These properties have effect only when authentication-types contains wpa-eap or wpa2-eap , and mode is set to dynamic-keys. Note: The order of allowed authentication methods in eap-methods is important, the same order is going to be used to send authentication method offers to the Station.
These properties have effect only when mode is set to static-keys-required or static-keys-optional. RouterOS implements proprietary management frame protection algorithm based on shared secret. Management frame protection means that RouterOS wireless device is able to verify source of management frame and confirm that particular frame is not malicious.
This feature allows to withstand deauthentication and disassociation attacks on RouterOS based wireless devices. Management protection mode is configured in security-profile with management-protection setting. Possible values are: disabled - management protection is disabled default , allowed - use management protection if supported by remote party for AP - allow both, non-management protection and management protection clients, for client - connect both to APs with and without management protection , required - establish association only with remote devices that support management protection for AP - accept only clients that support management protection, for client - connect only to APs that support management protection.
Management protection shared secret is configured with security-profile management-protection-key setting. When interface is in AP mode, default management protection key configured in security-profile can be overridden by key specified in access-list or RADIUS attribute.
Note: RADIUS MAC authentication is used by access point for clients that are not found in the access-list , similarly to the default-authentication property of the wireless interface.
It controls whether client is allowed to proceed with authentication, or is rejected immediately. Access point caches authentication response for some time and can immediately reply to the repeated association request from the same client.
WDS links can use all available security features. However, they require careful configuration of security parameters. It is possible to use one security profile for all clients, and different security profiles for WDS links. Security profile for WDS link is specified in connect-list. Access point always checks connect list before establishing WDS link with another access point, and used security settings from matching connect list entry.
Since WPA authentication and key exchange is not symmetrical, one of the access points will act as a client for the purpose of establishing secure connection. This is similar to how static-mesh and dynamic-mesh WDS modes work. Some problems, like single sided WDS link between two incorrectly configured access points that use non -mesh mode, is not possible if WPA encryption is enabled. However, non -mesh modes with WPA still have other issues like constant reconnection attempts in case of configuration mismatch that are solved by use of the -mesh WDS modes.
These properties are authentication-types , unicast-ciphers , group-ciphers. For non -mesh WDS mode these properties need to have the same values on both devices.
In mesh WDS mode each access point has to support the other one as a client. Client uses value of connect-list security-profile property to match only those access points that support necessary security. It is possible to create virtual access points using the add command in the wireless menu. You must specify the master-interface which the virtual interface will belong to.
If "master-interface" mode is "station", Virtual AP will work only when "master-interface" will be active. Virtual AP interface will only work if master interface is in ap-bridge , bridge , station or wds-slave mode. It works only with This feature is useful for separating access for different types of users. You can assign different bandwidth levels and passwords and instruct users to connect to the specific virtual network, it will appear to wireless clients as a different SSID or a different device.
For example, when using QuickSet to configure a guest network, the VirtualAP feature is used in the background. Note: you can create up to virtual interfaces per physical interface. It is not recommended to create more 30, since the performance will start to degrade.
Note: Starting from 6. It is also possible to create virtual clients and have both an AP and a Client on the same physical interface. This allows to make a repeater setup with only using one hardware card. The process of configuration is exacly the same as above, but use mode station :.
Note: Virtual interfaces will always use the Master interface wireless frequency. If the Master interface has 'auto' frequency enabled it will use the wireless frequency that the Master interface selected. Wireless sniffer allows to capture frames including Radio header, Scan command allows to see available AP in the frequency range defined in the scan-list.
Using scan command the interface operation is disabled wireless link is disconnected during the scan operation Since RouterOS v6. Background scan is supported only using Scan tool will continue scanning for AP until user stops the scan process. It is possible to use 'rounds' setting for the scan tool to do scan through the scan-list entries specific times. It is useful when running scan tool using scripts. Example of scan command for one round:. Also this feature together with rounds setting allows to get scan results from the remote wireless clients - executing that command will start the scan tool which disconnect the wireless link, does the scan through the scan-list frequencies and saves the results to file, exits the scan and connects the wireless link back.
This tool monitors surrounding frequency usage, and displays which devices occupy each frequency. It's available both in console, and also in Winbox.
Snooper will use frequencies from scan-list. For example, hap lite, hap, hap ac lite, hap ac, map lite. It is possible to configure this mode for the Virtual AP interfaces as well.
WPS Client can be enabled by such command:. Wireless repeater will allow to receive the signal from the AP and repeat the signal using the same physical interface locally for connecting other clients. This will allow to extend the wireless service for the wireless clients.
Wireless repeater function will configure the wireless interface to connect to the AP with station-bridge or station-pseudobridge option, create a virtual AP interface, create a bridge interface and add both main and the virtual interfaces to the bridge ports. If your AP does not support WPS , it is possible to specify the settings manually, using these parameters:. Station Roaming feature is available only for When the background scan will find an AP with better signal it will try to roam to that AP.
The time intervals between the background scans will become shorter when the wireless signal becomes worse and the background scan interval will become longer when the wireless client signal will get better.
This is necessary to separate e. VLAN is assigned for wireless interface and as a result all data coming from wireless gets tagged with this tag and only data with this tag will send out over wireless. This works for all wireless protocols except that on Nv2 there's no Virtual AP support.
Note: In case to use this option you must enable wireless-fp or wireless-cm2 package for RouterOS version up to 6. Starting from RouterOS v6. Note: Current Tx Power gives you information about transmit power currently used at specific data rate. Currently not supported for Atheros From MikroTik Wiki.
Categories : Unfinished Manual Wireless Interface. Navigation menu Personal tools Log in. Namespaces Manual Discussion. Views Read View source View history. Main Page Recent changes. Note that no authentication is done for these clients WEP Shared keys are not compared to anything - they are just accepted at once if access list allows that. Frame priorities for which AMPDU sending aggregating frames and sending using block acknowledgment should get negotiated and used.
Using AMPDUs will increase throughput, but may increase latency, therefore, may not be desirable for real-time traffic voice, video. AMSDU aggregation may significantly increase throughput especially for small frames, but may increase latency in case of packet loss due to retransmission of aggregated frame.
Antenna gain in dBi, used to calculate maximum transmit power according to country regulations. Select antenna to use for transmitting and for receiving ant-a - use only 'a' antenna ant-b - use only 'b' antenna txa-rxb - use antenna 'a' for transmitting, antenna 'b' for receiving rxa-txb - use antenna 'b' for transmitting, antenna 'a' for receiving.
Identifies group of wireless networks. This value is announced by AP, and can be matched in connect-list by area-prefix. This is a proprietary extension. Similar to the basic-rates-b property, but used for 5ghz, 5ghzmhz, 5ghz-5mhz, 5ghz-turbo, 2. List of basic rates, used for 2. This property has effect only in AP modes, and when value of rate-set is configured. Allows to use station-bridge mode.
Time in microseconds which will be used to send data without stopping. Note that no other wireless cards in that network will be able to transmit data during burst-time microseconds. Use of extension channels e. Ce, eC etc allows additional 20MHz extension channels and if it should be located below or above the control main channel. Extension channel allows Setting this property to yes will allow the use of the hardware compression.
Wireless interface must have support for hardware compression. Connections with devices that do not use compression will still work. Limits available bands, frequencies and maximum transmit power for each frequency. Also specifies default value of scan-list. This is the value of ap-tx-limit for clients that do not match any entry in the access-list. For AP mode, this is the value of authentication for clients that do not match any entry in the access-list.
For station mode, this is the value of connect for APs that do not match any entry in the connect-list. This is the value of client-tx-limit for clients that do not match any entry in the access-list. This is the value of forwarding for clients that do not match any entry in the access-list. When set to yes interface will always have running flag. If value is set to no' , the router determines whether the card is up and running - for AP one or more clients have to be registered to it, for station, it should be connected to an AP.
This interval is measured from third sending failure on the lowest data rate. During disconnect-timeout packet transmission will be retried with on-fail-retry-time interval.
If no frame can be transmitted successfully during disconnect-timeout , the connection is closed, and this event is logged as "extensive data loss". Successful frame transmission resets this timer. Distance value has these behaviors: Dynamic - causes AP to detect and use the smallest timeout that works with all connected clients.
Indoor - uses the default ACK timeout value that the hardware chip manufacturer has set. Discard frames that have been queued for sending longer than frame-lifetime. By default, when value of this property is 0 , frames are discarded only after connection is closed. Channel frequency value in MHz on which AP will operate. Note : If using mode "superchannel", any frequency supported by the card will be accepted, but on the RouterOS client, any non-standard frequency must be configured in the scan-list , otherwise it will not be scanning in non-standard range.
In Winbox, scanlist frequencies are in bold , any other frequency means the clients will need scan-list configured. Three frequency modes are available: regulatory-domain - Limit available channels and maximum transmit power for each channel according to the value of country manual-txpower - Same as above, but do not limit maximum transmit power. Allow all channels supported by the card. This mode should only be used in controlled environments, or if you have special permission to use it in your region.
Before v4. Since RouterOS v4. Allows to specify offset if the used wireless card operates at a different frequency than is shown in RouterOS, in case a frequency converter is used in the card.
The value is in MHz and can be positive or negative. Whether to allow use of short guard interval refer to This property has an effect only in AP mode. Setting it to yes can remove this network from the list of wireless networks that are shown by some client software.
Changing this setting does not improve the security of the wireless network, because SSID is included in other frames sent by the AP. Modulation and Coding Schemes that every connecting client must support. Refer to Modulation and Coding Schemes that this device advertises as supported.
Specifies maximum fragment size in bytes when transmitted over the wireless medium. Note that transmission of a fragmented packet is less efficient than transmitting unfragmented packet because of protocol overhead and increased resource usage at both - transmitting and receiving party. Number of times sending frame is retried without considering it a transmission failure.
Data-rate is decreased upon failure and the frame is sent again. Three sequential failures on the lowest supported rate suspend transmission to this destination for the duration of on-fail-retry-time. After that, the frame is sent again. The frame is being retransmitted until transmission success, or until the client is disconnected after disconnect-timeout. The frame can be discarded during this time if frame-lifetime is exceeded. If a client has not communicated for around 20 seconds, AP sends a "keepalive-frame".
Note , disabling the feature can lead to "ghost" clients in registration-table. Name of wireless interface that has virtual-ap capability. This property is only for virtual AP interfaces. Selection between different station and access point AP modes. Station modes : station - Basic station mode. Find and connect to acceptable AP. AP configuration has to allow WDS links with this device. Note that this mode does not use entries in wds.
Allows interface to be bridged. AP modes: ap-bridge - Basic access point mode. If this link is lost or cannot be established, then continue scanning. If dfs-mode is radar-detect , then APs with enabled hide-ssid will not be found during scanning. Special modes: alignment-only - Put the interface in a continuous transmit mode that is used for aiming the remote antenna. All packets are sent to AP with the MAC address used by pseudobridge, and MAC addresses of received packets are restored from the address translation table.
There is a single entry in the address translation table for all non-IP packets, hence more than one host in the bridged network cannot reliably use non-IP protocols. Note: Currently IPv6 doesn't work over Pseudobridge. For a client that has power saving, buffer multicast packets until next beacon time.
A client should wake up to receive a beacon, by receiving beacon it sees that there are multicast packets pending, and it should wait for multicast packets to be sent. When set to full , multicast packets will be sent with a unicast destination MAC address, resolving multicast problem on the wireless link. This option should be enabled only on the access point, clients should be configured in station-bridge mode. Available starting from v5. Value can be changed in future releases. For advanced use only, as it can badly affect the performance of the interface.
It is possible to manually set noise floor threshold value. By default, it is dynamically calculated. This property also affects received signal strength. This property is only effective on non-AC chips. Setting affects the size of contention time slot that AP allocates for clients to initiate connection and also size of time slots used for estimating distance to client. Although during normal operation the effect of this setting should be negligible, in order to maintain maximum performance, it is advised to not increase this setting if not necessary, so AP is not reserving time that is actually never used, but instead allocates it for actual data transfer.
Sets the packet priority mechanism, firstly data from high priority queue is sent, then lower queue priority data until 0 queue priority is reached. When link is full with high priority queue data, lower priority data is not sent. Use it very carefully, setting works on AP frame-priority - manual setting that can be tuned with Mangle rules.
After third sending failure on the lowest data rate, wait for specified time interval before retrying. Setting default enables periodic calibration if info default-periodic-calibration property is enabled. Value of that property depends on the type of wireless card.
This property is only effective for cards based on Atheros chipset. Short preamble mode is an option of On AP: long - Do not use short preamble. Do not accept connections from clients that do not have this capability. On station: long - do not use short preamble. RouterOS includes proprietary information in an information element of management frames. This parameter controls how this information is included. It can interoperate with newer versions of RouterOS.
This method is incompatible with some clients, for example, Centrino based ones. Descriptive name of the device, that is shown in registration table entries on the remote devices. Two options are available: default - default basic and supported rate sets are used.
Values from basic-rates and supported-rates parameters have no effect. Which antennas to use for receive. Ref legal event code : FG4D. Ref country code : LT. Ref legal event code : MG4D. Ref legal event code : MK Ref country code : NL. Ref legal event code : MP. Payment date : Year of fee payment : 5. Ref country code : FI. Ref country code : SE. Ref country code : NO. Ref country code : GR. Ref country code : HR. Ref country code : ES. Ref country code : PT. Ref country code : BG.
Ref country code : PL. Ref country code : LV. Ref country code : RS. Ref country code : IS. Ref country code : DK. Ref country code : CZ. Ref country code : RO. Ref country code : EE.
Ref country code : IT. Ref country code : SM. Ref country code : AL. Ref legal event code : PL. Ref country code : MC. Ref country code : SK. Ref country code : LU. Ref country code : BE. Ref legal event code : MM.
Ref country code : LI. Ref country code : SI. Ref country code : FR. Ref country code : GB. USP true USB2 fr. EPB1 fr. WOA1 fr. USB2 en.
0コメント