Page History

...

Overview

...

Package: wireless

RouterOS wireless comply complies with IEEE 802.11 standards, it provides complete support for 802.11a, 802.11b, 802.11g, 802.11n and 802.11ac as long as additional features like WPA, WEP, AES encryption, Wireless Distribution System (WDS), Dynamic Frequency selection (DFS), Virtual Access Point, Nstreme and NV2 proprietary protocols and many more. Wireless features compatibility table for different wireless protocols.

...

Sub-menu: /interface wireless

Property	Description
adaptive-noise-immunity

 

(ap-and-client-mode | client-mode | none; Default:

 

none)	This property is only effective for cards based on Atheros chipset.
allow-sharedkey

 

(yes | no; Default:

 

no)	Allow WEP Shared Key clients to connect. Note that no authentication is done for these clients (WEP Shared keys are not compared to anything) - they are just accepted at once (if access list allows that)
ampdu-priorities

 

(list of integer [0..7]; Default:

 

0)	Frame priorities for which AMPDU sending (aggregating frames and sending using block acknowledgment) should get negotiated and used. Using AMPDUs will increase throughput, but may increase latency, therefore, may not be desirable for real-time traffic (voice, video). Due to this, by default AMPDUs are enabled only for best-effort traffic.
amsdu-limit

 

(integer [0..8192]; Default:

 

8192)	Max AMSDU that device is allowed to prepare when negotiated. AMSDU aggregation may significantly increase throughput especially for small frames, but may increase latency in case of packet loss due to retransmission of aggregated frame. Sending and receiving AMSDUs will also increase CPU usage.
amsdu-threshold

 

(integer [0..8192]; Default:

 

8192)	Max frame size to allow including in AMSDU.
antenna-gain

 

(integer [0..4294967295]; Default:

 

0)	Antenna gain in dBi, used to calculate maximum transmit power according to

 

country

 

regulations.

antenna-mode

 

(ant-a | ant-b | rxa-txb | txa-rxb; Default: )

Select antenna to use for transmitting and for receiving ant-a

 

- use only 'a' antenna ant-b

 

- use only 'b' antenna txa-rxb

 

- use antenna 'a' for transmitting, antenna 'b' for receiving rxa-txb

 

- use antenna 'b' for transmitting, antenna 'a' for receiving

area

 

(string; Default: )

Identifies group of wireless networks. This value is announced by AP, and can be matched in

 

connect-list

 

by

 

area-prefix. This is a proprietary extension.

arp

 

(disabled | enabled | proxy-arp | reply-only; Default:

 

enabled)	Read more >>
arp-timeout

 

(auto | integer; Default:

 

auto)

ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value

 

auto

 

equals to the value of

 

arp-timeout

 

in

 

/ip settings, default is 30s

band

 

(2ghz-b | 2ghz-b/g | 2ghz-b/g/n | 2ghz-onlyg | 2ghz-onlyn | 5ghz-a | 5ghz-a/n | 5ghz-onlyn | 5ghz-a/n/ac | 5ghz-

only

onlyac | 5ghz-n/ac; Default: )	Defines set of used data rates, channel frequencies and widths.
basic-rates-a/g

 

(12Mbps | 18Mbps | 24Mbps | 36Mbps | 48Mbps | 54Mbps | 6Mbps | 9Mbps; Default:

 

6Mbps)

Similar to the

 

basic-rates-b

 

property, but used for 5ghz, 5ghz-10mhz, 5ghz-5mhz, 5ghz-turbo, 2.4ghz-b/g, 2.4ghz-onlyg, 2ghz-10mhz, 2ghz-5mhz and 2.4ghz-g-turbo bands.

basic-rates-b

 

(11Mbps | 1Mbps | 2Mbps | 5.5Mbps; Default:

 

1Mbps)

List of basic rates, used for 2.4ghz-b, 2.4ghz-b/g and 2.4ghz-onlyg bands. Client will connect to AP only if it supports all basic rates announced by the AP. AP will establish WDS link only if it supports all basic rates of the other AP. This property has effect only in AP modes, and when value of

 

rate-set

 

is configured.

bridge-mode

 

(disabled | enabled; Default:

 

enabled)

Allows to use station-bridge mode.

 

Read more >>

burst-time

 

(integer | disabled; Default:

 

disabled)	Time in microseconds which will be used to send data without stopping. Note that no other wireless cards in that network will be able to transmit data during burst-time microseconds. This setting is available only for AR5000, AR5001X, and AR5001X+ chipset based cards.
channel-width

 

(20/40/80/160mhz-Ceeeeeee | 20/40/80/160mhz-XXXXXXXX | 20/40/80/160mhz-eCeeeeee | 20/40/80/160mhz-eeCeeeee | 20/40/80/160mhz-eeeCeeee | 20/40/80/160mhz-eeeeCeee | 20/40/80/160mhz-eeeeeCee | 20/40/80/160mhz-eeeeeeCe | 20/40/80/160mhz-eeeeeeeC | 20/40/80mhz-Ceee | 20/40/80mhz-eCee | 20/40/80mhz-eeCe | 20/40/80mhz-eeeC | 20/40/80mhz-XXXX | 20/40mhz-Ce | 20/40mhz-eC | 20/40mhz-XX | 40mhz-turbo | 20mhz | 10mhz | 5mhz; Default:

 

20mhz)

Use of extension channels (e.g. Ce, eC etc) allows additional 20MHz extension channels and if it should be located below or above the control (main) channel. Extension channel allows 802.11n devices to use up to 40MHz (802.11ac up to 160MHz) of spectrum in total thus increasing max throughput. Channel widths with XX and XXXX extensions automatically scan for a less crowded control channel frequency based on the number of concurrent devices running in every frequency and chooses the “C” - Control channel frequency automatically.

comment

 

(string; Default: )	Short description of the interface
compression

 

(yes | no; Default:

 

no)	Setting this property to

 

yes

 

will allow the use of the hardware compression. Wireless interface must have support for hardware compression. Connections with devices that do not use compression will still work.

country

 

(name of the country | no_country_set; Default:

 no_country_set

etsi)

Limits available bands, frequencies and maximum transmit power for each frequency. Also specifies default value of

 

scan-list. Value

 

no_country_set

 

is an FCC compliant set of channels.

default-ap-tx-limit

 

(integer [0..4294967295]; Default:

 

0)	This is the value of

 

ap-tx-limit

 

for clients that do not match any entry in the

 

access-list. 0 means no limit.

default-authentication

 

(yes | no; Default:

 

yes)	For AP mode, this is the value of

 

authentication

 

for clients that do not match any entry in the

 

access-list. For station mode, this is the value of

 

connect

 

for APs that do not match any entry in the

 

connect-list

default-client-tx-limit

 

(integer [0..4294967295]; Default:

 

0)	This is the value of

 

client-tx-limit

 

for clients that do not match any entry in the

 

access-list. 0 means no limit

default-forwarding

 

(yes | no; Default:

 

yes)	This is the value of

 

forwarding

 

for clients that do not match any entry in the

 

access-list

disable-running-check

 

(yes | no; Default:

 

no)	When set to

 

yes

 

interface will always have running flag. If value is set to

 

no', the router determines whether the card is up and running - for AP one or more clients have to be registered to it, for station, it should be connected to an AP.

disabled

 

(yes | no; Default:

 

yes)	Whether interface is disabled
disconnect-timeout

 

(time [0s..15s]; Default:

 

3s)	This interval is measured from third sending failure on the lowest data rate. At this point 3 * (hw-retries

 

+ 1) frame transmits on the lowest data rate had failed. During

 

disconnect-timeout

 

packet transmission will be retried with

 

on-fail-retry-time

 diconnect

interval. If no frame can be transmitted successfully during

 

disconnect-timeout, the connection is closed, and this event is logged as "extensive data loss". Successful frame transmission resets this timer.

distance

 

(integer | dynamic | indoors; Default:

 

dynamic)

How long to wait for confirmation of unicast frames (ACKs) before considering transmission unsuccessful

. Value 'dynamic'

, or in short ACK-Timeout. Distance value has these behaviors: Dynamic - causes AP to detect and use the smallest timeout that works with all connected clients.

Acknowledgments are not used in Nstreme protocol.

Indoor - uses the default ACK timeout value that the hardware chip manufacturer has set. Number - uses the input value in formula: ACK-timeout = ((distance * 1000) + 299) / 300 us; Acknowledgments are not used in Nstreme/NV2 protocols.

frame-lifetime

frame-lifetime 

(integer [0..4294967295]; Default:

 

0)	Discard frames that have been queued for sending longer than

 

frame-lifetime. By default, when value of this property is

 

0, frames are discarded only after connection is closed.

frequency

 

(integer [0..4294967295]; Default: )

Channel frequency value in MHz on which AP will operate. Allowed values depend on the selected band, and are restricted by

 

country

 

setting and wireless card capabilities. This setting has

 

no effect

 

if interface is in any of

 

station

 

modes, or in

 

wds-slave

 

mode, or if DFS is active. Note: If using mode "superchannel", any frequency supported by the card will be accepted, but on the RouterOS client, any non-standard frequency must be configured in the

 

scan-list, otherwise it will not be scanning in non-standard range. In Winbox, scanlist frequencies are in

 

bold, any other frequency means the clients will need scan-list configured.

frequency-mode

 

(manual-txpower | regulatory-domain | superchannel; Default:

 manual-txpower

regulatory_domain)

Three frequency modes are available: regulatory-domain

 

- Limit available channels and maximum transmit power for each channel according to the value of

 

country manual-txpower

 

- Same as above, but do not limit maximum transmit power. superchannel

 

- Conformance Testing Mode. Allow all channels supported by the card. List of available channels for each band can be seen in

 

/interface wireless info allowed-channels. This mode allows you to test wireless channels outside the default scan-list and/or regulatory domain. This mode should only be used in controlled environments, or if you have

a

special permission to use it in your region. Before v4.3 this was called Custom Frequency Upgrade, or Superchannel. Since RouterOS v4.3 this mode is available without special key upgrades to all installations.

frequency-offset

 

(integer [-2147483648..2147483647]; Default:

 

0)	Allows to specify offset if the used wireless card operates at a different frequency than is shown in RouterOS, in case a frequency converter is used in the card. So if your card works at 4000MHz but RouterOS shows 5000MHz, set offset to 1000MHz and it will be displayed correctly. The value is in MHz and can be positive or negative.
guard-interval

 

(any | long; Default:

 

any)	Whether to allow use of short guard interval (refer to 802.11n MCS specification to see how this may affect throughput). "any" will use either short or long, depending on data rate, "long" will use long.
hide-ssid

 

(yes | no; Default:

 

no)

yes

 

- AP does not include SSID in the beacon frames, and does not reply to probe requests that have broadcast SSID. no

 

- AP includes SSID in the beacon frames, and replies to probe requests that have broadcast SSID. This property has an effect only in AP mode. Setting it to

 

yes

 

can remove this network from the list of wireless networks that are shown by some client software. Changing this setting does not improve the security of the wireless network, because SSID is included in other frames sent by the AP.

ht-basic-mcs

 

(list of (mcs-0 | mcs-1 | mcs-2 | mcs-3 | mcs-4 | mcs-5 | mcs-6 | mcs-7 | mcs-8 | mcs-9 | mcs-10 | mcs-11 | mcs-12 | mcs-13 | mcs-14 | mcs-15 | mcs-16 | mcs-17 | mcs-18 | mcs-19 | mcs-20 | mcs-21 | mcs-22 | mcs-23); Default:

 

mcs-0; mcs-1; mcs-2; mcs-3; mcs-4; mcs-5; mcs-6; mcs-7)

Modulation and Coding Schemes

 

that every connecting client must support. Refer to 802.11n for MCS specification.

ht-supported-mcs

 

(list of (mcs-0 | mcs-1 | mcs-2 | mcs-3 | mcs-4 | mcs-5 | mcs-6 | mcs-7 | mcs-8 | mcs-9 | mcs-10 | mcs-11 | mcs-12 | mcs-13 | mcs-14 | mcs-15 | mcs-16 | mcs-17 | mcs-18 | mcs-19 | mcs-20 | mcs-21 | mcs-22 | mcs-23); Default:

 

mcs-0; mcs-1; mcs-2; mcs-3; mcs-4; mcs-5; mcs-6; mcs-7; mcs-8; mcs-9; mcs-10; mcs-11; mcs-12; mcs-13; mcs-14; mcs-15; mcs-16; mcs-17; mcs-18; mcs-19; mcs-20; mcs-21; mcs-22; mcs-23)

Modulation and Coding Schemes

 

that this device advertises as supported. Refer to 802.11n for MCS specification.

hw-fragmentation-threshold

 

(integer[256..3000] | disabled; Default:

 

0)	Specifies maximum fragment size in bytes when transmitted over the wireless medium. 802.11 standard packet (MSDU in 802.11

terminology

terminologies) fragmentation allows packets to be fragmented before transmitting over a wireless medium to increase the probability of successful transmission (only fragments that did not transmit correctly are retransmitted). Note that transmission of a fragmented packet is less efficient than transmitting unfragmented packet because of protocol overhead and increased resource usage at both - transmitting and receiving party.

hw-protection-mode

 

(cts-to-self | none | rts-cts; Default:

 

none)

Frame protection support property

 

read more >>

hw-protection-threshold

 

(integer [0..65535]; Default:

 

0)	Frame protection support property

 

read more >>

hw-retries

 

(integer [0..15]; Default:

 

7)	Number of times sending frame is retried without considering it a transmission failure. Data-rate is decreased upon failure and the frame is sent again. Three sequential failures on the lowest supported rate suspend transmission to this destination for the duration of

 

on-fail-retry-time. After that, the frame is sent again. The frame is being retransmitted until transmission success, or until the client is disconnected after

 

disconnect-timeout.

Frame

The frame can be discarded during this time if

 

frame-lifetime

 

is exceeded.

installation

 

(any | indoor | outdoor; Default:

 

any)	Adjusts scan-list to use indoor, outdoor or all frequencies for the country that is set.
interworking-profile

 

(enabled | disabled; Default:

 

disabled)
keepalive-frames

 

(enabled | disabled; Default:

 

enabled)

l2mtu (integer [0..

Applies only if wireless interface is in mode=ap-bridge. If a client has not communicated for around 20 seconds, AP sends a "keepalive-frame". Note, disabling the feature can lead to "ghost" clients in registration-table.

l2mtu (integer [0..65536]; Default:

 

1600)
mac-address

 

(MAC; Default: )
master-interface

 

(string; Default: )

Name of wireless interface that has

 

virtual-ap

 

capability.

 

Virtual AP

 

interface will only work if master interface is in

 

ap-bridge,

 

bridge,

 

station

 

or

 

wds-slave

 

mode. This property is only for virtual AP interfaces.

max-station-count

 

(integer [1..2007]; Default:

 

2007)	Maximum number of associated clients. WDS links also count toward this limit.
mode

 

(station | station-wds | ap-bridge | bridge | alignment-only | nstreme-dual-slave | wds-slave | station-pseudobridge | station-pseudobridge-clone | station-bridge; Default:

 

station)

Selection between different station and access point (AP) modes. Station modes: station

 

- Basic station mode. Find and connect to acceptable AP. station-wds

 

- Same as

 

station, but create WDS link with AP, using proprietary extension. AP configuration has to allow WDS links with this device. Note that this mode does not use entries in

 

wds. station-pseudobridge

 

- Same as

 

station, but additionally perform MAC address translation of all traffic. Allows interface to be bridged. station-pseudobridge-clone

 

- Same as

 

station-pseudobridge, but use

 

station-bridge-clone-mac

 

address to connect to AP. station-bridge - Provides support for transparent protocol-independent L2 bridging on the station device. RouterOS AP accepts clients in station-bridge mode when enabled using bridge-mode parameter. In this mode, the AP maintains a forwarding table with information on which MAC addresses are reachable over which station device. Only works with RouterOS APs. With station-bridge mode, it is not possible to connect to CAPsMAN controlled CAP. AP modes: ap-bridge

 

- Basic access point mode. bridge

 

- Same as

 

ap-bridge, but limited to one associated client. wds-slave

 

- Same as

 

ap-bridge, but scan for AP with the same

 

ssid

 

and establishes WDS link. If this link is lost or cannot be established, then continue scanning. If

 

dfs-mode

 

is

 

radar-detect, then APs with enabled

 

hide-ssid

 

will not be found during scanning. Special modes: alignment-only

 

- Put the interface in a continuous transmit mode that is used for aiming the remote antenna. nstreme-dual-slave

 

- allow this interface to be used in nstreme-dual setup. MAC address translation

in pseudobridge modes

in pseudobridge modes works by inspecting packets and building a table of corresponding IP and MAC addresses. All packets are sent to AP with the MAC address used by pseudobridge, and MAC addresses of received packets are restored from the address translation table. There is a single entry in the address translation table for all non-IP packets, hence more than one host in the bridged network cannot reliably use non-IP protocols. Note: Currently IPv6 doesn't work over Pseudobridge

mtu

 

(integer [0..65536]; Default:

 

1500)
multicast-buffering

 

(disabled | enabled; Default:

 

enabled)	For a client that has power saving, buffer multicast packets until next beacon time. A client should wake up to receive a beacon, by receiving beacon it sees that there are multicast packets pending, and it should wait for multicast packets to be sent.
multicast-helper

 

(default | disabled | full; Default:

 

default)

When set to full, multicast packets will be sent with a unicast destination MAC address, resolving

 

multicast problem

 

on the wireless link. This option should be enabled only on the access point, clients should be configured in

 

station-bridge

 

mode. Available starting from v5.15. disabled - disables the helper and sends multicast packets with multicast destination MAC addresses dhcp - dhcp packet mac addresses are changed to unicast mac addresses prior to sending them out full - all multicast packet mac address are changed to unicast mac addresses prior to sending them out default - default choice that currently is set to

 disabled

dhcp. Value can be changed in future releases.

name

 

(string; Default: )	name of the interface
noise-floor-threshold

 

(default | integer [-128..127]; Default:

 

default)	For advanced use only, as it can badly affect the performance of the interface. It is possible to manually set noise floor threshold value. By default, it is dynamically calculated. This property also affects received signal strength. This property is only effective on non-AC chips.
nv2-cell-radius

 

(integer [10..200]; Default:

 

30)

Setting affects the size of contention time slot that AP allocates for clients to initiate connection and also size of time slots used for estimating distance to client. When setting is too small, clients that are farther away may have trouble connecting and/or disconnect with "ranging timeout" error. Although during normal operation the effect of this setting should be negligible, in order to maintain maximum performance, it is advised to not increase this setting if not necessary, so AP is not reserving time that is actually never used, but instead allocates it for actual data transfer. on AP: distance to farthest client in km on station: no effect

nv2-noise-floor-offset

 

(default | integer [0..20]; Default:

 

default)
nv2-preshared-key

 

(string; Default: )
nv2-qos

 

(default | frame-priority; Default:

 

default)

Sets the packet priority mechanism, firstly data from high priority queue is sent, then lower queue priority data until 0 queue priority is reached. When link is full with high priority queue data, lower priority data is not sent. Use it very carefully, setting works on AP frame-priority

 

- manual setting that can be tuned with Mangle rules. default

 

- default setting where small packets receive priority for best latency

nv2-queue-count

 

(integer [2..8]; Default:

 

2)
nv2-security

 

(disabled | enabled; Default:

 

disabled)
on-fail-retry-time

 

(time [100ms..1s]; Default:

 

100ms)	After third sending failure on the lowest data rate, wait for specified time interval before retrying.
periodic-calibration

 

(default | disabled | enabled; Default:

 

default)

Setting

 

default

 

enables periodic calibration if

 

info

 

default-periodic-calibration

 

property is

 

enabled. Value of that property depends on the type of wireless card. This property is only effective for cards based on Atheros chipset.

periodic-calibration-interval

 

(integer [1..10000]; Default:

 

60)	This property is only effective for cards based on Atheros chipset.
preamble-mode

 

(both | long | short; Default:

 

both)

Short preamble mode is an option of 802.11b standard that reduces per-frame overhead. On AP: long

 

- Do not use short preamble. short

 

- Announce short preamble capability. Do not accept connections from clients that do not have this capability. both

 

- Announce short preamble capability. On station: long

 

- do not use short preamble. short

 

- do not connect to AP if it does not support short preamble. both

 

- Use short preamble if AP supports it.

prism-cardtype

 

(100mW | 200mW | 30mW; Default: )	Specify type of the installed Prism wireless card.
proprietary-extensions

 

(post-2.9.25 | pre-2.9.25; Default:

 

post-2.9.25)

RouterOS includes proprietary information in an information element of management frames. This parameter controls how this information is included. pre-2.9.25

 

- This is older method. It can interoperate with newer versions of RouterOS. This method is incompatible with some clients, for example, Centrino based ones. post-2.9.25

 

- This uses standardized way of including vendor specific information, that is compatible with newer wireless clients.

radio-name

 

(string; Default:

 

MAC address of an interface)	Descriptive name of the device, that is shown in registration table entries on the remote devices. This is a proprietary extension.
rate-selection

 

(advanced | legacy; Default:

 

advanced)	Starting from v5.9 default value is advanced since legacy mode was inefficient.
rate-set

 

(configured | default; Default:

 

default)

Two options are available: default

 

- default basic and supported rate sets are used. Values from

 

basic-rates

 

and

 

supported-rates

 

parameters have no effect. configured

 

- use values from

 

basic-rates,

 

supported-rates,

 

basic-mcs,

 

mcs.

 

Read more >>.

rx-chains

 

(list of integer [0..3]; Default:

 

0)	Which antennas to use for receive. In current MikroTik routers, both RX and TX chain must be enabled, for the chain to be enabled.
scan-list (Comma separated list of frequencies and frequency ranges | default. Since v6.35 (wireless-rep) type also support range:step option; Default:

 

default)

The

 

default

 

value is all channels from selected band that are supported by card and allowed by the

 

country

 

and

 

frequency-mode

 

settings (this list can be seen in

 

info). For default scan list in

 

5ghz

 

band channels are taken with 20MHz step, in

 

5ghz-turbo

 

band - with 40MHz step, for all other bands - with 5MHz step. If

 

scan-list

 

is specified manually, then all matching channels are taken. (Example:

 

scan-list=default,5200-5245,2412-2427

 

- This will use the default value of scan list for current band, and add to it supported frequencies from 5200-5245 or 2412-2427 range.)

 

Since RouterOS v6.0 with Winbox or Webfig, for inputting of multiple frequencies, add each frequency or range of frequencies into separate multiple scan-lists. Using a comma to separate frequencies is no longer supported in Winbox/Webfig since v6.0. Since RouterOS v6.35 (wireless-rep) scan-list support step feature where it is possible to manually specify the scan step. Example:

 

scan-list=5500-5600:20 will generate such scan-list values

 

5500,5520,5540,5560,5580,5600

security-profile

 

(string; Default:

 

default)

Name of profile from

 

security-profiles

ssid (string (0..32 chars); Default: value of 

secondary-channel (integer; Default: "")	Specifies secondary channel, required to enable 80+80MHz transmission. To disable 80+80MHz functionality, set secondary-channel to "" or unset the value via CLI/GUI.
ssid (string (0..32 chars); Default: value of system/identity)	SSID (service set identifier) is a name that identifies wireless network.
skip-dfs-channels (string | 10min-cac | all | disabled; Default: disabled)	These values are used to skip all DFS channels or specifically skip DFS CAC channels in range 5600-5650MHz which detection could go up to 10min.
station-bridge-clone-mac

 

(MAC; Default: )

This property has effect only in the

 

station-pseudobridge-clone

 

mode. Use this MAC address when connection to AP. If this value is

 

00:00:00:00:00:00, station will initially use MAC address of the wireless interface. As soon as packet with MAC address of another device needs to be transmitted, station will reconnect to AP using that address.

station-roaming

 

(disabled | enabled; Default:

 enabled

disabled)

Station Roaming feature is available only for 802.11 wireless protocol and only for station modes.

 

Read more >>

supported-rates-a/g

 

(list of rates [12Mbps | 18Mbps | 24Mbps | 36Mbps | 48Mbps | 54Mbps | 6Mbps | 9Mbps]; Default:

 

6Mbps; 9Mbps; 12Mbps; 18Mbps; 24Mbps; 36Mbps; 48Mbps; 54Mbps)

List of supported rates, used for all bands except

 

2ghz-b.

supported-rates-b

 

(list of rates [11Mbps | 1Mbps | 2Mbps | 5.5Mbps]; Default:

 

1Mbps; 2Mbps; 5.5Mbps; 11Mbps)

List of supported rates, used for

 

2ghz-b,

 

2ghz-b/g

 

and

 

2ghz-b/g/n

 

bands. Two devices will communicate only using rates that are supported by both devices. This property has effect only when value of

 

rate-set

 

is

 

configured.

tdma-period-size

 

(integer [1..10]; Default:

 

2)	Specifies TDMA period in milliseconds. It could help on the longer distance links, it could slightly increase bandwidth, while latency is increased too.
tx-chains

 

(list of integer [0..3]; Default:

 

0)	Which antennas to use for transmitting. In current MikroTik routers, both RX and TX chain must be enabled, for the chain to be enabled.
tx-power

 

(integer [-30..

30

40]; Default: )	For 802.11ac wireless interface it's total power but for 802.11a/b/g/n it's power per chain.
tx-power-mode

 

(default, card-rates, all-

rated

rates-fixed, manual-table; Default:

 

default)

sets up tx-power mode for wireless card default - use values stored in the card

card

all-rates-

use transmit power as defined by tx-power settingall-rated-

fixed - use same transmit power for all data rates. Can damage the card if transmit power is set above rated value of the card for used rate. manual-table - define transmit power for each rate separately. Can damage the card if transmit power is set above rated value of the card for used rate.

update-

card-rates - use transmit power calculated for each rate based on value of tx-power parameter. Legacy mode only compatible with currently discontinued products.

update-stats-interval

 

(; Default: )

How often to request update of signals strength and ccq values from clients. Access to

 

registration-table

 

also triggers update of these values. This is proprietary extension.

vht-basic-mcs

 

(none | MCS 0-7 | MCS 0-8 | MCS 0-9; Default:

 

MCS 0-7)

Modulation and Coding Schemes

 

that every connecting client must support. Refer to 802.11ac for MCS specification. You can set MCS interval for each of Spatial Stream none

 

- will not use selected Spatial Stream MCS 0-7

 

- client must support MCS-0 to MCS-7 MCS 0-8

 

- client must support MCS-0 to MCS-8 MCS 0-9

 

- client must support MCS-0 to MCS-9

vht-supported-mcs

 

(none | MCS 0-7 | MCS 0-8 | MCS 0-9; Default:

 

MCS 0-9)

Modulation and Coding Schemes

 

that this device advertises as supported. Refer to 802.11ac for MCS specification. You can set MCS interval for each of Spatial Stream none

 

- will not use selected Spatial Stream MCS 0-7

 

- devices will advertise as supported MCS-0 to MCS-7 MCS 0-8

 

- devices will advertise as supported MCS-0 to MCS-8 MCS 0-9

 

- devices will advertise as supported MCS-0 to MCS-9

wds-cost-range

 

(start [-end] integer[

0

1..

4294967295

200000000]; Default:

 

50-150)

Bridge port cost of WDS links are automatically adjusted, depending on measured link throughput. Port cost is recalculated and adjusted every 5 seconds if it has changed by more than 10%, or if more than 20 seconds have passed since the last adjustment. Setting this property to

 

0

 

disables automatic cost adjustment. Automatic adjustment does not work for WDS links that are manually configured as a bridge port.

wds-default-bridge

 

(string | none; Default:

 

none)

When WDS link is established and status of the wds interface becomes

 

running, it will be added as a bridge port to the bridge interface specified by this property. When WDS link is lost, wds interface is removed from the bridge. If wds interface is already included in a bridge setup when WDS link becomes active, it will not be added to bridge specified by , and will

 

(needs editing)

wds-default-cost

 

(integer [

0

1..

4294967295

200000000]; Default:

 

100)	Initial bridge port cost of the WDS links.
wds-ignore-ssid

 

(yes | no; Default:

 

no)	By default, WDS link between two APs can be created only when they work on the same frequency and have the same SSID value. If this property is set to

 

yes, then SSID of the remote AP will not be checked. This property has no effect on connections from clients in

 

station-wds

 

mode. It also does not work if

 

wds-mode

 

is

 

static-mesh

 

or

 

dynamic-mesh.

wds-mode

 

(disabled | dynamic | dynamic-mesh | static | static-mesh; Default:

 

disabled)

Controls how WDS links with other devices (APs and clients in

 

station-wds

 

mode) are established. disabled

 

does not allow WDS links. static

 

only allows WDS links that are manually configured in

 wds

WDS dynamic

 

also allows WDS links with devices that are not configured in

 wds

WDS, by creating required entries dynamically. Such dynamic WDS entries are removed automatically after the connection with the other AP is lost. -

mesh modes

mesh modes use different (better) method for establishing link between AP, that is not compatible with APs in non-mesh mode. This method avoids one-sided WDS links that are created only by one of the two APs. Such links cannot pass any data.When AP or station is establishing WDS connection with another AP, it

uses connect

uses connect-

list to

list to check whether this connection is allowed. If station

in station

in station-

wds mode

wds mode is establishing connection with AP, AP

uses access

uses access-

list to

list to check whether this connection is allowed.

If mode is station

If mode is station-wds, then this property has no effect.

wireless-protocol

 

(802.11 | any | nstreme | nv2 | nv2-nstreme | nv2-nstreme-802.11 | unspecified; Default:

 unspecified

any)	Specifies protocol used on wireless interface; unspecified

 

- protocol mode used on previous RouterOS versions (v3.x, v4.x). Nstreme is enabled by old enable-nstreme setting, Nv2 configuration is not possible. any : on AP - regular 802.11 Access Point or Nstreme Access Point; on station - selects Access Point without specific sequence, it could be changed by connect-list rules. nstreme

 

- enables Nstreme protocol (the same as old enable-nstreme setting). nv2

 

- enables Nv2 protocol. nv2 nstreme : on AP - uses first wireless-protocol setting, always Nv2; on station - searches for Nv2 Access Point, then for Nstreme Access Point. nv2 nstreme 802.11

 

- on AP - uses first wireless-protocol setting, always Nv2; on station - searches for Nv2 Access Point, then for Nstreme Access Point, then for regular 802.11 Access Point. Warning!

 

Nv2 doesn't have support for Virtual AP

wmm-support

 

(disabled | enabled | required; Default:

 

disabled)

Specifies whether to enable

 WMM.

WMM.  Only applies to bands B and G. Other bands will have it enabled regardless of this setting

wps-mode

 

(disabled | push-button | push-button-virtual-only; Default:

 

depending on the device model)

Read more >>

...

802.11n wireless chipsets represent power per chain and the 802.11ac

802.11n wireless chipsets represent power per chain and the 802.11ac wireless chipsets represent the total power, for reference see the table below:Transmit Power representation on 802.11n and 802.11ac

Wireless chipset signal level representation

Basic and MCS Rate table

Default basic and supported rates, depending on selected band

...

802.11 standard provides means to protect the transmission against other device transmission by using RTS/CTS protocol. Frame protection helps to fight "hidden node" problem. There are several types of protection:

...

• Increased speed
• More client connections in PTM environments
• Lower latency
• No distance limitations
• No penalty for long distances

Starting from RouterOS v5.0beta5 you can configure Nv2 in the Wireless menu. Please take a look at the NV2 protocol implementation status. Nv2 protocol limit is 511 clients.

...

Access list is used by access point to restrict allowed connections from other devices, and to control connection parameters.Operation:

Access list rules are

...

processed one by one until matching rule is found. Then the action in the matching rule is

...

executed.

...

If action specifies that client should be accepted, client is accepted, potentially overriding it's default connection parameters with ones specified in access list rule.

There are the following parameters for access list rules:

• client matching parameters:
  • address - MAC address of the client
  • interface - optional interface to compare with the interface to which client actually connects to
  • time - time of day and days when rule matches
  • signal-range - range in which client signal must fit for the rule to match
  • allow-signal-out-of-range - option which permits client's signal to be out of the range always or for some time interval
• connection parameters:
  • ap-tx-limit - tx speed limit in direction to client
  • client-tx-limit - tx speed limit in direction to AP (applies to RouterOS clients only)
  • private-passphrase - PSK passphrase to use for this client if some PSK authentication algorithm is used
  • vlan-mode - VLAN tagging mode specifies if traffic coming from client should get tagged (and untagged when going to client).
  • vlan-id - VLAN ID to use if doing VLAN tagging

Operation:

• Access list rules are checked sequentially.
• Disabled rules are always ignored.
• Only the first matching rule is applied.
• If there are no matching rules for the remote connection, then the default values from the wireless interface configuration are used.
• If remote device is matched by rule that has authentication=no value, the connection from that remote device is rejected.

Warning: If there is no entry in ACL about client which connects to AP (wireless,debug wlan2: A0:0B:BA:D7:4D:B2 not in local ACL, by default accept), then ACL for this client is ignored during all connection time.

For example, if client's signal during connection is -41 and we have ACL rule

/interface/wireless/access-list
add authentication=yes forwarding=yes interface=wlan2 signal-range=-55..0

Then the connection is matched to the ACL rule, but if signal drops below -55, client will not be disconnected.

Please note that if "default-authentication=yes" is set on the wireless interface, clients will be able to join even if there are no matching access-list entries.
To make it work correctly it is required that client is matched by any of ACL rules.

If we modify ACL rules in the previous example to:

/interface/wireless/access-list
add interface=wlan2 signal-range=-55..0
add authentication=no forwarding=no interface=wlan2 signal-range=-120..-56

Then if signal drops to -56, client will be disconnected.

Properties

Warning: If there is no entry in ACL about client which connects to AP (wireless,debug wlan2: A0:0B:BA:D7:4D:B2 not in local ACL, by default accept), then ACL for this client is ignored during all connection time.

For example, if client's signal during connection is -41 and we have ACL rule

/interface wireless access-list
add authentication=yes forwarding=yes interface=wlan2 signal-range=-55..0

Then connection is not matched to any ACL rule and if signal drops to -70..-80, client will not be disconnected.

...

If we modify ACL rules in previous example to:

/interface wireless access-list
add interface=wlan2 signal-range=-55
add authentication=no forwarding=no interface=wlan2 signal-range=-120..-56

Then if signal drops to -56, client will be disconnected.

Properties

...

connect-list is used to assign priority and security settings to connections with remote access points, and to restrict allowed connections. connect-list is an ordered list of rules. Each rule in connect-list is attached to specific wireless interface, specified in the interfaceproperty of that rule (this is unlike access-list, where rules can apply to all interfaces). Rule can match MAC address of remote access point, it's signal strength and many other parameters.

...

...

...

Warning: You must follow to regulatory domain requirements in your country. If you are allowed to use other frequencies, note that Antenna Gain and Transmit Power may decrease depending on board and frequency. Devices are calibrated only for regulatory frequencies, use non standard frequencies at your own risk. The list only specifies frequencies accepted by the wireless chip, these frequencies might not always work due to antenna that is built into the product, device design, filters and other factors. USE STRICTLY AT YOUR OWN RISK

Integrated wireless interface frequency table

It is possible to deduce supported channel width from the product page, to do so you need to check the following parameters: number of chains and the max data rate. Once you know these parameters, you need to check the modulation and coding scheme (MCS) table, for example, here: https://mcsindex.com/.

If we take hAP ac, as an example, we can see that number of chains is 3, and the max data rate is 1300 in the MCS table. In the MCS table we need to find entry for 3 spatial streams - chains, and the respective data rate, which in this case shows us that 80MHz is the maximum supported channel width.

Integrated wireless interface frequency table

NOTES:

...

NOTES:

1. - Only in 802.11a/n standard

Overview

Advanced Channels feature provides extended opportunities in wireless interface configuration:

• scan-list that covers multiple bands and channel widths;
• non-standard channel center frequencies (specified with KHz granularity) for hardware that allows that;
• non-standard channel widths (specified with KHz granularity) for hardware that allows that.

Hardware support

Non standard center frequency and width channels can only be used with interfaces that support it.

Currently only Atheros AR92xx based chips support non-standard center frequencies and widths with the following ranges:

• center frequency range: 2200MHz-2500MHz with step 0.5MHz (500KHz), width range: 2.5MHz-30MHz width step 0.5MHz (500KHz);
• center frequency range: 4800MHz-6100MHz with step 0.5MHz (500KHz), width range: 2.5MHz-30MHz width step 0.5MHz (500KHz);

AR93xx doesn't support this feature

Configuring Advanced Channels

Advanced Channels are configured in interface wireless channels menu. This menu contains ordered list of user-defined channels that can be grouped by means of list property. Channels have the following properties:

• name - name by which this channel can be referred to. If name is not specified when adding channel, it will be automatically generated from channel frequency and width;
• list - name of list this channel is part of. Lists can be used to group channels;
• frequency - channel center frequency in MHz, allowing to specify fractional MHz part, e.g. 5181.5;
• width - channel width in MHz, allowing to specify fractional MHz part, e.g. 14.5;
• band - defines default set of data rates when using this channel;
• extension-channel - specifies placement of 11n extension channel.

Using Advanced Channels

In order to use Advanced Channels in wireless interface configuration, several interface settings accept channel names or list names as arguments. It is possible to configure interface with channel that interface does not support. In this case interface will not become operational. It is sole responsibility of administrator to configure channels in proper way.

frequency

To use particular Advanced Channel for wireless interface (applies to modes that make use of interface frequency setting) specify channel name in interface frequency setting. For example, to configure interface to operate with center frequency 5500MHz and channel width 14MHz, use the following commands:

[admin@MikroTik] /interface wireless> channels add name=MYCHAN frequency=5500 width=14 band=5ghz-onlyn
 list=MYLIST
[admin@MikroTik] /interface wireless> set wlan1 frequency=MYCHAN 

scan-list

Interface scan-list is used in multiple modes that either gather information for list of channels (like interactive scan command) or selects channel to work on (like any of station modes or AP modes performing DFS). Interface scan-list can be configured with comma-separated list of the following items:

• default - default .11 channel list for given country and interface band and channel width;
• numeric frequency ranges in MHz;
• Advanced Channel, referred to by name;
• Advanced Channel list, referred to by list name.

For example, to configure interface to scan 5180MHz, 5200MHz and 5220MHz at first using channel width 20MHz and then using channel width 10MHz, the following commands can be issued:

[admin@MikroTik] /interface wireless> channels add frequency=5180 width=20 band=5ghz-a list=20MHz-list
[admin@MikroTik] /interface wireless> channels add frequency=5200 width=20 band=5ghz-a list=20MHz-list
[admin@MikroTik] /interface wireless> channels add frequency=5220 width=20 band=5ghz-a list=20MHz-list
[admin@MikroTik] /interface wireless> channels add frequency=5180 width=10 band=5ghz-a list=10MHz-list
[admin@MikroTik] /interface wireless> channels add frequency=5200 width=10 band=5ghz-a list=10MHz-list
[admin@MikroTik] /interface wireless> channels add frequency=5220 width=10 band=5ghz-a list=10MHz-list
[admin@MikroTik] /interface wireless> set wlan1 scan-list=20MHz-list,10MHz-list

Nstreme

Sub-menu: /interface wireless nstreme

...

Security Profiles

Sub-menu: /interface wireless security-profiles

Security profiles are configured under the /interface wireless security-profiles path in the console, or in the "Security Profiles" tab of the "Wireless" window in the WinBox. Security profiles are referenced by the Wireless interface security-profile property and security-profile property of Connect Lists.

...

...

Note: RouterOS also allows to override pre-shared key value for specific clients, using either the private-pre-shared-key property, or the Mikrotik-Wireless-Psk attribute in the RADIUS MAC authentication response. This is an extension.

...

...

RADIUS properties

...

...

[admin@mikrotik] /interface wireless security-profiles> set default management-protection=    
                                                        allowed  disabled  required  

Image RemovedImage Added

Operation details

...

Note: RAIDUS MAC authentication is used by access point for clients that are not found in the access-list, similarly to the default-authentication property of the wireless interface. It controls whether client is allowed to proceed with authentication, or is rejected immediately.