Manual:RouterBOARD settings: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
m Added smips package
 
(38 intermediate revisions by 8 users not shown)
Line 1: Line 1:
==General==
==General==
<p id="shbox"><b>Sub-menu level:</b> <code> /system resource</code>
<p id="shbox"><b>Sub-menu level:</b> <code> /system routerboard</code>
</p>
</p>


Line 59: Line 59:
== Settings ==  
== Settings ==  


<p id="shbox"><b>Sub-menu level:</b> <code> /system RouterBOARD settings</code>
<p id="shbox"><b>Sub-menu level:</b> <code> /system routerboard settings</code>
</p>
</p>
[admin@demo.mt.lv] /system routerboard settings> print
             baud-rate: 115200
             baud-rate: 115200
           boot-delay: 2s
           boot-delay: 2s
Line 75: Line 76:
|prop=Property
|prop=Property
|desc=Description
|desc=Description
}}
{{Mr-arg-table
|arg=auto-upgrade
|type= yes {{!}} no
|default=no
|desc=Whether to upgrade firmware automatically after RouterOS upgrade. The latest firmware will be applied after an additional reboot
}}
}}


Line 137: Line 145:
|type= any-key {{!}} delete-key  
|type= any-key {{!}} delete-key  
|default=any-key
|default=any-key
|desc=Which key will cause the BIOS to enter configuration mode during boot delay. Note that in some serial terminal programs, it is impossible to use Delete key to enter the setup - in this case it might be possible to do this with the Backspace key
|desc=Which key will cause the BIOS to enter configuration mode during boot delay. Useful when serial console prints out symbols during boot process and goes into RouterBOOT menu by itself. Note that in some serial terminal programs, it is impossible to use Delete key to enter the setup - in this case it might be possible to do this with the Backspace key
}}
}}


Line 154: Line 162:
|default=depends on model
|default=depends on model
|desc=This option allows to change the memory frequency of the device. Values depend on model, to see available options, hit [?] button on the keyboard at this prompt
|desc=This option allows to change the memory frequency of the device. Values depend on model, to see available options, hit [?] button on the keyboard at this prompt
}}
{{Mr-arg-table
|arg=memory-data-rate
|type= depends on model
|default=depends on model
|desc=This option allows to change the memory data rate of the device. Values depend on model, to see available options, hit [?] button on the keyboard at this prompt
}}
}}


Line 159: Line 174:
|arg=regulatory-domain-ce
|arg=regulatory-domain-ce
|type=yes {{!}} no
|type=yes {{!}} no
|default=
|default=no
|desc=
|desc=Enables extra low TX power for high antenna gain devices (requires reboot)
 
}}
}}


Line 172: Line 188:
}}
}}


{{ Warning | <b>If CPU or memory is overclocked and that is the reason why router is not performing as suspected, then this is not considered as a warranty case and you should return both frequencies to nominal value..</b>}}
=== Protected bootloader ===  
=== Protected bootloader ===  


This is a new feature which allows the protection of RouterOS configuration and files from a physical attacker by disabling etherboot. It is called "Protected RouterBOOT". This feature can be enabled and disabled only from within RouterOS after login, i.e., there is no RouterBOOT setting to enable/disable this feature. These extra options appear only under certain conditions.  When this setting is enabled - both the reset button and the reset pin-hole is disabled. Console access is also disabled. The only ability to change boot mode or RouterBOOT settings is through RouterOS. If you do not know the RouterOS password - only a complete format is possible.  
This is a new feature which allows the protection of RouterOS configuration and files from a physical attacker by disabling etherboot. It is called "Protected RouterBOOT". This feature can be enabled and disabled only from within RouterOS after login, i.e., there is no RouterBOOT setting to enable/disable this feature. These extra options appear only under certain conditions.  When this setting is enabled - both the reset button and the reset pin-hole is disabled. RouterBOOT menu is also disabled. The only ability to change boot mode or enable RouterBOOT settings menu, is through RouterOS. If you do not know the RouterOS password - only a complete format is possible.  
 
* The backup RouterBOOT version can not be older than v3.24 version. A special package is provided to upgrade the backup RouterBOOT ('''DANGEROUS'''). Newer devices will have this new backup loader already installed at the factory. If your RouterOS is v6.40, use these packages: [https://www.mikrotik.com/download/share/protected_routerboot_v3_41_enable_6_40_mipsbe.dpk MIPSBE], [https://www.mikrotik.com/download/share/protected_routerboot_v3_41_enable_6_40_smips.dpk SMIPS], [https://www.mikrotik.com/download/share/protected_routerboot_v3_41_enable_6_40_mmips.dpk MMIPS], [https://www.mikrotik.com/download/share/protected_routerboot_v3_41_enable_6_40_tile.dpk TILE]. If your RouterOS is v6.43 or higher, use the universal package for all architectures: [https://box.mikrotik.com/f/313edb5d0e2f479b8aba/?dl=1 Universal]


* The backup RouterBOOT version can not be older than v3.22 version. A special package is provided to upgrade the backup RouterBOOT ('''DANGEROUS'''). Newer devices will have this new backup loader already installed at the factory. Download the package for mipsbe platform [http://www.mikrotik.com/download/share/protected_routerboot_v3_24_enable_6_29_1_mipsbe.dpk here] or for smips platform [http://www.mikrotik.com/download/share/protected_routerboot_v3_29_enable_6_33_smips.dpk here]
* RouterOS version 6.33 or later is required to enable this feature. Also make sure, that you have the latest firmware installed.
* RouterOS version 6.26 is required to enable this feature


{{Mr-arg-table-h
{{Mr-arg-table-h
Line 193: Line 212:
}}
}}


{{Mr-arg-table-end
{{Mr-arg-table
|arg=reformat-hold-button
|arg=reformat-hold-button
|type=5s .. 300s
|type=5s .. 300s
|default=20s
|default=20s
|desc= As an emergency recovery option, it is possible to reset everything by pressing the button at power-on for a set reformat-hold-button time. You will have to remember this setting, otherwise even a reformat will not be possible and the device will not be recoverable. When you use the button for a complete reset, following actions are taken:
|desc= As an emergency recovery option, it is possible to reset everything by pressing the button at power-on for longer than reformat-hold-button time, but less than reformat-hold-button-max (new in RouterBOOT 3.38.3).
When you use the button for a complete reset, following actions are taken:
  '''EXTREMELY DANGEROUS'''. Use this only if you have lost all access to the device.  
  '''EXTREMELY DANGEROUS'''. Use this only if you have lost all access to the device.  
#RouterOS, all of its files and configuration is completely and irreversibly erased by nand re-format;
#RouterOS, all of its files and configuration is completely and irreversibly erased by nand re-format;
Line 204: Line 224:
#As boot from NAND fails, it goes to etherboot automatically;
#As boot from NAND fails, it goes to etherboot automatically;
#Netinstall is required to reinstall RouterOS.
#Netinstall is required to reinstall RouterOS.
'''Please note!''' Reformat on some RouterBOARDS can take more than 5 minutes. After formating the board will be ready for Netinstall.
}}
}}
{{Mr-arg-table-end
|arg=reformat-hold-button-max
|type=5s .. 600s
|default=10m
|desc= Increase the security even further by setting the max hold time, this means that you must release the reset button within a specified time interval. If you set t he "reformat-hold-button" to 60s and "reformat-hold-button-max" to 65s, it will mean that you must hold the button 60 to 65 seconds, not less and not more, making guesses impossible. Introduced in RouterBOOT 3.38.3
}}
{{Note|RouterBOARD that has the protected RouterBOOT setting enabled will blink the LED every second, to make counting easier. The LED will turn off for one second, and turn on for the next second.}}
== Mode and Reset buttons ==
Reset button additional functionality is supported by all MikroTik devices running RouterOS
Some RouterBOARD devices have a mode button that allows you to run any script when the button it pushed.
The list of supported devices:
*RBcAP-2nD (cAP)
*RBcAPGi-5acD2nD (cAP ac)
*RBwsAP5Hac2nD (wsAP ac lite)
*RB750Gr3 (hEX)
*RB760iGS (hEX S)
*RB912R-2nD (LtAP mini, LtAP mini LTE/4G kit)
*RBD52G-5HacD2HnD (hAP ac^2)
*RBLHGR (LHG LTE/4G kit)
*RBSXTR (SXT LTE/4G kit)
*CRS328-4C-20S-4S+RM
*CRS328-24P-4S+RM
*CCR1016-12G r2
*CCR1016-12S-1S+ r2
*CCR1036-12G-4S r2
*CCR1036-8G-2S+ r2
*RBD53G-5HacD2HnD (Chateau)
*RBD53GR-5HacD2HnD (hAP ac^3)
{{Mr-arg-table-h
|prop=Property
|desc=Description
}}
{{Mr-arg-table
|arg=enabled
|type= no {{!}} yes
|default= no
|desc= Disable or enable the operation of the button
}}
{{Mr-arg-table
|arg=hold-time
|type= time interval Min..Max
|default=
|desc= HoldTime ::= Button functionality can be called if button is pressed for a certain period of time:<br>
Min..Max  Min -- 0s..1m (time interval), Max -- 0s..1m (time interval) (available only starting from RouterOS 6.47beta60)
}}
{{Mr-arg-table-end
|arg=on-event
|type= string
|default=
|desc= Name of the script that will be run upon pressing the button. The script must be defined and named in the "/system scripts" menu
}}
==== Example ====
With mode button:
<pre>
/system script add name=test-script source={:log info message=("1234567890");}
/system routerboard mode-button set on-event=test-script enabled=yes
</pre>
Upon pressing the button, the message ''1234567890'' will be logged in the system log.
{{Warning | Starting from RouterOS 6.47beta60 reset-button functionality  and hold-time option has been added
}}
Example for RouterOS version over 6.47beta60:
<pre>
/system script add name=test-script2 source={:log info message=("test2");}
/system routerboard mode-button set on-event=test-script2 hold-time=3..5 enabled=yes
</pre>
Reset button works in same way, but menu is moved under <code>/system routerboard reset-button</code>:
<pre>
/system script add name=test-reset-button source={:log info message=("reset button pressed");}
/system routerboard mode-button set on-event=test-reset-button hold-time=0..10 enabled=yes
</pre>


[[Category:Manual]]
[[Category:Manual]]
[[Category:System]]
[[Category:System]]

Latest revision as of 12:08, 12 October 2020

General

Sub-menu level: /system routerboard

On RouterBOARD devices, the following menu exists which gives you some basic information about your device:

[admin@demo.mt.lv] /system routerboard> print 
       routerboard: yes
             model: 433
     serial-number: 185C01FCA958 
  current-firmware: 3.25
  upgrade-firmware: 3.25

Properties

All properties are read-only

Property Description
model (string) If this device is a MikroTik RouterBOARD, this describes the model name
serial-number (string) Serial number of this particular device
current-firmware (string) The version of the RouterBOOT loader that is currently in use. Not to be confused with RouterOS operating system version
upgrade-firmware (string) RouterOS upgrades also include new RouterBOOT version files, but they have to be applied manually. This line shows if a new RouterBOOT file has been found in the device. The file can either be included via a recent RouterOS upgrade, or a FWF file which has been manually uploaded to the router. In either case, the newest found version will be shown here


Upgrading RouterBOOT

RouterBOOT upgrades usually include minor improvements to overall RouterBOARD operation. It is recommended to keep this version upgraded. If you see that upgrade-firmware value is bigger than current-firmware, you simply need to perform the upgrade command, accept it with y and then reboot with /system reboot

 [admin@mikrotik] /system routerboard> upgrade 
 Do you really want to upgrade firmware? [y/n] 
 y
 echo: system,info,critical Firmware upgraded successfully, please reboot for changes to take effect!

After rebooting, the current-firmware value should become identical with upgrade-firmware

Settings

Sub-menu level: /system routerboard settings

[admin@demo.mt.lv] /system routerboard settings> print 
           baud-rate: 115200
          boot-delay: 2s
      enter-setup-on: any-key
         boot-device: nand-if-fail-then-ethernet
       cpu-frequency: 1200MHz
    memory-frequency: 1066DDR
       boot-protocol: bootp
 enable-jumper-reset: yes
 force-backup-booter: no
         silent-boot: no
Property Description
auto-upgrade (yes | no; Default: no) Whether to upgrade firmware automatically after RouterOS upgrade. The latest firmware will be applied after an additional reboot
baud-rate (integer; Default: 115200) Choose the onboard RS232 speed in bits per second (if installed)
boot-delay (time; Default: 1s) How much time to wait for a key stroke while booting
boot-device (nand-if-fail-then-ethernet ...; Default: nand-if-fail-then-ethernet) Choose the way RouterBOOT loads the operating system:
  • flash-boot -
  • flash-boot-once-then-nand -
  • nand-if-fail-then-ethernet -
  • nand-only -
  • try-ethernet-once-then-nand -
boot-protocol (bootp |dhcp ...; Default: bootp) Boot protocol to use:
  • bootp - the default option for booting RouterOS
  • dhpc - used for OpenWRT and possibly other OS
cpu-frequency (depends on model; Default: depends on model) This option allows for changing the CPU frequency of the device. Values depend on model, to see available options, hit [?] button on the keyboard at this prompt
cpu-mode (power-save | regular; Default: power-save) Whether to enter CPU suspend mode in HTL instruction. Most OSs use HLT instruction during CPU idle cycle. When CPU is in suspend mode, it consumes less power, but in low-temperature conditions it is recommended to choose regular mode, so that overall system temperature would be higher
enable-jumper-reset (yes | no; Default: yes) Disable this to avoid accidental setting reset via the onboard jumper
enter-setup-on (any-key | delete-key; Default: any-key) Which key will cause the BIOS to enter configuration mode during boot delay. Useful when serial console prints out symbols during boot process and goes into RouterBOOT menu by itself. Note that in some serial terminal programs, it is impossible to use Delete key to enter the setup - in this case it might be possible to do this with the Backspace key
force-backup-booter (yes | no; Default: no) If to use the backup RouterBOOT. This is only useful if the main loader has become corrupted somehow and cannot be fixed. So that you don't have to boot the device with a pushed reset button (which loads backup loader), you can use this setting to load it every time
  • yes - backup loader will be used always
  • no - main booter will be used
memory-frequency (depends on model; Default: depends on model) This option allows to change the memory frequency of the device. Values depend on model, to see available options, hit [?] button on the keyboard at this prompt
memory-data-rate (depends on model; Default: depends on model) This option allows to change the memory data rate of the device. Values depend on model, to see available options, hit [?] button on the keyboard at this prompt
regulatory-domain-ce (yes | no; Default: no) Enables extra low TX power for high antenna gain devices (requires reboot)
silent-boot (yes | no; Default: no) This option disables output on the serial console and beeping sounds during booting, to avoid the text output interrupting a connected device. Useful if you have some temperature monitor or modem connected to the serial port
  • yes - no output on the serial console and no booting beeps (does not disable the RouterOS :beep command)
  • no - regular info and option menu on serial console


Warning: If CPU or memory is overclocked and that is the reason why router is not performing as suspected, then this is not considered as a warranty case and you should return both frequencies to nominal value..


Protected bootloader

This is a new feature which allows the protection of RouterOS configuration and files from a physical attacker by disabling etherboot. It is called "Protected RouterBOOT". This feature can be enabled and disabled only from within RouterOS after login, i.e., there is no RouterBOOT setting to enable/disable this feature. These extra options appear only under certain conditions. When this setting is enabled - both the reset button and the reset pin-hole is disabled. RouterBOOT menu is also disabled. The only ability to change boot mode or enable RouterBOOT settings menu, is through RouterOS. If you do not know the RouterOS password - only a complete format is possible.

  • The backup RouterBOOT version can not be older than v3.24 version. A special package is provided to upgrade the backup RouterBOOT (DANGEROUS). Newer devices will have this new backup loader already installed at the factory. If your RouterOS is v6.40, use these packages: MIPSBE, SMIPS, MMIPS, TILE. If your RouterOS is v6.43 or higher, use the universal package for all architectures: Universal
  • RouterOS version 6.33 or later is required to enable this feature. Also make sure, that you have the latest firmware installed.
Property Description
protected-routerboot (enabled | disabled; Default: disabled) This setting disables any access to the RouterBOOT configuration settings over a console cable and disables operation of the reset button to change the boot mode (Netinstall will be disabled). Access to RouterOS will only be possible with a known RouterOS admin password. Unsetting of this option is only possible from RouterOS. If you forget the RouterOS password, the only option is to perform a complete reformat of both NAND and RAM with the following method, but you have to know the reset button hold time in seconds.
  • enabled - secure mode, only RouterOS can be accessed with a RouterOS admin password. Any user input from serial port is ignored. Etherboot is not available, RouterBOOT setting change is not possible.
  • disabled - regular operation, RouterBOOT settings available with serial console and reset button can be used to launch Netinstall
reformat-hold-button (5s .. 300s; Default: 20s) As an emergency recovery option, it is possible to reset everything by pressing the button at power-on for longer than reformat-hold-button time, but less than reformat-hold-button-max (new in RouterBOOT 3.38.3).

When you use the button for a complete reset, following actions are taken:

EXTREMELY DANGEROUS. Use this only if you have lost all access to the device. 
  1. RouterOS, all of its files and configuration is completely and irreversibly erased by nand re-format;
  2. all RouterBOOT settings are reset to defaults;
  3. Board is rebooted;
  4. As boot from NAND fails, it goes to etherboot automatically;
  5. Netinstall is required to reinstall RouterOS.
Please note! Reformat on some RouterBOARDS can take more than 5 minutes. After formating the board will be ready for Netinstall.
reformat-hold-button-max (5s .. 600s; Default: 10m) Increase the security even further by setting the max hold time, this means that you must release the reset button within a specified time interval. If you set t he "reformat-hold-button" to 60s and "reformat-hold-button-max" to 65s, it will mean that you must hold the button 60 to 65 seconds, not less and not more, making guesses impossible. Introduced in RouterBOOT 3.38.3

Note: RouterBOARD that has the protected RouterBOOT setting enabled will blink the LED every second, to make counting easier. The LED will turn off for one second, and turn on for the next second.


Mode and Reset buttons

Reset button additional functionality is supported by all MikroTik devices running RouterOS

Some RouterBOARD devices have a mode button that allows you to run any script when the button it pushed.

The list of supported devices:

  • RBcAP-2nD (cAP)
  • RBcAPGi-5acD2nD (cAP ac)
  • RBwsAP5Hac2nD (wsAP ac lite)
  • RB750Gr3 (hEX)
  • RB760iGS (hEX S)
  • RB912R-2nD (LtAP mini, LtAP mini LTE/4G kit)
  • RBD52G-5HacD2HnD (hAP ac^2)
  • RBLHGR (LHG LTE/4G kit)
  • RBSXTR (SXT LTE/4G kit)
  • CRS328-4C-20S-4S+RM
  • CRS328-24P-4S+RM
  • CCR1016-12G r2
  • CCR1016-12S-1S+ r2
  • CCR1036-12G-4S r2
  • CCR1036-8G-2S+ r2
  • RBD53G-5HacD2HnD (Chateau)
  • RBD53GR-5HacD2HnD (hAP ac^3)


Property Description
enabled (no | yes; Default: no) Disable or enable the operation of the button
hold-time (time interval Min..Max; Default: ) HoldTime ::= Button functionality can be called if button is pressed for a certain period of time:
Min..Max Min -- 0s..1m (time interval), Max -- 0s..1m (time interval) (available only starting from RouterOS 6.47beta60)
on-event (string; Default: ) Name of the script that will be run upon pressing the button. The script must be defined and named in the "/system scripts" menu

Example

With mode button:

 /system script add name=test-script source={:log info message=("1234567890");}
 /system routerboard mode-button set on-event=test-script enabled=yes

Upon pressing the button, the message 1234567890 will be logged in the system log.


Warning: Starting from RouterOS 6.47beta60 reset-button functionality and hold-time option has been added


Example for RouterOS version over 6.47beta60:

 /system script add name=test-script2 source={:log info message=("test2");}
 /system routerboard mode-button set on-event=test-script2 hold-time=3..5 enabled=yes

Reset button works in same way, but menu is moved under /system routerboard reset-button:

 /system script add name=test-reset-button source={:log info message=("reset button pressed");}
 /system routerboard mode-button set on-event=test-reset-button hold-time=0..10 enabled=yes