Meshtastic Managed Mode and Admin Channels

For deployed infrastructure nodes — community repeaters, fixed gateways — you want to prevent unauthorized configuration changes while still being able to administer the node remotely. Meshtastic provides two tools for this: Managed Mode and Admin Channels.

Managed Mode

When Managed Mode is enabled, the node ignores configuration packets from the local Bluetooth connection unless they come from an authorized admin. This prevents anyone who walks up to the repeater and pairs their phone from changing the configuration.

meshtastic --set device.role MANAGED

With Managed Mode active:

Local BLE configuration is blocked (requires admin channel for config changes)
USB serial connection can still configure the device (physical access = admin)
The node continues to route and relay normally

Admin Channel

The Admin Channel is an encrypted control channel that allows authorized administrators to configure any node in the mesh remotely — even nodes that are out of direct radio range (configuration packets are relayed through the mesh).

Setting Up an Admin Channel

Create a channel with a random PSK and name it "admin" (or any name you choose)
Add this channel to all nodes you want to manage
Only administrators should have the admin channel PSK

meshtastic --ch-set name "admin" --ch-index 1
meshtastic --ch-set psk random --ch-index 1

Remote Configuration via Admin Channel

Once an admin channel is configured, you can send configuration commands to remote nodes via the app's remote admin feature. The command is encrypted with the admin channel PSK, relayed through the mesh, and executed on the target node. The target node responds with its updated configuration.

Security Considerations

The admin channel PSK is the master key for your infrastructure — guard it carefully
Distribute admin channel credentials only to trusted operators
Consider a separate admin channel per node, or per geographic cluster, to limit blast radius if a key is compromised
USB serial access always overrides Managed Mode — physical access to the hardware is always root access

Meshtastic Protocol Overview

Meshtastic Flooding Mesh Protocol Explained

Meshtastic Node IDs, Addresses, and Naming

Meshtastic Setup Guide

Initial Node Configuration Checklist

Advanced Configuration for Infrastructure Nodes

Personal Device Roles

Infrastructure Roles: Router and Repeater

Specialized Roles

How Meshtastic Channels Work

Creating Private Channels

Built-in Telemetry Types

Monitoring Channel Utilization

Meshtastic Python CLI Guide

Complete Meshtastic CLI Command Reference

Meshtastic MQTT Setup

Building a Meshtastic Internet Gateway

Meshtastic Web Interface and Remote Access

Meshtastic Module Configuration Reference

Traceroute and Path Diagnostics

Neighbor Info and Signal Mapping

Meshtastic APRS Gateway

Meshtastic Python Scripting

Home Assistant Integration via MQTT

Node-RED Flows for Mesh Automation

Meshtastic Channel Encryption

Privacy Best Practices

Understanding Channels and PSKs

Sharing Channels via QR Code

Channel Strategy for Community Networks

Reading Network Statistics in the Meshtastic App

Using the Meshtastic Python CLI for Diagnostics

Mesh Topology and Path Analysis

Common Network Problems and Solutions

Getting Started with the Meshtastic Python Library

Automating Meshtastic: Practical Scripts

Meshtastic Python API Reference

Telemetry Module: Device, Environment, and Power

Store and Forward Module

Range Test Module

External Notification and Canned Messages

Serial, MQTT, and Ambient Light Modules

Meshtastic Channel Encryption

PKI Direct Messaging (v2.3+)

Meshtastic Managed Mode and Admin Channels

Device Configuration Settings

Position Configuration Settings

Network Configuration Settings

Meshtastic Android App Overview

Meshtastic iOS App Overview

Meshtastic Web Client and Python CLI

Meshtastic Power Settings Reference

Power Configuration Settings Reference

Meshtastic LoRa Settings Reference

Choosing the Right Modem Preset

Meshtastic Managed Mode and Admin Channels

Managed Mode

Admin Channel

Setting Up an Admin Channel

Remote Configuration via Admin Channel

Security Considerations