Manual:RouterBOARD settings: Difference between revisions
Line 131: | Line 131: | ||
There is a new feature, which allows to protect RouterOS configuration and files from attacker by disabling etherboot. It is called "protected RouterBOOT". Feature can be enabled and disabled only from RouterOS after login, i.e., there is no such RouterBOOT setting. These extra options appear only under certain conditions. When this setting is enabled - both reset button and reset pin-hole is disabled. Console access is disabled. Only ability to change boot mode or RouterBOOT settings is through RouterOS. If you do not know the RouterOS password - only complete format is possible. | There is a new feature, which allows to protect RouterOS configuration and files from attacker by disabling etherboot. It is called "protected RouterBOOT". Feature can be enabled and disabled only from RouterOS after login, i.e., there is no such RouterBOOT setting. These extra options appear only under certain conditions. When this setting is enabled - both reset button and reset pin-hole is disabled. Console access is disabled. Only ability to change boot mode or RouterBOOT settings is through RouterOS. If you do not know the RouterOS password - only complete format is possible. | ||
* Backup RouterBOOT version can not be older than v3.22 version. A special package is provided to upgrade backup RouterBOOT ('''DANGEROUS'''). Newer devices will have this new backup loader already installed in factory. Download the | * Backup RouterBOOT version can not be older than v3.22 version. A special package is provided to upgrade backup RouterBOOT ('''DANGEROUS'''). Newer devices will have this new backup loader already installed in factory. Download the package [http://www.mikrotik.com/download/share/protected_routerboot_3_22.dpk here] | ||
* RouterOS version 6.26 is required to enable this feature | * RouterOS version 6.26 is required to enable this feature | ||
Revision as of 10:17, 19 February 2015
General
Sub-menu level: /system resource
on RouterBOARD devices the following menu exists, which gives you some basic information about your device:
[admin@demo.mt.lv] /system routerboard> print routerboard: yes model: 433 serial-number: 185C01FCA958 current-firmware: 3.25 upgrade-firmware: 3.25
Properties
All properties are read-only
Property | Description |
---|---|
model (string) | If this device is a MikroTik RouterBOARD, this describes the model name |
serial-number (string) | Serial number of this particular device |
current-firmware (string) | the version of the RouterBOOT loader that is used right now. Not to be confused with RouterOS operating system version |
upgrade-firmware (string) | RouterOS upgrades also include new RouterBOOT version files, but they have to be applied manually. This line shows if any new RouterBOOT file has been found in the device. The file can either be included with RouterOS version, or a FWF file can manually be uploaded to the router. In either case, newest found version will be shown here |
Upgrading RouterBOOT
RouterBOOT upgrades usually include minor improvements to overall RouterBOARD operation. It is recommended to keep this version upgraded. If you see that upgrade-firmware value is bigger than current-firmware, you simply need to perform the upgrade command, accept it with y and then reboot with /system reboot
[admin@mikrotik] /system routerboard> upgrade Do you really want to upgrade firmware? [y/n] y echo: system,info,critical Firmware upgraded successfully, please reboot for changes to take effect!
After rebooting, the current-firmware value should become identical with upgrade-firmware
Settings
Sub-menu level: /system RouterBOARD settings
boot-device: nand-if-fail-then-ethernet cpu-frequency: 600MHz memory-frequency: 225MHz boot-protocol: bootp force-backup-booter: no silent-boot: no
Property | Description |
---|---|
boot-device (nand-if-fail-then-ethernet ...; Default: nand-if-fail-then-ethernet) | Choose the way RouterBOOT loads the operating system:
|
boot-protocol (bootp |dhcp ...; Default: bootp) | Boot protocol to use:
|
memory-frequency (depends on model; Default: depends on model) | This option allows to change the memory frequency of the device. Values depend on model, to see available options, hit [?] button on the keyboard at this prompt |
cpu-frequency (depends on model; Default: depends on model) | This option allows to change the CPU frequency of the device. Values depend on model, to see available options, hit [?] button on the keyboard at this prompt |
force-backup-booter (yes | no; Default: no) | If to use the backup RouterBOOT. This only useful if somehow the main loader is corrupted and cannot be fixed. So that you don't have to boot the device with a pushed reset button (which loads backup loader), you can use this setting to load it every time
|
silent-boot (yes | no; Default: no) | This option disables output on the serial console, to avoid the text output interrupting a connected device. Useful if you have some temperature monitor or modem connected to the serial port
|
Protected bootloader
There is a new feature, which allows to protect RouterOS configuration and files from attacker by disabling etherboot. It is called "protected RouterBOOT". Feature can be enabled and disabled only from RouterOS after login, i.e., there is no such RouterBOOT setting. These extra options appear only under certain conditions. When this setting is enabled - both reset button and reset pin-hole is disabled. Console access is disabled. Only ability to change boot mode or RouterBOOT settings is through RouterOS. If you do not know the RouterOS password - only complete format is possible.
- Backup RouterBOOT version can not be older than v3.22 version. A special package is provided to upgrade backup RouterBOOT (DANGEROUS). Newer devices will have this new backup loader already installed in factory. Download the package here
- RouterOS version 6.26 is required to enable this feature
Property | Description |
---|---|
protected-routerboot (enabled | disabled; Default: disabled) | This setting disables any access to RouterBOOT configuration settings over console cable and disables operation of the reset button to change boot mode (Netinstall will be disabled). Access to RouterOS will only be possible with a known RouterOS admin password. Unset of this option is only possible from RouterOS. If you forget the RouterOS password, the only option is to do complete reformat of NAND and RAM with the next option, but you have to know the reset button hold time in seconds.
|
reformat-hold-button (5s .. 300s; Default: 20s) | As an emergency recovery option, it is possible to reset everything by pressing the button at power-on for reformat-hold-button time. You will have to remember this setting, otherwise even reformat will not be possible and device will not be recoverable. When you use the button for complete reset, following actions are taken:
EXTREMELY DANGEROUS. Use this only if you have lost access to device.
|