th.d

Wifi Setup

Starting from RouterOS version 7.13, significant changes have been made to the RouterOS wireless packages.

See official page: Missing wireless or wifi interface after update

goals:

  • setup secure wifi AP in station-mode
  • seperate interfaces for home + iot

wifi is switched on and not encrypted in default settings

disable wifi interfaces temporary

> /interface wireless disable numbers=wlan1,wlan2

backup default wifi setup

# write wifi config to file
> /interface wireless export verbose file=wireless_backup

## download wifi config file which ends with ".rsc"
> scp -P 2222 newusername@192.168.88.1:/wireless_backup.rsc ~/.

setup security-profiles

# home profile wlan1 - 5GHz
> /interface wireless security-profiles
  add name=wifilan authentication-types=wpa2-psk mode=dynamic-keys \
  wpa2-pre-shared-key=1234567890 disable-pmkid=yes

# iot profile wlan2 - 2.4GHz
> interface wireless security-profiles
  add name=iotnet authentication-types=wpa2-psk mode=dynamic-keys \
    wpa2-pre-shared-key=1234567890 disable-pmkid=yes

please do not just copy this config - change the pre-shared-key
if there any any connection drops set disable-pmkid=no
for details to PMKID attack see this paper from the HU-Berlin

prepare wifi config and enable interfaces

> /interface wireless
  set [ find default-name=wlan1 ] band=5ghz-n/ac channel-width=\
      20/40/80mhz-XXXX distance=indoors frequency=auto installation=indoor \
      mode=ap-bridge secondary-channel=auto ssid=MikroTik-006360-5GHz \
      security-profile=wifilan country=germany station-roaming=enabled \
      wireless-protocol=802.11 wps-mode=disabled multicast-helper=disabled
  set [ find default-name=wlan2 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
      security-profile=iotnet country=germany distance=indoors frequency=auto \
      installation=indoor mode=ap-bridge ssid=MikroTik-006360-2.4GHz \
      station-roaming=enabled wireless-protocol=802.11 wps-mode=disabled \
      multicast-helper=disabled

this config is for the german country
for more details about 5Ghz configuration see this article

enable wifi interface again

> /interface wireless enable numbers=wlan1,wlan2
Prev
SNMP node_exporter
Next
Ublock