It is sometimes possible to change router configuration in a way that will make the router inaccessible (except from local console). Usually this is done by accident, but there is no way to undo last change when connection to router is already cut. Safe mode can be used to minimize such risk.
Safe mode is entered by pressing [CTRL]+[X]. To save changes and quit safe mode, press [CTRL]+[X] again. To exit without saving the made changes, hit [CTRL]+[D]
[[email protected]] ip route>[CTRL]+[X] [Safe Mode taken] [[email protected]] ip route<SAFE>
Message Safe Mode taken is displayed and prompt changes to reflect that session is now in safe mode. All configuration changes that are made (also from other login sessions), while router is in safe mode, are automatically undone if safe mode session terminates abnormally. You can see all such changes that will be automatically undone tagged with an F flag in system history:
[[email protected]oTik] ip route> [Safe Mode taken] [[email protected]] ip route<SAFE> add [[email protected]] ip route<SAFE> /system history print Flags: U - undoable, R - redoable, F - floating-undo ACTION BY POLICY F route added admin write
Now, if telnet connection (or winbox terminal) is cut, then after a while (TCP timeout is 9 minutes) all changes that were made while in safe mode will be undone. Exiting session by [Ctrl]+[D] also undoes all safe mode changes, while /quit does not.
If another user tries to enter safe mode, he’s given following message:
[[email protected]] > Hijacking Safe Mode from someone - unroll/release/don't take it [u/r/d]:
- [u] – undoes all safe mode changes, and puts the current session in safe mode.
- [r] – keeps all current safe mode changes, and puts current session in a safe mode. Previous owner of safe mode is notified about this:
[[email protected]] ip firewall rule input [Safe mode released by another user]
- [d] – leaves everything as-is.
If too many changes are made while in safe mode, and there’s no room in history to hold them all (currently history keeps up to 100 most recent actions), then session is automatically put out of the safe mode, no changes are automatically undone. Thus, it is best to change configuration in small steps, while in safe mode. Pressing [Ctrl]+[X] twice is an easy way to empty safe mode action list.
When HotLock mode is enabled commands will be auto completed.
To enter/exit HotLock mode press [CTRL]+[V].
[[email protected]] /ip address> [CTRL]+[V] [[email protected]] /ip address>>
>> is indication that HotLock mode is enabled. For example if you type
/in e, it will be auto completed to
[[email protected]] /ip address>> /interface ethernet