vaheeD khoshnouD

linux, mikrotik, macosx

MikroTik RouterOS “Safe Mode”

Written by vaheeD on January 19, 2013
4.67 avg. rating (92% score) - 3 votes

Safe Mode

It is sometimes possible to change router configuration in a way that will make the router inaccessible (except from local console). Usually this is done by accident, but there is no way to undo last change when connection to router is already cut. Safe mode can be used to minimize such risk.

Safe mode is entered by pressing [CTRL]+[X]. To save changes and quit safe mode, press [CTRL]+[X] again. To exit without saving the made changes, hit [CTRL]+[D]

[admin@MikroTik] ip route>[CTRL]+[X]
[Safe Mode taken]

[admin@MikroTik] ip route<SAFE>

 

Message Safe Mode taken is displayed and prompt changes to reflect that session is now in safe mode. All configuration changes that are made (also from other login sessions), while router is in safe mode, are automatically undone if safe mode session terminates abnormally. You can see all such changes that will be automatically undone tagged with an F flag in system history:

[admin@MikroTik] ip route>
[Safe Mode taken]

[admin@MikroTik] ip route<SAFE> add
[admin@MikroTik] ip route<SAFE> /system history print
Flags: U - undoable, R - redoable, F - floating-undo
  ACTION                                   BY                 POLICY
F route added                              admin              write

Now, if telnet connection (or winbox terminal) is cut, then after a while (TCP timeout is 9 minutes) all changes that were made while in safe mode will be undone. Exiting session by [Ctrl]+[D] also undoes all safe mode changes, while /quit does not.

If another user tries to enter safe mode, he’s given following message:

[admin@MikroTik] >
Hijacking Safe Mode from someone - unroll/release/don't take it [u/r/d]:
  • [u] – undoes all safe mode changes, and puts the current session in safe mode.
  • [r] – keeps all current safe mode changes, and puts current session in a safe mode. Previous owner of safe mode is notified about this:
 
     [admin@MikroTik] ip firewall rule input
     [Safe mode released by another user]
  • [d] – leaves everything as-is.

If too many changes are made while in safe mode, and there’s no room in history to hold them all (currently history keeps up to 100 most recent actions), then session is automatically put out of the safe mode, no changes are automatically undone. Thus, it is best to change configuration in small steps, while in safe mode. Pressing [Ctrl]+[X] twice is an easy way to empty safe mode action list.

 

HotLock Mode

When HotLock mode is enabled commands will be auto completed.

To enter/exit HotLock mode press [CTRL]+[V].

[admin@MikroTik] /ip address> [CTRL]+[V]
[admin@MikroTik] /ip address>>

Double >> is indication that HotLock mode is enabled. For example if you type /in e, it will be auto completed to

[admin@MikroTik] /ip address>> /interface ethernet

 

4.67 avg. rating (92% score) - 3 votes

Posted Under: MikroTik

About vaheeD

Leave a Reply

Your email address will not be published. Required fields are marked *

Protected by WP Anti Spam