...
If you are at any point unsure of which parameter value will be used for an interface, consult the actual-configuration menu.
...
For an example of configuration profile usage, see following example.
| Code Block | ||||
|---|---|---|---|---|
| ||||
# Creating a security profile, which will be common for both interfaces /interface wifiwave2 security add name=common-auth authentication-types=wpa2-psk,wpa3-psk passphrase="diceware makes good passwords" wps=disable # Creating a common configuration profile and linking the security profile to it /interface wifiwave2 configuration add name=common-conf ssid=MikroTik country=Latvia security=common-auth # Creating separate channel configurations for each band /interface wifiwave2 channel add name=ch-2ghz frequency=2412,2432,2472 width=20mhz add name=ch-5ghz frequency=5180,5260,5500 width=20/40/80mhz # Assigning to each interface the common profile as well as band-specific channel profile /interface wifiwave2 set wifi1 channel=ch-2ghz configuration=common-conf disabled=no set wifi2 channel=ch-5ghz configuration=common-conf disabled=no /interface/wifiwave2/actual-configuration print 0 name="wifi1" mac-address=74:4D:28:94:22:9A arp-timeout=auto radio-mac=74:4D:28:94:22:9A configuration.ssid="MikroTik" .country=Latvia security.authentication-types=wpa2-psk,wpa3-psk .passphrase="diceware makes good passwords" .wps=disable channel.frequency=2412,2432,2472 .width=20mhz 1 name="wifi2" mac-address=74:4D:28:94:22:9B arp-timeout=auto radio-mac=74:4D:28:94:22:9B configuration.ssid="MikroTik" .country=Latvia security.authentication-types=wpa2-psk,wpa3-psk .passphrase="diceware makes good passwords" .wps=disable channel.frequency=5180,5260,5500 .width=20/40/80mhz |
Resetting configuration
Wifiwave2 interface configurations can be reset by using the 'reset' command.
| Code Block | ||
|---|---|---|
| ||
/interface/wifiwave2 reset wifi1 |
...
Interface configuration examples
Basic password-protected AP
| Code Block | ||
|---|---|---|
| ||
/interface/wifiwave2 set wifi1 disabled=no configuration.ssid=MikroTik security.authentication-types=wpa2-psk,wpa3-psk security.passphrase=8-63_characters |
| Anchor | ||||
|---|---|---|---|---|
|
Open AP with OWE transition mode
Opportunistic wireless encryption (OWE) allows creation of wireless networks that do not require the knowledge of a password to connect, but still offer the benefits of traffic encryption and management frame protection. It is an improvement on regular open access points.
...
Client devices that support OWE will prefer the OWE interface. If you don't see any devices in your registration table that are associating with the regular open AP, you may want to move on from running a transition mode setup to a single OWE-encrypted interface.
Advanced examples
Resetting configuration
Wifiwave2 interface configurations can be reset by using the 'reset' command.
| Code Block | ||
|---|---|---|
| ||
/interface/wifiwave2 reset wifi1 |
Access List
Access list provides multiple ways of filtering and managing wireless connections.
...
| Note |
|---|
Take care when writing access list rules which reject clients. After being repeatedly rejected by an AP, a client device may start avoiding it. |
...
| Filtering parameters | |
|---|---|
| Parameter | Description |
| allow-signal-out-of-range (time period) | Modifies the signal-range parameter to still match established connections for a given length of time, even if their signal is outside the specified range. Default: 0s. |
| interface (interface|interface-list|'any') | Match if connection takes place on the specified interface or interface belonging to specified list. Default: any. |
| mac-address (MAC address) | Match if the client device has the specified MAC address. No default value. |
| mac-address-mask (MAC address) | Modifies the mac-address parameter to match if it is equal to the result of performing bit-wise AND operation on the client MAC address and the given address mask. Default: FF:FF:FF:FF:FF:FF (i.e. client's MAC address must match value of mac-address exactly) |
| signal-range (min..max) | Match if the strength of received signal from the client device is within the given range. Default: '-120..120' |
| ssid-regexp (regex) | Match if the given regular expression matches the SSID. |
| time (start-end,days) | Match during the specified time of day and (optionally) days of week. Default: 0s-1d |
| Action parameters | |
|---|---|
| Parameter | Description |
| action (accept|reject|query-radius) | Whether to authorize a connection
|
| passphrase (string) | Override the default passphrase with given value. No default value. |
| radius-accounting (no|yes) | Override the default RADIUS accounting policy with given value. No default value. |
...
Information about RF conditions on available channels can be obtained by running the frequency-scan command.
| Command parameters | |
|---|---|
| Parameter | Description |
| duration (time interval) | Length of time to perform the scan for before exiting. Useful for non-interactive use. Not set by default. |
| freeze-frame-interval (time interval) | Time interval at which to update command output. Default: 1s. |
| frequency (list of frequencies/ranges) | Frequencies to perform the scan on. See channel.frequency parameter syntax above for more detail. Defaults to all supported frequencies. |
| numbers (string) | Either the name or internal id of the interface to perform the scan with. Required. Not set by default. |
| rounds (integer) | Number of times to go through list of scannable frequencies before exiting. Useful for non-interactive use. Not set by default. |
| save-file (string) | Name of file to save output to. Not set by default. |
| Output parameters | |
|---|---|
| Parameter | Description |
| channel (integer) | Frequency (in MHz) of the channel scanned. |
| networks (integer) | Number of access points detected on the channel. |
| load (integer) | Percentage of time the channel was busy during the scan. |
| nf (integer) | Noise floor (in dBm) of the channel. |
| max-signal (integer) | Maximum signal strength (in dBm) of APs detected in the channel. |
| min-signal (integer) | Minimum signal strength (in dBm) of APs detected in the channel. |
| primary (boolean) (P) | Channel is in use as the primary (control) channel by an AP. |
| secondary (boolean) (S) | Channel is in use as a secondary (extension) channel by an AP. |
Scan command
The '/interface wifiwave2 scan' command will scan for access points and print out information about any APs it detects.
The scan command takes all the same parameters as the frequency-scan command.
| Output parameters | |
|---|---|
| Parameter | Description |
| active (boolean) (A) | Signifies that beacons from the AP have been received in the last 30 seconds. |
| address (MAC) | The MAC address (BSSID) of the AP. |
| channel (string) | The control channel frequency used by the AP, its supported wireless standards and control/extension channel layout. |
security (string) | Authentication methods supported by the AP. |
| signal (integer) | Signal strength of the AP's beacons (in dBm). |
| ssid (string) | The extended service set identifier of the AP. |
| sta-count (integer) | The number of client devices associated with the AP. Only available if the AP includes this information in its beacons. |
WPS
WPS server
An AP can be made to accept WPS authentication by a client device for 2 minutes by running the following command.
...
The wps-client command enables obtaining authentication information from a WPS-enabled AP.
| Command parameters | |
|---|---|
| Parameter | Description |
| duration (time interval) | Length of time after which the command will time out if no AP is found. Unlimited by default. |
| interval (time interval) | Time interval at which to update command output. Default: 1s. |
| mac-address (MAC) | Only attempt connecting to AP with the specified MAC (BSSID). Not set by default. |
| numbers (string) | Name or internal id of the interface with which to attempt connection. Not set by default. |
| ssid (string) | Only attempt to connect to APs with the specified SSID. Not set by default. |
Radios
Information about the capabilities of each radio can be gained by running the `/interface/wifiwave2/radio print detail` command.
...
The registration table contains read-only information about associated wireless devices.
...
| Read-only peer parameters | |
|---|---|
| Parameter | Description |
| authorized (boolean) (A) | True when the peer has successfully authenticated. |
| bytes (list of integers) | Number of bytes in packets transmitted to a peer and received from it. |
| interface (string) | Name of the interface, which was used to associate with the peer. |
| mac-address (MAC) | The MAC address of the peer. |
| packets (list of integers) | Number of packets transmitted to a peer and received from it. |
| rx-rate (string) | Bitrate of received transmissions from peer. |
| signal (integer) | Strength of signal received from the peer (in dBm). |
| tx-rate (string) | Bitrate used for transmitting to the peer. |
| uptime (time interval) | Time since association. |
De-authentication
Wireless peers can be manually de-authenticated (forcing re-association) by removing them from the registration table.
| Code Block | ||
|---|---|---|
| ||
/interface/wifiwave2/registration-table remove [find where mac-address=02:01:02:03:04:05] |
Regulatory domain information
Information about your regulatory domain, such as allowed frequencies, transmit power and DFS requirements can be found in the info menu.
| Code Block | ||
|---|---|---|
| ||
/interface/wifiwave2/info country-info Latvia |