...
Property | Description |
---|---|
adaptive-noise-immunity (ap-and-client-mode | client-mode | none; Default: none) | This property is only effective for cards based on Atheros chipset. |
allow-sharedkey (yes | no; Default: no) | Allow WEP Shared Key clients to connect. Note that no authentication is done for these clients (WEP Shared keys are not compared to anything) - they are just accepted at once (if access list allows that) |
ampdu-priorities (list of integer [0..7]; Default: 0) | Frame priorities for which AMPDU sending (aggregating frames and sending using block acknowledgment) should get negotiated and used. Using AMPDUs will increase throughput, but may increase latency, therefore, may not be desirable for real-time traffic (voice, video). Due to this, by default AMPDUs are enabled only for best-effort traffic. |
amsdu-limit (integer [0..8192]; Default: 8192) | Max AMSDU that device is allowed to prepare when negotiated. AMSDU aggregation may significantly increase throughput especially for small frames, but may increase latency in case of packet loss due to retransmission of aggregated frame. Sending and receiving AMSDUs will also increase CPU usage. |
amsdu-threshold (integer [0..8192]; Default: 8192) | Max frame size to allow including in AMSDU. |
antenna-gain (integer [0..4294967295]; Default: 0) | Antenna gain in dBi, used to calculate maximum transmit power according to country regulations. |
antenna-mode (ant-a | ant-b | rxa-txb | txa-rxb; Default: ) | Select antenna to use for transmitting and for receiving
|
area (string; Default: ) | Identifies group of wireless networks. This value is announced by AP, and can be matched in connect-list by area-prefix. This is a proprietary extension. |
arp (disabled | enabled | proxy-arp | reply-only; Default: enabled) | Read more >> |
arp-timeout (auto | integer; Default: auto) | ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in /ip settings, default is 30s |
band (2ghz-b | 2ghz-b/g | 2ghz-b/g/n | 2ghz-onlyg | 2ghz-onlyn | 5ghz-a | 5ghz-a/n | 5ghz-onlyn | 5ghz-a/n/ac | 5ghz-onlyac | 5ghz-n/ac; Default: ) | Defines set of used data rates, channel frequencies and widths. |
basic-rates-a/g (12Mbps | 18Mbps | 24Mbps | 36Mbps | 48Mbps | 54Mbps | 6Mbps | 9Mbps; Default: 6Mbps) | Similar to the basic-rates-b property, but used for 5ghz, 5ghz-10mhz, 5ghz-5mhz, 5ghz-turbo, 2.4ghz-b/g, 2.4ghz-onlyg, 2ghz-10mhz, 2ghz-5mhz and 2.4ghz-g-turbo bands. |
basic-rates-b (11Mbps | 1Mbps | 2Mbps | 5.5Mbps; Default: 1Mbps) | List of basic rates, used for 2.4ghz-b, 2.4ghz-b/g and 2.4ghz-onlyg bands. Client will connect to AP only if it supports all basic rates announced by the AP. AP will establish WDS link only if it supports all basic rates of the other AP. This property has effect only in AP modes, and when value of rate-set is configured. |
bridge-mode (disabled | enabled; Default: enabled) | Allows to use station-bridge mode. Read more >> |
burst-time (integer | disabled; Default: disabled) | Time in microseconds which will be used to send data without stopping. Note that no other wireless cards in that network will be able to transmit data during burst-time microseconds. This setting is available only for AR5000, AR5001X, and AR5001X+ chipset based cards. |
channel-width (20/40/80/160mhz-Ceeeeeee | 20/40/80/160mhz-XXXXXXXX | 20/40/80/160mhz-eCeeeeee | 20/40/80/160mhz-eeCeeeee | 20/40/80/160mhz-eeeCeeee | 20/40/80/160mhz-eeeeCeee | 20/40/80/160mhz-eeeeeCee | 20/40/80/160mhz-eeeeeeCe | 20/40/80/160mhz-eeeeeeeC | 20/40/80mhz-Ceee | 20/40/80mhz-eCee | 20/40/80mhz-eeCe | 20/40/80mhz-eeeC | 20/40/80mhz-XXXX | 20/40mhz-Ce | 20/40mhz-eC | 20/40mhz-XX | 40mhz-turbo | 20mhz | 10mhz | 5mhz; Default: 20mhz) | Use of extension channels (e.g. Ce, eC etc) allows additional 20MHz extension channels and if it should be located below or above the control (main) channel. Extension channel allows 802.11n devices to use up to 40MHz (802.11ac up to 160MHz) of spectrum in total thus increasing max throughput. Channel widths with XX and XXXX extensions automatically scan for a less crowded control channel frequency based on the number of concurrent devices running in every frequency and chooses the “C” - Control channel frequency automatically. |
comment (string; Default: ) | Short description of the interface |
compression (yes | no; Default: no) | Setting this property to yes will allow the use of the hardware compression. Wireless interface must have support for hardware compression. Connections with devices that do not use compression will still work. |
country (name of the country | no_country_set; Default: etsi) | Limits available bands, frequencies and maximum transmit power for each frequency. Also specifies default value of scan-list. Value no_country_set is an FCC compliant set of channels. |
default-ap-tx-limit (integer [0..4294967295]; Default: 0) | This is the value of ap-tx-limit for clients that do not match any entry in the access-list. 0 means no limit. |
default-authentication (yes | no; Default: yes) | For AP mode, this is the value of authentication for clients that do not match any entry in the access-list. For station mode, this is the value of connect for APs that do not match any entry in the connect-list |
default-client-tx-limit (integer [0..4294967295]; Default: 0) | This is the value of client-tx-limit for clients that do not match any entry in the access-list. 0 means no limit |
default-forwarding (yes | no; Default: yes) | This is the value of forwarding for clients that do not match any entry in the access-list |
disable-running-check (yes | no; Default: no) | When set to yes interface will always have running flag. If value is set to no', the router determines whether the card is up and running - for AP one or more clients have to be registered to it, for station, it should be connected to an AP. |
disabled (yes | no; Default: yes) | Whether interface is disabled |
disconnect-timeout (time [0s..15s]; Default: 3s) | This interval is measured from third sending failure on the lowest data rate. At this point 3 * (hw-retries + 1) frame transmits on the lowest data rate had failed. During disconnect-timeout packet transmission will be retried with on-fail-retry-time interval. If no frame can be transmitted successfully during disconnect-timeout, the connection is closed, and this event is logged as "extensive data loss". Successful frame transmission resets this timer. |
distance (integer | dynamic | indoors; Default: dynamic) | How long to wait for confirmation of unicast frames (ACKs) before considering transmission unsuccessful, or in short ACK-Timeout. Distance value has these behaviors:
|
frame-lifetime (integer [0..4294967295]; Default: 0) | Discard frames that have been queued for sending longer than frame-lifetime. By default, when value of this property is 0, frames are discarded only after connection is closed. |
frequency (integer [0..4294967295]; Default: ) | Channel frequency value in MHz on which AP will operate. Allowed values depend on the selected band, and are restricted by country setting and wireless card capabilities. This setting has no effect if interface is in any of station modes, or in wds-slave mode, or if DFS is active. Note: If using mode "superchannel", any frequency supported by the card will be accepted, but on the RouterOS client, any non-standard frequency must be configured in the scan-list, otherwise it will not be scanning in non-standard range. In Winbox, scanlist frequencies are in bold, any other frequency means the clients will need scan-list configured. |
frequency-mode (manual-txpower | regulatory-domain | superchannel; Default: regulatory_domain) | Three frequency modes are available:
|
frequency-offset (integer [-2147483648..2147483647]; Default: 0) | Allows to specify offset if the used wireless card operates at a different frequency than is shown in RouterOS, in case a frequency converter is used in the card. So if your card works at 4000MHz but RouterOS shows 5000MHz, set offset to 1000MHz and it will be displayed correctly. The value is in MHz and can be positive or negative. |
guard-interval (any | long; Default: any) | Whether to allow use of short guard interval (refer to 802.11n MCS specification to see how this may affect throughput). "any" will use either short or long, depending on data rate, "long" will use long. |
hide-ssid (yes | no; Default: no) |
|
ht-basic-mcs (list of (mcs-0 | mcs-1 | mcs-2 | mcs-3 | mcs-4 | mcs-5 | mcs-6 | mcs-7 | mcs-8 | mcs-9 | mcs-10 | mcs-11 | mcs-12 | mcs-13 | mcs-14 | mcs-15 | mcs-16 | mcs-17 | mcs-18 | mcs-19 | mcs-20 | mcs-21 | mcs-22 | mcs-23); Default: mcs-0; mcs-1; mcs-2; mcs-3; mcs-4; mcs-5; mcs-6; mcs-7) | Modulation and Coding Schemes that every connecting client must support. Refer to 802.11n for MCS specification. |
ht-supported-mcs (list of (mcs-0 | mcs-1 | mcs-2 | mcs-3 | mcs-4 | mcs-5 | mcs-6 | mcs-7 | mcs-8 | mcs-9 | mcs-10 | mcs-11 | mcs-12 | mcs-13 | mcs-14 | mcs-15 | mcs-16 | mcs-17 | mcs-18 | mcs-19 | mcs-20 | mcs-21 | mcs-22 | mcs-23); Default: mcs-0; mcs-1; mcs-2; mcs-3; mcs-4; mcs-5; mcs-6; mcs-7; mcs-8; mcs-9; mcs-10; mcs-11; mcs-12; mcs-13; mcs-14; mcs-15; mcs-16; mcs-17; mcs-18; mcs-19; mcs-20; mcs-21; mcs-22; mcs-23) | Modulation and Coding Schemes that this device advertises as supported. Refer to 802.11n for MCS specification. |
hw-fragmentation-threshold (integer[256..3000] | disabled; Default: 0) | Specifies maximum fragment size in bytes when transmitted over the wireless medium. 802.11 standard packet (MSDU in 802.11 terminologies) fragmentation allows packets to be fragmented before transmitting over a wireless medium to increase the probability of successful transmission (only fragments that did not transmit correctly are retransmitted). Note that transmission of a fragmented packet is less efficient than transmitting unfragmented packet because of protocol overhead and increased resource usage at both - transmitting and receiving party. |
hw-protection-mode (cts-to-self | none | rts-cts; Default: none) | Frame protection support property read more >> |
hw-protection-threshold (integer [0..65535]; Default: 0) | Frame protection support property read more >> |
hw-retries (integer [0..15]; Default: 7) | Number of times sending frame is retried without considering it a transmission failure. Data-rate is decreased upon failure and the frame is sent again. Three sequential failures on the lowest supported rate suspend transmission to this destination for the duration of on-fail-retry-time. After that, the frame is sent again. The frame is being retransmitted until transmission success, or until the client is disconnected after disconnect-timeout. The frame can be discarded during this time if frame-lifetime is exceeded. |
installation (any | indoor | outdoor; Default: any) | Adjusts scan-list to use indoor, outdoor or all frequencies for the country that is set. |
interworking-profile (enabled | disabled; Default: disabled) | |
keepalive-frames (enabled | disabled; Default: enabled) | Applies only if wireless interface is in mode=ap-bridge. If a client has not communicated for around 20 seconds, AP sends a "keepalive-frame". Note, disabling the feature can lead to "ghost" clients in registration-table. |
l2mtu (integer [0..65536]; Default: 1600) | |
mac-address (MAC; Default: ) | |
master-interface (string; Default: ) | Name of wireless interface that has virtual-ap capability. Virtual AP interface will only work if master interface is in ap-bridge, bridge, station or wds-slave mode. This property is only for virtual AP interfaces. |
max-station-count (integer [1..2007]; Default: 2007) | Maximum number of associated clients. WDS links also count toward this limit. |
mode (station | station-wds | ap-bridge | bridge | alignment-only | nstreme-dual-slave | wds-slave | station-pseudobridge | station-pseudobridge-clone | station-bridge; Default: station) | Selection between different station and access point (AP) modes.
AP modes:
Special modes:
MAC address translation in pseudobridge modes works by inspecting packets and building a table of corresponding IP and MAC addresses. All packets are sent to AP with the MAC address used by pseudobridge, and MAC addresses of received packets are restored from the address translation table. There is a single entry in the address translation table for all non-IP packets, hence more than one host in the bridged network cannot reliably use non-IP protocols. Note: Currently IPv6 doesn't work over Pseudobridge |
mtu (integer [0..65536]; Default: 1500) | |
multicast-buffering (disabled | enabled; Default: enabled) | For a client that has power saving, buffer multicast packets until next beacon time. A client should wake up to receive a beacon, by receiving beacon it sees that there are multicast packets pending, and it should wait for multicast packets to be sent. |
multicast-helper (default | disabled | full; Default: default) | When set to full, multicast packets will be sent with a unicast destination MAC address, resolving multicast problem on the wireless link. This option should be enabled only on the access point, clients should be configured in station-bridge mode. Available starting from v5.15.
|
name (string; Default: ) | name of the interface |
noise-floor-threshold (default | integer [-128..127]; Default: default) | For advanced use only, as it can badly affect the performance of the interface. It is possible to manually set noise floor threshold value. By default, it is dynamically calculated. This property also affects received signal strength. This property is only effective on non-AC chips. |
nv2-cell-radius (integer [10..200]; Default: 30) | Setting affects the size of contention time slot that AP allocates for clients to initiate connection and also size of time slots used for estimating distance to client. When setting is too small, clients that are farther away may have trouble connecting and/or disconnect with "ranging timeout" error. Although during normal operation the effect of this setting should be negligible, in order to maintain maximum performance, it is advised to not increase this setting if not necessary, so AP is not reserving time that is actually never used, but instead allocates it for actual data transfer.
|
nv2-noise-floor-offset (default | integer [0..20]; Default: default) | |
nv2-preshared-key (string; Default: ) | |
nv2-qos (default | frame-priority; Default: default) | Sets the packet priority mechanism, firstly data from high priority queue is sent, then lower queue priority data until 0 queue priority is reached. When link is full with high priority queue data, lower priority data is not sent. Use it very carefully, setting works on AP
|
nv2-queue-count (integer [2..8]; Default: 2) | |
nv2-security (disabled | enabled; Default: disabled) | |
on-fail-retry-time (time [100ms..1s]; Default: 100ms) | After third sending failure on the lowest data rate, wait for specified time interval before retrying. |
periodic-calibration (default | disabled | enabled; Default: default) | Setting default enables periodic calibration if info default-periodic-calibration property is enabled. Value of that property depends on the type of wireless card. This property is only effective for cards based on Atheros chipset. |
periodic-calibration-interval (integer [1..10000]; Default: 60) | This property is only effective for cards based on Atheros chipset. |
preamble-mode (both | long | short; Default: both) | Short preamble mode is an option of 802.11b standard that reduces per-frame overhead.
|
prism-cardtype (100mW | 200mW | 30mW; Default: ) | Specify type of the installed Prism wireless card. |
proprietary-extensions (post-2.9.25 | pre-2.9.25; Default: post-2.9.25) | RouterOS includes proprietary information in an information element of management frames. This parameter controls how this information is included.
|
radio-name (string; Default: MAC address of an interface) | Descriptive name of the device, that is shown in registration table entries on the remote devices. This is a proprietary extension. |
rate-selection (advanced | legacy; Default: advanced) | Starting from v5.9 default value is advanced since legacy mode was inefficient. |
rate-set (configured | default; Default: default) | Two options are available:
|
rx-chains (list of integer [0..3]; Default: 0) | Which antennas to use for receive. In current MikroTik routers, both RX and TX chain must be enabled, for the chain to be enabled. |
scan-list (Comma separated list of frequencies and frequency ranges | default. Since v6.35 (wireless-rep) type also support range:step option; Default: default) | The default value is all channels from selected band that are supported by card and allowed by the country and frequency-mode settings (this list can be seen in info). For default scan list in 5ghz band channels are taken with 20MHz step, in 5ghz-turbo band - with 40MHz step, for all other bands - with 5MHz step. If scan-list is specified manually, then all matching channels are taken. (Example: scan-list=default,5200-5245,2412-2427 - This will use the default value of scan list for current band, and add to it supported frequencies from 5200-5245 or 2412-2427 range.) Since RouterOS v6.0 with Winbox or Webfig, for inputting of multiple frequencies, add each frequency or range of frequencies into separate multiple scan-lists. Using a comma to separate frequencies is no longer supported in Winbox/Webfig since v6.0. Since RouterOS v6.35 (wireless-rep) scan-list support step feature where it is possible to manually specify the scan step. Example: scan-list=5500-5600:20 will generate such scan-list values 5500,5520,5540,5560,5580,5600 |
security-profile (string; Default: default) | Name of profile from security-profiles |
secondary-channel (integer; Default: "") | Specifies secondary channel, required to enable 80+80MHz transmission. To disable 80+80MHz functionality, set secondary-channel to "" or unset the value via CLI/GUI. |
ssid (string (0..32 chars); Default: value of system/identity) | SSID (service set identifier) is a name that identifies wireless network. |
skip-dfs-channels (string | 10min-cac | all | disabled; Default: disabled) | These values are used to skip all DFS channels or specifically skip DFS CAC channels in range 5600-5650MHz which detection could go up to 10min. |
station-bridge-clone-mac (MAC; Default: ) | This property has effect only in the station-pseudobridge-clone mode. Use this MAC address when connection to AP. If this value is 00:00:00:00:00:00, station will initially use MAC address of the wireless interface. As soon as packet with MAC address of another device needs to be transmitted, station will reconnect to AP using that address. |
station-roaming (disabled | enabled; Default: disabled) | Station Roaming feature is available only for 802.11 wireless protocol and only for station modes. Read more >> |
supported-rates-a/g (list of rates [12Mbps | 18Mbps | 24Mbps | 36Mbps | 48Mbps | 54Mbps | 6Mbps | 9Mbps]; Default: 6Mbps; 9Mbps; 12Mbps; 18Mbps; 24Mbps; 36Mbps; 48Mbps; 54Mbps) | List of supported rates, used for all bands except 2ghz-b. |
supported-rates-b (list of rates [11Mbps | 1Mbps | 2Mbps | 5.5Mbps]; Default: 1Mbps; 2Mbps; 5.5Mbps; 11Mbps) | List of supported rates, used for 2ghz-b, 2ghz-b/g and 2ghz-b/g/n bands. Two devices will communicate only using rates that are supported by both devices. This property has effect only when value of rate-set is configured. |
tdma-period-size (integer [1..10]; Default: 2) | Specifies TDMA period in milliseconds. It could help on the longer distance links, it could slightly increase bandwidth, while latency is increased too. |
tx-chains (list of integer [0..3]; Default: 0) | Which antennas to use for transmitting. In current MikroTik routers, both RX and TX chain must be enabled, for the chain to be enabled. |
tx-power (integer [-30..40]; Default: ) | For 802.11ac wireless interface it's total power but for 802.11a/b/g/n it's power per chain. |
tx-power-mode (default, card-rates, all-rates-fixed, manual-table; Default: default) | sets up tx-power mode for wireless card
|
update-stats-interval (; Default: ) | How often to request update of signals strength and ccq values from clients. Access to registration-table also triggers update of these values. This is proprietary extension. |
vht-basic-mcs (none | MCS 0-7 | MCS 0-8 | MCS 0-9; Default: MCS 0-7) | Modulation and Coding Schemes that every connecting client must support. Refer to 802.11ac for MCS specification. You can set MCS interval for each of Spatial Stream
|
vht-supported-mcs (none | MCS 0-7 | MCS 0-8 | MCS 0-9; Default: MCS 0-9) | Modulation and Coding Schemes that this device advertises as supported. Refer to 802.11ac for MCS specification. You can set MCS interval for each of Spatial Stream
|
wds-cost-range (start [-end] integer[01..4294967295200000000]; Default: 50-150) | Bridge port cost of WDS links are automatically adjusted, depending on measured link throughput. Port cost is recalculated and adjusted every 5 seconds if it has changed by more than 10%, or if more than 20 seconds have passed since the last adjustment. Setting this property to 0 disables automatic cost adjustment. Automatic adjustment does not work for WDS links that are manually configured as a bridge port. |
wds-default-bridge (string | none; Default: none) | When WDS link is established and status of the wds interface becomes running, it will be added as a bridge port to the bridge interface specified by this property. When WDS link is lost, wds interface is removed from the bridge. If wds interface is already included in a bridge setup when WDS link becomes active, it will not be added to bridge specified by , and will (needs editing) |
wds-default-cost (integer [01..4294967295200000000]; Default: 100) | Initial bridge port cost of the WDS links. |
wds-ignore-ssid (yes | no; Default: no) | By default, WDS link between two APs can be created only when they work on the same frequency and have the same SSID value. If this property is set to yes, then SSID of the remote AP will not be checked. This property has no effect on connections from clients in station-wds mode. It also does not work if wds-mode is static-mesh or dynamic-mesh. |
wds-mode (disabled | dynamic | dynamic-mesh | static | static-mesh; Default: disabled) | Controls how WDS links with other devices (APs and clients in station-wds mode) are established.
-mesh modes use different (better) method for establishing link between AP, that is not compatible with APs in non-mesh mode. This method avoids one-sided WDS links that are created only by one of the two APs. Such links cannot pass any data.When AP or station is establishing WDS connection with another AP, it uses connect-list to check whether this connection is allowed. If station in station-wds mode is establishing connection with AP, AP uses access-list to check whether this connection is allowed.If mode is station-wds, then this property has no effect. |
wireless-protocol (802.11 | any | nstreme | nv2 | nv2-nstreme | nv2-nstreme-802.11 | unspecified; Default: any) | Specifies protocol used on wireless interface;
|
wmm-support (disabled | enabled | required; Default: disabled) | Specifies whether to enable WMM. Only applies to bands B and G. Other bands will have it enabled regardless of this setting |
wps-mode (disabled | push-button | push-button-virtual-only; Default: depending on the device model) | Read more >> |
...
wireless chipsets represent the total power, for reference see the table below:Transmit Power representation on 802.11n and 802.11ac
Wireless chipset signal level representation
Wireless chipset | Enabled Chains | Power per Chain | Total Power |
---|---|---|---|
802.11n | 1 | Equal to the selected Tx Power | Equal to the selected Tx Power |
802.11n | 2 | Equal to the selected Tx Power | +3dBm |
802.11n | 3 | Equal to the selected Tx Power | +5dBm |
802.11ac | 1 | Equal to the selected Tx Power | Equal to the selected Tx Power |
802.11ac | 2 | -3dBm | Equal to the selected Tx Power |
802.11ac | 3 | -5dBm | Equal to the selected Tx Power |
802.11ac | 4 | -6dBm | Equal to the selected Tx Power |
Basic and MCS Rate table
Default basic and supported rates, depending on selected band
band | basic rates | basic-HT-mcs | basic-VHT-mcs | VHT-mcs | HT-mcs | supported rates |
---|---|---|---|---|---|---|
2.4ghz-b | 1 | - | - | - | - | 1-11 |
2.4ghz-onlyg | 6 | - | - | - | - | 1-11,6-54 |
2.4ghz-onlyn | 6 | 0-7 | - | - | 0-23 | 1-11,6-54 |
2.4ghz-b/g | 1-11 | - | - | - | - | 1-11,6-54 |
2.4ghz-b/g/n | 1-11 | none | - | - | 0-23 | 1-11,6-54 |
2.4ghz-g/n | 6 | none | - | - | 0-23 | 6-54 |
2.4ghz-g-turbo | 6 | - | - | - | - | 6-54 |
5ghz-a | 6 | - | - | - | - | 6-54 |
5ghz-a/n | 6 | none | - | - | 0-23 | 6-54 |
5ghz-onlyn | 6 | 0-7 | - | - | 0-23 | 6-54 |
5ghz-a/n/ac | 6 | none | none | 0-9 | 0-23 | 6-54 |
5ghz-onlyac | 6 | none | 0-7 | 0-9 | 0-23 | 6-54 |
...
/interface/wireless/access-list add authentication=yes forwarding=yes interface=wlan2 signal-range=-55..0
Then the connection is not matched to any the ACL rule and , but if signal drops to -70..-80below -55, client will not be disconnected.
To make it work correctly it is required that client is Please note that if "default-authentication=yes" is set on the wireless interface, clients will be able to join even if there are no matching access-list entries.
To make it work correctly it is required that client is matched by any of ACL rules.
If we modify ACL rules in the previous example to:
/interface/wireless/access-list
add interface=wlan2 signal-range=-55..0
add authentication=no forwarding=no interface=wlan2 signal-range=-120..-56
...
Warning: You must follow to regulatory domain requirements in your country. If you are allowed to use other frequencies, note that Antenna Gain and Transmit Power may decrease depending on board and frequency. Devices are calibrated only for regulatory frequencies, use non standard frequencies at your own risk. The list only specifies frequencies accepted by the wireless chip, these frequencies might not always work due to antenna that is built into the product, device design, filters and other factors. USE STRICTLY AT YOUR OWN RISKallowed to use other frequencies, note that Antenna Gain and Transmit Power may decrease depending on board and frequency. Devices are calibrated only for regulatory frequencies, use non standard frequencies at your own risk. The list only specifies frequencies accepted by the wireless chip, these frequencies might not always work due to antenna that is built into the product, device design, filters and other factors. USE STRICTLY AT YOUR OWN RISK
It is possible to deduce supported channel width from the product page, to do so you need to check the following parameters: number of chains and the max data rate. Once you know these parameters, you need to check the modulation and coding scheme (MCS) table, for example, here: https://mcsindex.com/.
If we take hAP ac, as an example, we can see that number of chains is 3, and the max data rate is 1300 in the MCS table. In the MCS table we need to find entry for 3 spatial streams - chains, and the respective data rate, which in this case shows us that 80MHz is the maximum supported channel width.
Integrated wireless interface frequency table
Board name | Wireless interfaces | Frequency range [MHz] | Supported channel widths [Mhz] |
---|---|---|---|
2011UAS-2HnD | 1 | 2312-2732 | 20,40 |
751G-2HnD | 1 | 2200-2700 | 20,40 and advanced channel support |
751U-2HnD | 1 | 2200-2700 | 20,40 and advanced channel support |
911-2Hn | 1 | 2312-2732 | 20,40 |
911-5HacD | 1 | 4920-6100 | 20,40,80 |
911-5Hn | 1 | 4920-6100 | 5,10,20,40 |
911-5HnD | 1 | 4920-6100 | 20,40 |
911G-2HPnD | 1 | 2312-2732 | 20,40 |
911G-5HPacDr2 /-NB /-QRT | 1 | 4920-6100 | 5,10,20,40,80 |
911G-5HPnD /-QRT | 1 | 4920-6100 | 5,10,20,40 |
912UAG-2HPnD /-OUT | 1 | 2312-2732 | 20,40 |
912UAG-5HPnD /-OUT | 1 | 4920-6100 | 5,10,20,40 |
912UAG-6HPnD /-OUT | 1 | 5500-6500 | and 20,40 |
921GS-5HPacD-15S /-19S | 1 | 4920-6100 | 51,101,20,40,80 |
22UGS-5HPacD2HnD | 2 | 4920-5925,2412-2482 | 20,40,80 and 20,40 |
921UAGS-5SHPacD-NM | 1 | 4920-6100 | 20,40,80 |
921UAGS-5SHPacT-NM | 1 | 4920-6100 | 20,40,80 |
922UAGS-5HPacD /-NM | 1 | 4920-6100 | 20,40,80 |
922UAGS-5HPacT /-NM | 1 | 4920-6100 | 20,40,80 |
941-2nD /-TC | 1 | 2312-2732 | 20,40 |
951G-2HnD | 1 | 2312-2732 | 20,40 |
951Ui-2HnD | 1 | 2312-2732 | 20,40 |
951Ui-2nD | 1 | 2312-2732 | 20,40 |
952Ui-5ac2nD /-TC | 2 | 2312-2732,4920-6100 | 20,40 and 20,40,80 |
953GS-5HnT /-RP | 1 | 4920-6100 | 5,10,20,40 |
962UiGS-5HacT2HnT | 2 | 2312-2732,4920-6100 | 20,40 and 20,40,80 |
cAP2n | 1 | 2312-2732 | 20,40 |
cAP2nD | 1 | 2312-2732 | 20,40 |
cAPL-2nD | 1 | 2312-2732 | 20,40 |
CRS109-8G-1S-2HnD-IN | 1 | 2312-2732 | 20,40 |
CRS125-24G-1S-2HnD-IN | 1 | 2312-2732 | 20,40 |
Disc-5nD | 1 | 4920-6100 | 20,40 |
DynaDishG-5HacD | 1 | 4920-6100 | 51,101,20,40,80 |
DynaDishG-6HnD | 1 | 5500-6500 | 20,40 |
Groove52HPn | 1 | 4920-6100,2312-2732 | 5,10,20,40 and 5,10,20,40 |
GrooveA-52HPn | 1 | 4920-6100,2312-2732 | 5,10,20,40 and 5,10,20,40 |
GrooveG-52HPacn | 1 | 4920-6100,2312-2732 | 20,40,80 and 20,40 |
GrooveGA-52HPacn | 1 | 4920-6100,2312-2732 | 20,40,80 and 20,40 |
LDF-5nD | 1 | 4920-6100 | 20,40 |
LHG-5nD | 1 | 4920-6100 | 20,40 |
mAP2n | 1 | 2312-2732 | 20,40 |
mAP2nD | 1 | 2312-2732 | 20,40 |
mAPL-2nD | 1 | 2312-2732 | 20,40 |
Metal2SHPn | 1 | 2200-2700 | 20,40 and advanced channel support |
Metal5SHPn | 1 | 4800-6100 | 5,10,20,40 and advanced channel support |
Metal9HPn | 1 | 902-928 | 5,10,20 |
MetalG-52SHPacn | 1 | 4920-6100,2312-2732 | 20,40,80 and 20,40 |
OmniTikG-5HacD | 1 | 4920-6100 | 20,40,80 |
OmniTikPG-5HacD | 1 | 4920-6100 | 20,40,80 |
OmniTIKU-5HnD | 1 | 4800-6100 | 5,10,20,40 |
OmniTIKUPA-5HnD | 1 | 4800-6100 | 5,10,20,40 |
QRTG-2SHPnD | 1 | 2312-2732 | 20,40 |
SEXTANTG-5HPnD | 1 | 4920-6100 | 20,40 |
SXT2nDr2 | 1 | 2312-2732 | 20,40 |
SXT5HacD2n | 2 | 2312-2732,4920-6100 | 51,101,20,40 and 51,101,20,40,80 |
SXT5HPnDr2 | 1 | 4920-6100 | 20,40 |
SXT5nDr2 | 1 | 4920-6100 | 20,40 |
SXTG-2HnD | 1 | 2200-2700 | 20,40 |
SXTG-2HnDr2 | 1 | 2300-2700 | 20,40 |
SXTG-5HPacD | 1 | 4920-6100 | 51,101,20,40,80 |
SXTG-5HPacD-HG /-SA | 1 | 4920-6100 | 51,101,20,40,80 |
SXTG-5HPnD-HGr2 /-SAr2 | 1 | 4920-6100 | 20,40 |
SXTG-6HPnD | 1 | 5500-6500 | 20,40 |
SXTsq2nD | 1 | 2312-2484 | 20,40 |
wAP2nD /-BE | 1 | 2312-2732 | 20,40 |
wAPG-5HacT2HnD /-BE | 2 | 2312-2732,4920-6100 | 20,40 and 20,40,80 |
R11e-2HnD | 1 | 2312-2732 | 20,40 |
R11e-2HPnD | 1 | 2312-2732 | 20,40 |
R11e-5HacD | 1 | 4920-6100 | 20,40,80 |
R11e-5HacT | 1 | 4920-6100 | 20,40,80 |
R11e-5HnD | 1 | 4920-6100 | 20,40 |
R2SHPn | 1 | 2200-2700 | 20,40 and advanced channel support |
R52H | 1 | 4920-6100,2192-2507 | 20 and 20 |
R52HnD | 1 | 4800-6100,2200-2700 | 20,40 and 20,40 |
R52nM | 1 | 4800-6100,2200-2700 | 20,40 and 20,40 and advanced channel support |
R5SHPn | 1 | 4800-6100 | 20,40 and advanced channel support |
...
Property | Description |
---|---|
802.1x-port-enabled (yes | no) | whether the data exchange is allowed with the peer (i.e., whether 802.1x authentication is completed, if needed) |
ack-timeout (integer) | current value of ack-timeout |
ap (yes | no) | Shows whether registered device is configured as access point. |
ap-tx-limit (integer) | transmit rate limit on the AP, in bits per second |
authentication-type () | authentication method used for the peer |
bridge (yes | no) | |
bytes (integer , integer) | number of sent and received packet bytes |
client-tx-limit (integer) | transmit rate limit on the AP, in bits per second |
comment (string) | Description of an entry. comment is taken from appropriate Access List entry if specified. |
compression (yes | no) | whether data compresson is used for this peer |
distance (integer) | |
encryption (aes-ccm | tkip) | unicast encryption algorithm used |
evm-ch0 () | |
evm-ch1 () | |
evm-ch2 () | |
frame-bytes (integer,integer) | number of sent and received data bytes excluding header information |
frames (integer,integer) | Number of frames that need to be sent over wireless link. This value can be compared to hw-frames to check wireless retransmits. Read more >> |
framing-current-size (integer) | current size of combined frames |
framing-limit (integer) | maximal size of combined frames |
framing-mode () | the method how to combine frames |
group-encryption () | group encryption algorithm used |
hw-frame-bytes (integer,integer) | number of sent and received data bytes including header information |
hw-frames (integer,integer) | Number of frames sent over wireless link by the driver. This value can be compared to frames to check wireless retransmits. Read more >> |
interface (string) | Name of the wireless interface to which wireless client is associated |
last-activity (time) | last interface data tx/rx activity |
last-ip (IP Address) | IP address found in the last IP packet received from the registered client |
mac-address (MAC) | MAC address of the registered client |
management-protection (yes | no) | |
nstreme (yes | no) | Shows whether Nstreme is enabled |
p-throughput (integer) | estimated approximate throughput that is expected to the given peer, taking into account the effective transmit rate and hardware retries. Calculated once in 5 seconds |
packed-bytes (integer, integer) | number of bytes packed into larger frames for transmitting/receiving (framing) |
packed-frames (integer, integer) | number of frames packed into larger ones for transmitting/receiving (framing) |
packets (integer.integer) | number of sent and received network layer packets |
radio-name (string) | radio name of the peer |
routeros-version (string) | RouterOS version of the registered client |
rx-ccq () | Client Connection Quality (CCQ) for receive. Read more >> |
rx-rate (integer) | receive data rate |
signal-strength (integer) | average strength of the client signal recevied by the AP |
signal-strength-ch0 () | |
signal-strength-ch1 () | |
signal-strength-ch2 () | |
signal-to-noise () | |
strength-at-rates () | signal strength level at different rates together with time how long were these rates used |
tdma-retx () | |
tdma-rx-size () | |
tdma-timing-offset () | tdma-timing-offset is proportional to distance and is approximately two times the propagation delay. AP measures this so that it can tell clients what offset to use for their transmissions - clients then subtract this offset from their target transmission time such that propagation delay is accounted for and transmission arrives at AP when expected. You may occasionally see small negative value (like few usecs) there for close range clients because of additional unaccounted delay that may be produced in transmitter or receiver hardware that varies from chipset to chipset. |
tdma-tx-size (integer) | Value in bytes that specifies the size of data unit whose loss can be detected (data unit over which CRC is calculated) sent by device. In general - the bigger the better, because overhead is less. On the other hand, small value in this setting can not always be considered a signal that connection is poor - if device does not have enough pending data that would enable it to use bigger data units (e.g. if you are just pinging over link), this value will not go up. |
tdma-windfull () | |
tx-ccq () | Client Connection Quality (CCQ) for transmit. Read more >> |
tx-evm-ch0 () | |
tx-evm-ch1 () | |
tx-evm-ch2 () | |
tx-frames-timed-out () | |
tx-rate () | |
tx-signal-strength () | |
tx-signal-strength-ch0 () | |
tx-signal-strength-ch1 () | |
tx-signal-strength-ch2 () | |
uptime (time) | time the client is associated with the access point |
wds (yes | no) | whether the connected client is using wds or not |
wmm-enabled (yes | no) | Shows whether WMM is enabled. |
Security Profiles
Sub-menu: /interface wireless security-profiles
...
Property | Description |
---|---|
eap-methods (eap-tls | eap-ttls-mschapv2 | passthrough | peap; Default: passthrough) | Allowed types of authentication methods, multiple values can be selected. This property only has effect on Access Points.
|
supplicant-identity (text; Default: Identity) | EAP identity that is sent by client at the beginning of EAP authentication. This value is used as a value for User-Name attribute in RADIUS messages sent by RADIUS EAP accounting and RADIUS EAP pass-through authentication. |
mschapv2-username (text; Default: ) | Username to use for authentication when eap-ttls-mschapv2 or peap authentication method is being used. This property only has effect on Stations. |
mschapv2-password (text; Default: ) | Password to use for authentication when eap-ttls-mschapv2mschapv2 or peap authentication method is being used. This property only has effect on Stations. |
tls-mode (verify-certificate | dont-verify-certificate | no-certificates | verify-certificate-with-crl; Default: no-certificates) | This property has effect only when eap-methods contains eap-tls.
|
tls-certificate (none | name; Default: none) | Access Point always needs a certificate when configured when tls-mode is set to verify-certificate, or is set to dont-verify-certificate. Client needs a certificate only if Access Point is configured with tls-mode set to verify-certificate. In this case client needs a valid certificate that is signed by a CA known to the Access Point. This property only has effect when tls-mode is not set to no-certificates and eap-methods contains eap-tls. |
...
RADIUS properties
Property | Description |
---|---|
radius-mac-authentication (yes | no; Default: no) | This property affects the way how Access Point processes clients that are not found in the Access List.
|
radius-mac-accounting (yes | no; Default: no) | |
radius-eap-accounting (yes | no; Default: no) | |
radius-called-format (mac | mac:ssid | ssid; Default: mac:ssid) | |
interim-update (time; Default: 0) | When RADIUS accounting is used, Access Point periodically sends accounting information updates to the RADIUS server. This property specifies default update interval that can be overridden by the RADIUS server using Acct-Interim-Interval attribute. |
radius-mac-format (XX:XX:XX:XX:XX:XX | XXXX:XXXX:XXXX | XXXXXX:XXXXXX | XX-XX-XX-XX-XX-XX | XXXXXX-XXXXXX | XXXXXXXXXXXX | XX XX XX XX XX XX | lower case; Default: XX:XX:XX:XX:XX:XX) | Controls how MAC address of the client is encoded by Access Point in the User-Name attribute of the MAC authentication and MAC accounting RADIUS requests. |
radius-mac-mode (as-username | as-username-and-password; Default: as-username) | By default Access Point uses an empty password, when sending Access-Request during MAC authentication. When this property is set to as-username-and-password, Access Point will use the same value for User-Password attribute as for the User-Name attribute. |
radius-mac-caching (disabled | time; Default: disabled) | If this value is set to time interval, the Access Point will cache RADIUS MAC authentication responses for specified time, and will not contact RADIUS server if matching cache entry already exists. Value disabled will disable cache, Access Point will always contact RADIUS server. |
...
[admin@mikrotik] /interface wireless security-profiles> set default management-protection= allowed disabled required
Operation details
...
- User-Name - EAP supplicant identity. This value is configured in the supplicant-identity property of the client security profile.
- Nas-Port-Id - name of wireless interface.
- Calling-Station-Id - Client MAC address, encoded as "XX-XX-XX-XX-XX-XX".
- Called-Station-Id - MAC address and SSID of the access point, encoded as "XX-XX-XX-XX-XX-XX:SSID" (pairs of MAC address digits separated by minus sign, followed by colon, followed by SSID value).
- Acct-Session-Id - Added when radius-eap-accounting=yes.
- Acct-Multi-Session-Id - MAC address of access point and client, and unique 8 byte value, that is shared for all accounting sessions that share single EAP authentication. Encoded as AA-AA-AA-AA-AA-AA-CC-CC-CC-CC-CC-CC-XX-XX-XX-XX-XX-XX-XX-XX. Added
...
- when radius-eap-accounting=yes.
Access point uses following RADIUS attributes from the Access-Accept server response:
...