Manual:RouterBOARD settings: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
No edit summary
(One intermediate revision by the same user not shown)
Line 3: Line 3:
</p>
</p>


on RouterBOARD devices the following menu exists, which gives you some basic information about your device:  
On RouterBOARD devices, the following menu exists which gives you some basic information about your device:  


  [admin@demo.mt.lv] /system routerboard> print  
  [admin@demo.mt.lv] /system routerboard> print  
Line 35: Line 35:
|arg=current-firmware
|arg=current-firmware
|type=string
|type=string
|desc=the version of the RouterBOOT loader that is used right now. Not to be confused with RouterOS operating system version
|desc=The version of the RouterBOOT loader that is currently in use. Not to be confused with RouterOS operating system version
}}
}}


Line 41: Line 41:
|arg=upgrade-firmware
|arg=upgrade-firmware
|type=string
|type=string
|desc=RouterOS upgrades also include new RouterBOOT version files, but they have to be applied manually. This line shows if any new RouterBOOT file has been found in the device. The file can either be included with RouterOS version, or a FWF file can manually be uploaded to the router. In either case, newest found version will be shown here
|desc=RouterOS upgrades also include new RouterBOOT version files, but they have to be applied manually. This line shows if a new RouterBOOT file has been found in the device. The file can either be included via a recent RouterOS upgrade, or a FWF file which has been manually uploaded to the router. In either case, the newest found version will be shown here
}}
}}


Line 61: Line 61:
<p id="shbox"><b>Sub-menu level:</b> <code> /system RouterBOARD settings</code>
<p id="shbox"><b>Sub-menu level:</b> <code> /system RouterBOARD settings</code>
</p>
</p>
 
            baud-rate: 115200
           boot-device: nand-if-fail-then-ethernet
           boot-delay: 2s
        cpu-frequency: 600MHz
      enter-setup-on: any-key
      memory-frequency: 225MHz
          boot-device: nand-if-fail-then-ethernet
        boot-protocol: bootp
        cpu-frequency: 1200MHz
  force-backup-booter: no
    memory-frequency: 1066DDR
          silent-boot: no
        boot-protocol: bootp
  enable-jumper-reset: yes
  force-backup-booter: no
          silent-boot: no


{{Mr-arg-table-h
{{Mr-arg-table-h
|prop=Property
|prop=Property
|desc=Description
|desc=Description
}}
{{Mr-arg-table
|arg=baud-rate
|type=integer
|default=115200
|desc=Choose the onboard RS232 speed in bits per second (if installed)
}}
{{Mr-arg-table
|arg=boot-delay
|type=time
|default=1s
|desc=How much time to wait for a key stroke while booting
}}
}}


Line 96: Line 113:


{{Mr-arg-table
{{Mr-arg-table
|arg=memory-frequency
|arg=cpu-frequency
|type= depends on model
|type= depends on model
|default=depends on model
|default=depends on model
|desc=This option allows to change the memory frequency of the device. Values depend on model, to see available options, hit [?] button on the keyboard at this prompt
|desc=This option allows for changing the CPU frequency of the device. Values depend on model, to see available options, hit [?] button on the keyboard at this prompt
}}
 
{{Mr-arg-table
|arg=cpu-mode
|type= power-save {{!}} regular
|default=power-save
|desc=Whether to enter CPU suspend mode in HTL instruction. Most OSs use HLT instruction during CPU idle cycle. When CPU is in suspend mode, it consumes less power, but in low-temperatire conditions it is recommended to choose regular mode, so that overall system temperature would be greater
}}
 
{{Mr-arg-table
|arg=enable-jumper-reset
|type= yes {{!}} no
|default=yes
|desc=Disable this to avoid accidental setting reset via the onboard jumper
}}
}}


{{Mr-arg-table
{{Mr-arg-table
|arg=cpu-frequency
|arg=enter-setup-on
|type= depends on model
|type= any-key {{!}} delete-key
|default=depends on model
|default=any-key
|desc=This option allows to change the CPU frequency of the device. Values depend on model, to see available options, hit [?] button on the keyboard at this prompt
|desc=Which key will cause the BIOS to enter configuration mode during boot delay. Note that in some serial terminal programs, it is impossible to use Delete key to enter the setup - in this case it might be possible to do this with the Backspace key
}}
}}


Line 113: Line 144:
|type=yes {{!}} no  
|type=yes {{!}} no  
|default=no
|default=no
|desc=If to use the backup RouterBOOT. This only useful if somehow the main loader is corrupted and cannot be fixed. So that you don't have to boot the device with a pushed reset button (which loads backup loader), you can use this setting to load it every time
|desc=If to use the backup RouterBOOT. This is only useful if the main loader has become corrupted somehow and cannot be fixed. So that you don't have to boot the device with a pushed reset button (which loads backup loader), you can use this setting to load it every time
* <var>yes</var> - backup loader will be used always  
* <var>yes</var> - backup loader will be used always  
* <var>no</var> - main booter will be used
* <var>no</var> - main booter will be used
}}
{{Mr-arg-table
|arg=memory-frequency
|type= depends on model
|default=depends on model
|desc=This option allows to change the memory frequency of the device. Values depend on model, to see available options, hit [?] button on the keyboard at this prompt
}}
{{Mr-arg-table
|arg=regulatory-domain-ce
|type=yes {{!}} no
|default=
|desc=
}}
}}


Line 122: Line 167:
|type=yes {{!}} no
|type=yes {{!}} no
|default=no
|default=no
|desc= This option disables output on the serial console, to avoid the text output interrupting a connected device. Useful if you have some temperature monitor or modem connected to the serial port
|desc= This option disables output on the serial console and beeping sounds during booting, to avoid the text output interrupting a connected device. Useful if you have some temperature monitor or modem connected to the serial port
* <var>yes</var> - no output on the serial console
* <var>yes</var> - no output on the serial console and no booting beeps (does not disable the RouterOS :beep command)
* <var>no</var> - regular info and option menu on serial console
* <var>no</var> - regular info and option menu on serial console
}}
}}
Line 129: Line 174:
=== Protected bootloader ===  
=== Protected bootloader ===  


There is a new feature, which allows to protect RouterOS configuration and files from attacker by disabling etherboot. It is called "protected RouterBOOT". Feature can be enabled and disabled only from RouterOS after login, i.e., there is no such RouterBOOT setting. These extra options appear only under certain conditions.  When this setting is enabled - both reset button and reset pin-hole is disabled. Console access is disabled. Only ability to change boot mode or RouterBOOT settings is through RouterOS. If you do not know the RouterOS password - only complete format is possible.  
This is a new feature which allows the protection of RouterOS configuration and files from a physical attacker by disabling etherboot. It is called "Protected RouterBOOT". This feature can be enabled and disabled only from within RouterOS after login, i.e., there is no RouterBOOT setting to enable/disable this feature. These extra options appear only under certain conditions.  When this setting is enabled - both the reset button and the reset pin-hole is disabled. Console access is also disabled. The only ability to change boot mode or RouterBOOT settings is through RouterOS. If you do not know the RouterOS password - only a complete format is possible.  


* Backup RouterBOOT version can not be older than v3.22 version. A special package is provided to upgrade backup RouterBOOT ('''DANGEROUS'''). Newer devices will have this new backup loader already installed in factory. Download the package [http://www.mikrotik.com/download/share/protected_routerboot_3_22.dpk here]
* The backup RouterBOOT version can not be older than v3.22 version. A special package is provided to upgrade the backup RouterBOOT ('''DANGEROUS'''). Newer devices will have this new backup loader already installed at the factory. Download the package [http://www.mikrotik.com/download/share/protected_routerboot_v3_22_enable_6_27.dpk]
* RouterOS version 6.26 is required to enable this feature
* RouterOS version 6.26 is required to enable this feature


Line 143: Line 188:
|type= enabled {{!}} disabled  
|type= enabled {{!}} disabled  
|default= disabled
|default= disabled
|desc= This setting disables any access to RouterBOOT configuration settings over console cable and disables operation of the reset button to change boot mode ('''Netinstall will be disabled'''). Access to RouterOS will only be possible with a known RouterOS admin password. Unset of this option is only possible from RouterOS. If you forget the RouterOS password, the only option is to do complete reformat of NAND and RAM with the next option, but you '''have''' to know the reset button hold time in seconds.  
|desc= This setting disables any access to the RouterBOOT configuration settings over a console cable and disables operation of the reset button to change the boot mode ('''Netinstall will be disabled'''). Access to RouterOS will only be possible with a known RouterOS admin password. Unsetting of this option is only possible from RouterOS. If you forget the RouterOS password, the only option is to perform a complete reformat of both NAND and RAM with the following method, but you '''have''' to know the reset button hold time in seconds.  
* <var> enabled </var> - secure mode, only RouterOS can be accessed with a RouterOS admin password. Any user input from serial port is ignored. Etherboot is not available, RouterBOOT setting change is not possible.
* <var> enabled </var> - secure mode, only RouterOS can be accessed with a RouterOS admin password. Any user input from serial port is ignored. Etherboot is not available, RouterBOOT setting change is not possible.
* <var> disabled </var> - regular operation, RouterBOOT settings available with serial console and reset button can be used to launch Netinstall  
* <var> disabled </var> - regular operation, RouterBOOT settings available with serial console and reset button can be used to launch Netinstall  
Line 152: Line 197:
|type=5s .. 300s
|type=5s .. 300s
|default=20s
|default=20s
|desc= As an emergency recovery option, it is possible to reset everything by pressing the button at power-on for reformat-hold-button time. You will have to remember this setting, otherwise even reformat will not be possible and device will not be recoverable. When you use the button for complete reset, following actions are taken:
|desc= As an emergency recovery option, it is possible to reset everything by pressing the button at power-on for a set reformat-hold-button time. You will have to remember this setting, otherwise even a reformat will not be possible and the device will not be recoverable. When you use the button for a complete reset, following actions are taken:
  '''EXTREMELY DANGEROUS'''. Use this only if you have lost access to device.  
  '''EXTREMELY DANGEROUS'''. Use this only if you have lost all access to the device.  
#RouterOS, all of its files and configuration is completely and irreversibly erased by nand re-format;
#RouterOS, all of its files and configuration is completely and irreversibly erased by nand re-format;
#all RouterBOOT settings are reset to defaults;
#all RouterBOOT settings are reset to defaults;
#board is rebooted;
#Board is rebooted;
#as boot from NAND fails, it goes to etherboot automatically;
#As boot from NAND fails, it goes to etherboot automatically;
#Netinstall is required to reinstall RouterOS.
#Netinstall is required to reinstall RouterOS.
}}
}}

Revision as of 19:41, 8 March 2015

General

Sub-menu level: /system resource

On RouterBOARD devices, the following menu exists which gives you some basic information about your device: 

[admin@demo.mt.lv] /system routerboard> print 
       routerboard: yes
             model: 433
     serial-number: 185C01FCA958 
  current-firmware: 3.25
  upgrade-firmware: 3.25

Properties

All properties are read-only

Property Description
model (string) If this device is a MikroTik RouterBOARD, this describes the model name
serial-number (string) Serial number of this particular device
current-firmware (string) The version of the RouterBOOT loader that is currently in use. Not to be confused with RouterOS operating system version
upgrade-firmware (string) RouterOS upgrades also include new RouterBOOT version files, but they have to be applied manually. This line shows if a new RouterBOOT file has been found in the device. The file can either be included via a recent RouterOS upgrade, or a FWF file which has been manually uploaded to the router. In either case, the newest found version will be shown here


Upgrading RouterBOOT

RouterBOOT upgrades usually include minor improvements to overall RouterBOARD operation. It is recommended to keep this version upgraded. If you see that upgrade-firmware value is bigger than current-firmware, you simply need to perform the upgrade command, accept it with y and then reboot with /system reboot 

 [admin@mikrotik] /system routerboard> upgrade 
 Do you really want to upgrade firmware? [y/n] 
 y
 echo: system,info,critical Firmware upgraded successfully, please reboot for changes to take effect!

After rebooting, the current-firmware value should become identical with upgrade-firmware

Settings

Sub-menu level: /system RouterBOARD settings 

           baud-rate: 115200
          boot-delay: 2s
      enter-setup-on: any-key
         boot-device: nand-if-fail-then-ethernet
       cpu-frequency: 1200MHz
    memory-frequency: 1066DDR
       boot-protocol: bootp
 enable-jumper-reset: yes
 force-backup-booter: no
         silent-boot: no
Property Description
baud-rate (integer; Default: 115200) Choose the onboard RS232 speed in bits per second (if installed)
boot-delay (time; Default: 1s) How much time to wait for a key stroke while booting
boot-device (nand-if-fail-then-ethernet ...; Default: nand-if-fail-then-ethernet) Choose the way RouterBOOT loads the operating system:
  • flash-boot -
  • flash-boot-once-then-nand -
  • nand-if-fail-then-ethernet -
  • nand-only -
  • try-ethernet-once-then-nand -
boot-protocol (bootp |dhcp ...; Default: bootp) Boot protocol to use:
  • bootp - the default option for booting RouterOS
  • dhpc - used for OpenWRT and possibly other OS
cpu-frequency (depends on model; Default: depends on model) This option allows for changing the CPU frequency of the device. Values depend on model, to see available options, hit [?] button on the keyboard at this prompt
cpu-mode (power-save | regular; Default: power-save) Whether to enter CPU suspend mode in HTL instruction. Most OSs use HLT instruction during CPU idle cycle. When CPU is in suspend mode, it consumes less power, but in low-temperatire conditions it is recommended to choose regular mode, so that overall system temperature would be greater
enable-jumper-reset (yes | no; Default: yes) Disable this to avoid accidental setting reset via the onboard jumper
enter-setup-on (any-key | delete-key; Default: any-key) Which key will cause the BIOS to enter configuration mode during boot delay. Note that in some serial terminal programs, it is impossible to use Delete key to enter the setup - in this case it might be possible to do this with the Backspace key
force-backup-booter (yes | no; Default: no) If to use the backup RouterBOOT. This is only useful if the main loader has become corrupted somehow and cannot be fixed. So that you don't have to boot the device with a pushed reset button (which loads backup loader), you can use this setting to load it every time
  • yes - backup loader will be used always
  • no - main booter will be used
memory-frequency (depends on model; Default: depends on model) This option allows to change the memory frequency of the device. Values depend on model, to see available options, hit [?] button on the keyboard at this prompt
regulatory-domain-ce (yes | no; Default: )
silent-boot (yes | no; Default: no) This option disables output on the serial console and beeping sounds during booting, to avoid the text output interrupting a connected device. Useful if you have some temperature monitor or modem connected to the serial port
  • yes - no output on the serial console and no booting beeps (does not disable the RouterOS :beep command)
  • no - regular info and option menu on serial console

Protected bootloader

This is a new feature which allows the protection of RouterOS configuration and files from a physical attacker by disabling etherboot. It is called "Protected RouterBOOT". This feature can be enabled and disabled only from within RouterOS after login, i.e., there is no RouterBOOT setting to enable/disable this feature. These extra options appear only under certain conditions. When this setting is enabled - both the reset button and the reset pin-hole is disabled. Console access is also disabled. The only ability to change boot mode or RouterBOOT settings is through RouterOS. If you do not know the RouterOS password - only a complete format is possible.

  • The backup RouterBOOT version can not be older than v3.22 version. A special package is provided to upgrade the backup RouterBOOT (DANGEROUS). Newer devices will have this new backup loader already installed at the factory. Download the package [1]
  • RouterOS version 6.26 is required to enable this feature
Property Description
protected-routerboot (enabled | disabled; Default: disabled) This setting disables any access to the RouterBOOT configuration settings over a console cable and disables operation of the reset button to change the boot mode (Netinstall will be disabled). Access to RouterOS will only be possible with a known RouterOS admin password. Unsetting of this option is only possible from RouterOS. If you forget the RouterOS password, the only option is to perform a complete reformat of both NAND and RAM with the following method, but you have to know the reset button hold time in seconds.
  • enabled - secure mode, only RouterOS can be accessed with a RouterOS admin password. Any user input from serial port is ignored. Etherboot is not available, RouterBOOT setting change is not possible.
  • disabled - regular operation, RouterBOOT settings available with serial console and reset button can be used to launch Netinstall
reformat-hold-button (5s .. 300s; Default: 20s) As an emergency recovery option, it is possible to reset everything by pressing the button at power-on for a set reformat-hold-button time. You will have to remember this setting, otherwise even a reformat will not be possible and the device will not be recoverable. When you use the button for a complete reset, following actions are taken: 
EXTREMELY DANGEROUS. Use this only if you have lost all access to the device.
  1. RouterOS, all of its files and configuration is completely and irreversibly erased by nand re-format;
  2. all RouterBOOT settings are reset to defaults;
  3. Board is rebooted;
  4. As boot from NAND fails, it goes to etherboot automatically;
  5. Netinstall is required to reinstall RouterOS.
Retrieved from "https://wiki.mikrotik.com/index.php?title=Manual:RouterBOARD_settings&oldid=27066"