request, asking for a list to be able to apply the right settings depending of the router

Thank you for your answer,

rextended · September 4, 2025, 1:54pm

Password is not a problem.

What does it matter to differentiate???

/system \
    device-mode \
    update \
    activation-timeout=60s \
    mode=advanced \
    flagged=no \
    flagging-enabled=yes \
    bandwidth-test=yes \
    container=no \
    email=yes \
    fetch=yes \
    hotspot=yes \
    ipsec=yes \
    l2tp=yes \
    pptp=no \
    proxy=no \
    romon=yes \
    scheduler=yes \
    smb=yes \
    sniffer=yes \
    socks=no \
    traffic-gen=no \
    zerotier=yes \
    install-any-version=no \
    partitions=yes \
    routerboard=yes \
    authorized-public-key-hash=""

In the future, when the "inventors" of the MikroTik nonsense want to get serious, they will use the serial number signed by the private key of the authorized-public-key to authorize changes remotely without sticking someone's finger up the button.

rextended · September 4, 2025, 1:56pm

P.S.:

As things currently stand, device mode can be completely bypassed without any problems, provided one has access to administrator credentials...
So, all for nothing...

EmanK · September 4, 2025, 1:59pm

Thank you for your answer,

I know it is necessary to do further operations after the first apply of our configurations, but we have to adapt our scripts / procedures, that's why I asked for that list,

I will have to check myself which router will be "basic", or "advanced", or "home" from factory, then adapt my scripts.

rextended · September 4, 2025, 2:02pm

Just read the status, and inside the script adapt the instructions flow.

Something can be applided with autodestructive script scheduler with instruction after key-press reboot...

Amm0 · September 4, 2025, 2:17pm

I'd do this in reverse: pick the device-mode's you need, and set them explicitly to =yes. They have changed the meaning of mode in past, so I worry it might change again. And mode is more like an "profile", since you can always explicit set any of the device-mode item manually.

But for anyone who has to provision more than a handful of routers, the whole device-mode concept is flawed, overly complex in how mode works, and poorly implemented... The biggest problem is this cannot* be automated, since tools like netinstall or flashfig cannot do it. So a real person has to hit the button/power-cycle. I previously had scripts that could go from a router from box to ready to deploy with one command — with device-mode fully automated provisioning is now impossible...

*outside scripting some external device that recycles power from network

rextended · September 4, 2025, 2:22pm

Aside from physically unboxing the RouterBOARD and plugging it in...
The script can "knock" the PoE switch and cause it to reboot...

rextended · September 4, 2025, 2:29pm

Various modes, included new undocumented ROSE on 7.19.4

defaults for ROSE mode: (is like ADVANCED + container)

                 mode: rose         
     allowed-versions: 7.13+,6.49.8+
              flagged: no           
     flagging-enabled: yes          
            scheduler: yes          
                socks: yes          
                fetch: yes          
                 pptp: yes          
                 l2tp: yes          
       bandwidth-test: yes          
          traffic-gen: no           
              sniffer: yes          
                ipsec: yes          
                romon: yes          
                proxy: yes          
              hotspot: yes          
                  smb: yes          
                email: yes          
             zerotier: yes          
            container: yes          
  install-any-version: no           
           partitions: no           
          routerboard: no           
        attempt-count: 0

defaults for ADVANCED mode:

                 mode: advanced     
     allowed-versions: 7.13+,6.49.8+
              flagged: no           
     flagging-enabled: yes          
            scheduler: yes          
                socks: yes          
                fetch: yes          
                 pptp: yes          
                 l2tp: yes          
       bandwidth-test: yes          
          traffic-gen: no           
              sniffer: yes          
                ipsec: yes          
                romon: yes          
                proxy: yes          
              hotspot: yes          
                  smb: yes          
                email: yes          
             zerotier: yes          
            container: no           
  install-any-version: no           
           partitions: no           
          routerboard: no           
        attempt-count: 0

defaults for BASIC mode: (like ADVANCED without socks, bandwidth-test, traffic-gen, proxy, hotspot, zerotier)

                 mode: basic        
     allowed-versions: 7.13+,6.49.8+
              flagged: no           
     flagging-enabled: yes          
            scheduler: yes          
                socks: no           
                fetch: yes          
                 pptp: yes          
                 l2tp: yes          
       bandwidth-test: no           
          traffic-gen: no           
              sniffer: yes          
                ipsec: yes          
                romon: yes          
                proxy: no           
              hotspot: no           
                  smb: yes          
                email: yes          
             zerotier: no           
            container: no           
  install-any-version: no           
           partitions: no           
          routerboard: no           
        attempt-count: 0

defaults for HOME mode: (like BASIC without scheduler, fetch, sniffer, romon, email)

                 mode: home         
     allowed-versions: 7.13+,6.49.8+
              flagged: no           
     flagging-enabled: yes          
            scheduler: no           
                socks: no           
                fetch: no           
                 pptp: yes          
                 l2tp: yes          
       bandwidth-test: no           
          traffic-gen: no           
              sniffer: no           
                ipsec: yes          
                romon: no           
                proxy: no           
              hotspot: no           
                  smb: yes          
                email: no           
             zerotier: no           
            container: no           
  install-any-version: no           
           partitions: no           
          routerboard: no           
        attempt-count: 0

Amm0 · September 4, 2025, 2:32pm

True, previously noted:

I'd add that OP could netinstall a known version, which is likely a good idea already & then set the device mode or individual values. Since the device-mode yes/no values used by particular mode should be same for all router at same version. Now as new version comes out, as @rextended notes, these can change... so possible you may still have to revise process in future. And it's that uncertainty that is particular galling..

EmanK · September 4, 2025, 3:42pm

I really like that idea,

Adding to the PoE switch that could be turned off when flashfig applied...

I guess I have everything to make something working with the future "factory device-modded" devices !

Thank you all,