Switching Device-Mode remotely.

ofca · September 30, 2024, 8:03am

Hi. We are deploying numerous Mikrotik devices as our CPEs. We own the devices, and would like to retain control over them, including installing containers, using traffic-gen etc.

Obviously, asking our customers to press buttons or power cycle our devices is unacceptable. Perhaps some ISP-friendly way of changing “device mode” could be implemented? My first idea would be:
Create a one-time password, retrievable once per device’s lifetime, that can be used to confirm change of device mode. We could then retrieve it automatically and store it in our database. After first read, this password wouldn’t be retrievable again without physical access to the device (or ever, if so configured)

Another idea: perhaps this could be extended to some anti-theft feature, i.e. a feature that could be enabled only using the password (confirming it was correctly retrieved and stored), which would automatically shutdown a router after 60 minutes, if it was factory reset, and ownership of the device is not confirmed using the password.

infabo · September 30, 2024, 8:31am

please send it to https://help.mikrotik.com/servicedesk/servicedesk

dang21000 · October 4, 2024, 4:50pm

Hi,

Yes i agree, it’s not acceptable to ask customer press a fu… buttton to manage device.
It’s a pseudo/fake security reason from mikrotik.

Imagine with the new device mode coming in 7.17 if a feature must be toggle state for get all needed function like before this future upgrade.

So, i have enabled all to prevent theses problems… it’s good for security, for sure.
And i had a good idea because recently i was asked to try zerotier, disabled by default.

chechito · October 10, 2024, 12:44pm

i agree will be a headache all this situation, other ways must be considered