Page tree

The wifiwave2 package beta offers a new wireless driver, supporting 802.11ac Wave 2 features and an alternative configuration menu. Installing it disables other means of configuring wireless interfaces, including CAPsMAN.

It can be downloaded as part of the 'Extra Packages' archive for the latest ARM release of RouterOS 7.

Note: Before trying the wifiwave2 package, make sure to back up any wireless and CAPsMAN configuration you may want to restore afterwards.


The wifiwave2 package is compatible with IPQ4019 and QCA9984 wireless interfaces and is only available for ARM builds of RouterOS v7. It also requires 10MB of free space and at least 256MB of RAM.

As of the release of RouterOS 7.1beta3, this means it is compatible with 4 devices:

  1. hAP ac³ (non-LTE)
  2. Audience*
  3. Audience LTE6 kit*
  4. RB4011iGS+5HacQ2HnD**

*Please note that the wifiwave2 package is not compatible with CAPsMAN.

**Note that the 2.4GHz wireless interface on the RB4011iGS+5HacQ2HnD is not compatible with the wifiwave2 package. It will not be usable with the package installed.


  • WPA3 authentication and OWE (opportunistic wireless encryption)
  • 802.11w standard management frame protection
  • Initial implementation of MU-MIMO and beamforming
  • 400Mb/s maximum data rate in the 2.4GHz band for IPQ4019 interfaces

Interface configuration

Wifiwave2 interfaces can be configured using WinBox or the '/interface/wifiwave2' menu in the CLI.

Interface properties

Following is a non-exhaustive list of wifiwave2 interface properties.


band ( 2ghz-g | 2ghz-n | 2ghz-ax | 5ghz-a | 5ghz-ac | 5ghz-an | 5ghz-ax )

Supported frequency band and wireless standard. Defaults to newest supported standard. Note that band support is limited by radio capabilities.

channel-width ( 20mhz | 20/40mhz | 20/40mhz-Ce | 20/40mhz-eC | 20/40/80mhz | 20/40/80+80mhz  20/40/80/160mhz )

Width of radio channel. Defaults to widest supported.

configuration.chains (list of integer [0..7])

Radio chains to use for receiving signals. Defaults to all available chains.

configuration.tx-chains (list of integer [0..7])

Radio chains to use for transmitting signals. Defaults to all available chains. (name of a country)

Determines, which regulatory domain restrictions are applied to an interface. Defaults to "United States", prohibiting use of frequencies 2467-2472 in the 2.4GHz band.

configuration.hide-ssid (no | yes)

  • yes - AP does not include SSID in the beacon frames, and does not reply to probe requests that have broadcast SSID.

  • no - AP includes SSID in the beacon frames, and replies to probe requests that have broadcast SSID.

Default: no

disable-running-check (no | yes)

  • yes - interface will have the 'running' flag whenever it is enabled and has a valid configuration applied to it

  • no - interface will only have the 'running' flag when it has established an active wireless link

Default: no

disabled ( no | yes )

Whether interface is disabled. Hardware interfaces are disabled by default, but virtual ones are not.

frequency ( list of integer ranges Start[-End][:RangeStep] )

Frequencies to use for control channel when operating as AP or frequencies to scan for APs on when operating as a station (client). Defaults to all supported channels in the given frequency band.

Note: unlike the standard wireless package wifiwave2 does not support operating on non-standard radio channels (channels without an official number e.g. 5200/ac/Ceee).

mac-address (MAC)

MAC address (BSSID) to use for an interface.

Hardware interfaces default to the MAC address of the associated radio interface.

Virtual interfaces are assigned MAC addresses are generated by

  1. Taking the MAC address of the associated master interface

  2. Setting the second-least-significant bit of the first octet to 1, resulting in a locally administered MAC address

  3. If needed, incrementing the last octet of the address to ensure it doesn't overlap with the address of another interface on the device

master-interface ( name of an interface )

Master interface for virtual interfaces.

mode ( ap | station )

Operating mode for the interface. Defaults to 'ap'.

secondary-frequency ( list of integer | disabled )

Frequency to use for the center of the second part of a split 80+80MHz channel.

security.authentication-types ( list of owe, wpa-eap, wpa-psk, wpa2-eap, wpa2-psk, wpa3-eap, wpa3-psk )

Authentication types to enable on the interface.

Default value depends on value of 'security.passphrase' and 'mode' parameters. If security.passphrase is unset, security.authentication-types will default to an empty list. If security.passphrase is set, security.authentication-types will default to 'wpa2-psk' for APs or 'wpa-psk,wpa2-psk' for stations.

security.passphrase ( string 0..63 chars )

Passphrase to use for PSK authentication types. Defaults to an empty string - "".

WPA-PSK and WPA2-PSK authentication requires a minimum of 8 chars, while WPA3-PSK does not have minimum passphrase length. ( allowed | disabled | required )

Whether to use 802.11w management frame protection (incompatible with management frame protection in standard wireless package).

Defaults to 'allowed' when PSK authentication is used.

security.owe-transition-interface (name of interface)

Name of an interface whose MAC address and SSID to advertise as the matching AP when running in OWE transition mode. Required for setting up open APs that offer OWE, but also work with older devices that don't support the standard. See configuration example below.

ssid (string)

ESSID (extended service set identifier) is a name that identifies wireless network. Default: None.

Configuration examples

Basic password-protected AP

/interface/wifiwave2 set wifi1 disabled=no ssid=MikroTik \
security.authentication-types=wpa2-psk,wpa3-psk security.passphrase=8-63_characters

Open AP with OWE

Opportunistic wireless encryption (OWE) allows wireless clients to enjoy encryption and management frame protection without requiring knowledge of a passphrase to connect. It is an improvement on open AP operating mode.

However, the OWE standard does not permit connections from devices that don't support it to prevent downgrade attacks. So to provide an open AP both for clients that don't support OWE and those that do, the following basic configuration is required.

add master-interface=wifi1 name=wifi1_owe ssid=MikroTik_OWE \
security.authentication-types=owe security.owe-tranistion-interface=wifi1 \
set wifi1 ssid=MikroTik security.authentication-types="" security.owe-transition-interface=wifi1_owe
enable wifi1,wifi1_owe

Resetting configuration

Wifiwave2 interfaces can be reset by using the recently implemented 'reset' command.

/interface/wifiwave2/reset wifi1


Information about the capabilities of each radio can be gained by running the `/interface/wifiwave2/radio print detail` command. Following is a list of radio parameters.

bandsList of supported frequency bands, wireless standards and channel widths.
ciphersList of supported traffic encryption ciphers.

A unique identifier.

radio-macMAC address of the radio interface. Can be used to match radios to interface configurations.
rx-chainsList of IDs for radio chains available for receiving radio signals.
tx-chainsList of IDs for radio chains available for transmitting radio signals.

Registration table

The registration table contains entries of associated wireless devices (both APs and stations) and provides information about their signal levels, data rates and other parameters when using the additional `/interface/wifiwave2/registration-table/print stats` parameter.

  • No labels