How many connections does mikrotik wap support? Home wireless network on Mikrotik: an example of completely manual configuration

Quite often I am asked the question, what is the difference between wAP and wAP ac access points, and why is the price difference so great?

Well, let's try to figure it out. And we’ll start with prices: for the junior Mikrotik wAP, at the time of writing this publication, sellers are asking on average 40-42 US dollars, while the older wAP ac model has a retail price tag of about 80-85 USD.

And here a completely logical question arises: is it worth overpaying for wAP ac? Or is it enough to buy a regular Mikrotik wAP? Let's try to figure it out.

If you want to learn how to set up MikroTik, we suggest you go through. More detailed information You can find it at the end of this publication.

Appearance

Externally, both access points are absolutely identical; moreover, without removing the mount or interface cover, it will be very difficult to distinguish them. Unless you have a scale at hand that measures weight to the nearest gram.

In fact, in terms of hardware implementation, these devices have nothing in common; they are completely different.

Mikrotik wAP is RBwAP2nD, and wAP ac – RBwAPG-5HacT2HnD. Those who are familiar with the Mikrotik labeling system will immediately understand what the main differences between the two devices are, and this publication is written for the rest.

Having removed the cover of the interface unit, one immediately notices the lack of support for direct power connection to wAP ac. If the younger wAP model can be connected both via PoE and directly to the power supply, then the older model can be powered only from the native RBGPOE adapter, or from a compatible switch with the PoE function.

The second difference is an additional indicator responsible for displaying the status of the 5 GHz wireless network.

Hardware implementation of Mikrotik wAP

RBwAP2nD is assembled on an element base that has already been tested in several devices. The chip is based on the QCA9533 chip, which is a modification of the QCA9531 (MIPS 24Kc).

The same chip is the basis for:

hAP lite(RB941-2nD)

hAP lite Tower Case (RB941-2nD-TC)

hAP (RB951Ui-2nD)

hAP ac lite (RB952Ui-5ac2nD)

SXT Lite 5 ac (RBSXT5HacD2n)

hEX lite (RB750r2)

hEX PoE lite (RB750UPr2)

mAP lite(RBmAPL-2nD)

PowerBox rev.2 (RB750P-PBr2)

• cAP lite (RBcAPL-2nD)

It should be noted here that hAP ac lite and SXT Lite 5 ac are equipped with additional wireless modules with support for 5 GHz.

The remaining devices are similar in performance and capabilities to wAP. With the exception of hEX lite, hEX PoE lite and PowerBox rev.2, for which the wireless interface is not used.

Qualcomm QCA9533 belongs to the SoC category; it contains a processor with an operating frequency of 650 MHz and a 2.4 GHz wireless module.

QCA9533, like QCA9531, is a budget solution, at the same time the chip has good energy efficiency and, as a result, low level heating Low heating allows you to easily set the frequency for this processor to 750 MHz. For the same reason, engineers did not use a radiator to cool the processor.

The wireless module supports 802.11b/g/n standards, the MIMO 2x2 configuration provides channel speeds of up to 300 Mbit. Due to the use of the network interface Fast Ethernet 100 Mbit, in practice the maximum one-way speed reaches 94 Mbit.

The maximum transmitter power, depending on the modulation, for the 802.11n standard is 16-20 dBm (40-100 mW). For older 802.11b/g standards, maximum power slightly higher and, depending on the modulation, is 18-22 dBm (68-158 mW).

Thanks to pre-installed RouterOS (AP always uses Level 4+), in a number of specific cases you can also use the proprietary Nstreme v2 (NV2) protocol, which will slightly increase performance over the wireless interface in two-way exchange mode.

wAP uses 64 MB of RAM (Nanya NT5DS32M16DS-5T, DDR-400) and 16 MB of permanent Flash memory (Winbond 25Q128FVSG). In general, the set is not bad for an access point.

Both antennas are built-in, but unlike other devices, they are made in the form of metal elements, and not etched on a textolite (PCB) like hAP lite and mAP lite. Thanks to this, their gain is 2 dBi. The antennas are located at the top of the device and placed at an angle of 90 degrees.

Hardware implementation of Mikrotik wAP ac

Despite the similarity in name, wAP and wAP ac are fundamentally different in terms of the complete base. The QCA9531/9533 is undoubtedly an excellent processor, but it’s hardly a good choice for a Dual-Band access point.

It was decided to abandon the use of QCA953x in wAP ac in favor of a more productive and functional solution. The RBwAPG-5HacT2HnD is based on a higher-level SoC – Qualcomm QCA9556 (MIPS 74Kc). This processor Mikrotik was previously used for hEX of the previous revision - RB750Gr2.

The QCA9556 includes a computing unit with a clock frequency of 720 MHz and a 2.4 GHz MIMO 3x3 wireless module, although the developers decided to use only 2 channels.

Unlike conventional wAP, for the 2.4 GHz range additional low-noise amplifiers are already used here - SiGe 2620T (one per channel). Moreover, the amplification units are prudently hidden under separate screens. As before, for 2.4 GHz 2 built-in antennas with a gain of 2 dBi are used.

By the way, the official block diagram does not display a separate Qualcomm AR8033 block, which is responsible for supporting the gigabit interface. You can see this chip on the back of the board.

Support for 5 GHz networks is implemented using a separate chip – Qualcomm QCA9880 (802.11ac, MIMO 3x3), connected to the processor via the PCIe bus. Thus, the access point supports channel speeds of up to 1300 Mbit/s.

Skyworks SKY85717-21 chips are used as amplifiers; they are also hidden under separate screen. All 3 antennas are internal, the gain is not specified, apparently - 1.5-2 dBi.

The volumes of permanent and RAM remained unchanged - 16 and 64 MB, respectively. Flash memory has not undergone any changes, but wAP ac uses DDR2 (Nanya NT5TU32M16EG-AC) as operational memory.

IN similar device I would like to see 128 MB, instead of the proposed 64 MB, after all, the device is in a completely different segment. But Mikrotik thinks differently.

The processor does not use a heatsink at all, while the 5 GHz wireless module has an aluminum heatsink with a fairly large area ribs From this we can conclude that the radio module warms up noticeably during operation. Actually with reverse side The board has a large aluminum plate mounted on the thermal interface, the task of which is to remove heat from the wireless chip and the amplifier unit.

This is Mikrotik's standard approach to implementing wireless devices with the H = High Power index. Indeed, if you look at the specifications, for 5 GHz the output power is stated to be from 23 to 25 dBm, which is equivalent to 200-316 mW.

Although the access point has lost support for direct power connection, the power subsystem, on the contrary, has become more complex. The reason for this is the increased number of nodes and blocks, as a result - an increase in maximum power consumption by three times, up to 12 W. In comparison, wAP fits into a 4W power budget. Of course, for such a power-hungry piece of hardware, the engineers added monitoring of PCB voltage and temperature.

wAP ac, like its younger brother, supports PoE power supply according to the 802.3at standard with a wide input voltage range from 11 to 57 volts. Instead of the usual RBPOE injector and a weak 0.2A (24V) adapter, the RBwAPG-5HacT2HnD kit includes a gigabit RBGPOE injector and a more powerful 0.8A (24V) adapter.

Summary comparison table of wAP and wAP ac

For greater convenience, below is a summary comparison table with the parameters of both access points.

Name
		RBwAPG-5HacT2HnD
CPU	Qualcomm QCA9533 650 MHz, MIPS 24Kc	Qualcomm QCA9556 720 MHz, MIPS 74Kc
2.4 GHz chip
2.4 GHz configuration
2.4 GHz antennas	2x built-in, 2 dBi
5 GHz configuration
5 GHz antennas		3 built-in
Interfaces	1 x Fast Ethernet 100 Mbit	1 x Gigabit Ethernet 1000 Mbit
PoE support	802.11at / 11-57 V
Power Supply	DC In or PoE	PoE only
Power consumption (max)
Persistent memory
RAM	64 MB / DDR-400
RouterOS license
Temperature monitoring
Voltage monitoring
		Increased 5 GHz transmitter power

In conclusion

The Mikrotik wAP access point is an excellent budget solution for creating a 2.4 GHz wireless network both at home and across an enterprise using CAPsMAN.

Using RBwAP2nD and RBwAPG-5HacT2HnD, you can add wireless network support where it does not exist, for example, in the popular RB3011, RB850Gx2 or RB750Gr3 (hEX) devices.

In the case of home use, wAP ac does not look as attractive as the younger wAP - the reason is its high cost.

Of course, thanks to the MIMO 3x3 configuration, RBwAPG-5HacT2HnD provides high transfer speeds, an order of magnitude higher than the capabilities of 802.11n and Fast Ethernet. However, if your goal is to move to 5 GHz due to noisy airwaves, as well as distribute undemanding clients between bands, purchasing hAP ac lite (RB952Ui-5ac2nD) may be a more appropriate purchase. Of course, hAP ​​ac lite has disadvantages - only one channel for 5 GHz (433 Mbit) and a regular case, at the same time, the price of RB952Ui-5ac2nD is almost comparable to RBwAP2nD, and the presence of 5 network interfaces can be a bonus.

RBwAPG-5HacT2HnD is an access point for speed-demanding clients who are willing to pay extra for this very performance. Of the minuses, it is worth noting only 64 MB of RAM. For most scenarios this will be enough, but when using Queues, having 128 MB would be very useful.

There is practically no point in comparing the performance of the processors of the two devices, due to the presence of only one network interface and 64 MB of memory. At the same time, it should be noted that the QCA9556 has only a slightly higher clock speed than the QCA9533. At the same time, the difference in performance is achieved to a greater extent due to the MIPS 74K microarchitecture. Based on personal experience usage, as well as based on reviews from friends and acquaintances, I can say that both access points are worth the money and there are no problems during operation.

Video course “Setting up MikroTik equipment” (analogous to MTCNA)

Are you learning to work with MikroTik? I recommend the video course "". The course covers all the topics from the official MTCNA curriculum and a lot of additional material. The course combines a theoretical part and practice - setting up a router according to technical specifications. Consultations on course assignments are conducted by its author, Dmitry Skoromnov. Suitable for first acquaintance with MikroTik equipment, and for systematizing knowledge for experienced specialists.

It is difficult to imagine a cafe, restaurant and pizzeria without free Internet access, but it is also difficult to find establishments where this free access works normally without interruption. There are many factors to blame for this, but the first one is wrong choice equipment or insufficient knowledge of the person who set up such a network.

Today, I will try to describe the main problems associated with using HotSpot in public places and describe step by step how to configure HotSpot using the example of Mikrotik wAP (RBwAP2nD-BE).

Technical specifications for HotSpot

1. Two networks - one open, for clients of the establishment, and the second - closed, for internal use.
2. Display an advertising banner before entering the Internet.
3. Limitations for HotSpot:
   • Limit speed.
   • Weed out the “freeloaders” who live near a cafe and use an open network at home.
4. Coverage area for a summer area or terrace.
5. Powering the access point via PoE.

Choosing equipment for HotSpot

For such a task, equipment from MikroTik is ideal, as it is inexpensive, works stably and allows you to flexibly configure all the necessary network parameters.

You can use Mikrotik RouterBoard hEX PoE lite (RB750UPr2) as a router. It supports PoE power on 4 ports, which will allow you to connect access points without using PoE injectors, and they will not occupy additional sockets. Although, if you need to install only one access point, then you can get by with a regular router, but then.

As the access points themselves, we will use models from the wAP or cAP series. Since our task is to cover an area on a summer area or terrace, I recommend choosing wAP points, since they are equipped with an all-weather housing and allow you to use them outdoors. In our example, this will be Mikrotik wAP (RBwAP2nD-BE).

If you plan to use more than one access point, then you can configure the CAPsMAN controller, which will make it possible to use seamless roaming, etc., but this is a topic for a separate article. IN in this example we will set up one point with HotSpot.

Our network diagram

Important! Mikrotik wAP (RBwAP2nD-BE), which I had in stock, had a disabled WLAN interface in the factory configuration, and the Ethernet interface did not have an IP address, therefore, I had to download the WinBOX utility from the manufacturer’s website, and not from the web interface of the access point, as is usually the case with Mikrotik devices. For those who have the same thing, download here - WinBox 3.7.

Setting up MikroTik wAP

1. Connect the access point to our computer via a patch cord and launch WinBox. Click on the MAC address of our device and click “Connect” (login admin, password empty).

2. In the main menu on the left, select System -> Reset Configuration. In the window that appears, check the boxes for “No Default Configuration” and “Do Not Backup” and click on the “Reset Configuration” button. RouterOS will ask for confirmation - we agree by clicking the “Yes” button.

The access point will reboot.
15-25 seconds after that you can do Reconnect.

3. Activate the DHCP client for automatic receipt IP addresses for the Ethernet port. To do this, go to the IP -> DHCP client section. In the window that appears, click on the “+” button. In the Interface field, select “ether1”, the rest is as in the photo:

4. Go to the “IP -> Hotspot” section and immediately click on the “Hotspot Setup” button and indicate the following data:

• HotSpot Interface- wlan1 (Interface to which HotSpot will be applied)
• Local Address of Network - 192.168.0.1/24 (Address of the network interface on which HotSpot will be located)
• Address Pool of Network- 192.168.0.2-192.168.0.254 (Range of addresses that HotSpot clients will receive)
• Select Certificate- none (use SSL certificate for secure client authorization)
• IP Address of SMTP Server - 0.0.0.0
• DNS Servers - 192.168.0.1, 8.8.8.8 (DNS servers that clients will contact)
• DNS Name- empty (DNS name for the host with HotSpot)

5. Go to the Server Profiles tab and double-click on the hsprof1 profile. Uncheck the Cookie box and add Trial.

Trial mode will allow clients to use the Internet without entering a login and password using demo access.

• Trial Uptime Limit- 00:30:00 (Indicates how long to allow the client access to the Internet)
• Trial Uptime Reset- 00:00:01 (Indicates how long to block the client’s Internet access after the Trial Uptime Limit has expired)

Such settings allow clients to use the Internet almost without restrictions, although access will be reset every half hour, the client will immediately see the authorization window and will be able to connect to the network again. This is done so that the client sees an advertising banner every half hour, which will be on the login page. There is another popular setting option - set Trial Uptime Limit for example to 1 hour, and Trial Uptime Reset to 5-8, so the client will be able to use the Internet for no more than 1 hour, and then will be blocked for 5-8 hours, which will allow he should return in the evening or the next day and use the Internet again. This will help weed out freeloaders. In general, everyone chooses their own option

6. Go to the User Profiles tab and double-click on the default profile. Remove the Shared Users parameter.

• Rate Limit (rx/tx)- 2m/2m (transmission/reception speed limit for clients)
• Open Status Page- HTTP login (display the connection status page only during authorization)

7. Go to the “Wireless” section and double-click on the wlan1 interface

8. Change the following parameters:

• Mode- ap bridge (access point mode)
• Band- 2GHz-B/G/N (use all punctures wireless communication)
• Frequency- 2422 (channel frequency in MHz, depends on the noise level of the airwaves. For best result you need to scan the range for interference and select the frequency with the least noise)
• SSID- HotSpot_FreeWiFi (access point name)
• Wireless Protocol- 802.11 (use only 802.11 protocols)

Click on OK.

9. Basic parameters are configured. Checking the WiFi connection.

10. We type the address of any site, and HotSpot will redirect us to the authorization page.

We check whether the speed limit works, for example, on the website speedtest.net

Additional HotSpot Features

Access to resources without authorization on HotSpot

Sometimes there is a need to give unauthorized users access to a certain resource, for example, to your company’s website. To do this, go to the “IP -> HotSpot” section, on the “Walled Garden” tab, click on the “+” button and write in the “Dst. Host" domain of the desired site and click OK, for example:

How to change the HotSpot login page

The basic HotSpot Mikrotik page is quite boring, and it won’t always suit your needs. But this is absolutely not a problem, since it can be easily changed to suit your needs. This requires minimal knowledge of HTML. The page itself can be found in the Files section; in the file manager, find the file flash/hotspot/login.html.

For readers, I have prepared two versions of the login.html page.
The first hotspot-trial - without the login and password entry form itself with only Trial access. It is suitable for a cafe or restaurant, as it has an advertising banner that goes along with the login.html page. For the convenience of changing the advertising banner on all hotspots, the banner can be placed on the company’s corporate website and the address of the image in the login.html file can be changed. To ensure that the picture is seen by unauthorized users, do not forget to provide access without authorization to the site itself in the “Walled Garden” section.

The second option, hotspot-login, is suitable for Internet providers, as it has an included authorization form, as in the original file.

Both options use bootstrap and jquery, the necessary options are included in the archive. To replace, unzip the contents of the archive with the option you selected and drag the contents of the folder into the flash/hotspot directory in the WinBox window.

• Download hotspot-trial
• Download hotspot-login

Important! Before replacing, be sure to save the original login.html file.

How to set up a secure network for workers.

Since the HotSpot we configured is an unsecured communication channel, we cannot use it for company employees. But we can create a virtual WLAN interface based on existing access points using encryption and a password to the network.

To do this, follow these instructions:

Go to the “Wireless” section, go to the “Security Profiles” tab and click on the “+” button. Specify the following options:

• Name- InternalCorporate_SecurityProfile
• Authentication Types- leave only WPA2 PSK
• WPA2 Pre-Shared Key- specify the network access key (password)

Click OK

Go to the Interfaces tab and click on the “+” button, select Virtual. Specify the following parameters:

• Mode- ap bridge
• SSID- network name, in my example - Internal
• Master Interface- wlan1
• Security Profile- select the InternalCorporate_SecurityProfile we created earlier.

Let's create a new bridge virtual interface with an Ethernet interface, so we will connect our employees’ devices directly to our network. To do this, go to the “Bridge” section and click on the “+” button. In the window that appears, click OK.

Go to the “Ports” tab and click on the “+” button, in the Interface item select ether1, click OK. Click on the “+” button again, and in the Interface item select wlan2 (the created virtual wireless interface)

That's it, the network is working, we check it by connecting to the Internal access point.

We weed out freeloaders

In order to weed out “freeloaders”, namely, users who live near HotSpot and can use it constantly instead of home Internet, we will set a limit on signal quality. That is, we will prohibit all users with a weak WiFi signal from using the network.

To do this, go to the “Wireless” section on the “Access List” tab, click on the “+” button, and in the window specify the following parameters:

• Interface- wlan1
• Signal Strength Range - -95..120

MikroTik equipment is configured through the program Winbox. You can download it from the link: http://router_address/winbox/winbox.exe (where router_address is the equipment address, respectively). Or you can go to the device via the web interface and download winbox using the link provided there.

The first thing we do is reset the factory settings.

Reset Mikrotik to factory settings

1. If you connected to the device for the first time, then the corresponding window with the title RouterOS Default Configuration will appear immediately upon login, to reset settings you need to click on the button Remove Configuration.

2. If the device has already been logged in, this window does not appear by default. Go to the menu New Terminal and using the command system reset-configuration reboot the device (after reboot, the reset window appears).

Or go to the menu System, then - in Reset Configuration. In the window, check the box No Default Configuration and click on Reset Configuration.

The factory configuration has been reset, let's start setting it up.

Settings in the BRIDGE menu

Adding ports so that traffic passing through MikroTik equipment can be transmitted further via a wired and WiFi interface. Otherwise, our devices will only “communicate” with each other.

To do this in the menu Bridge click on the button + (a window opens as in the picture below), assign a name to the bridge and click OK.

Go to the tab Ports, click on + and add a port Wlan1 in line Interface. In line Bridge select the one we created earlier bridge1. Click OK.

Click on + again and create a port Ether1:

Assign an IP address to the bridge:

Menu IP => submenu Addresses => "+" button , enter the address of the bridge and, separated by a slash, the subnet mask. The Network field is optional.

Settings in the Wireless menu

Select a menu item Wireless open Wlan1.

1. Settings on the Wireless tab

Here you can configure the wireless interface parameters:

Parameter	Description	Value options
Mode	Operating mode	Now we are interested in: Bridge- BS mode for point-to-point connection AP Bridge- BS mode for point-to-multipoint connection. There are also modes for client stations: Station- mode for the client device. Station WDS- mode for a client device with WDS support. It is recommended to use it on the client.
Band	Device operating frequency and supported standards.	The first part of the value, before the dash, is the operating frequency, the second is the supported standards. For standards it is recommended to select the value only-N to increase the maximum speed. On the client device, you can select several standard options, for example, set to 2GHz-B/G/N, then when you change the setting on the BS, the clients will reconnect automatically.
Channel Width	Channel width.	The standard setting is 20 MHz. If you plan for more than 100 Mbit/s and use a gigabit device, then you can use the 40 MHz band.
Frequency	The frequency at which the device will operate.	Selected from the list or entered manually.
SSID	Network name. This is what subscriber devices will see.
Radio Name	Device name. It is used most often for stations on the subscriber side - for the purpose of their subsequent identification at the base station.	For example, kv_Titova_d_8.
Scan List	Frequency range. It is set on the client side, thereby limiting the list of frequencies in which the device will communicate with the BS.	The default is default, and only standard channels are used. You can specify one frequency, several (separated by a comma), range (separated by a dash), and you can also combine them. For example, the value “2424, 2300-2500” will mean that the device will first start searching for a BS on channel 2424, and if there is no response, it will move to the range 2300-2500 and search on it.
Wireless Protocol	Equipment operation protocols.	802.11 - ordinary wifi protocol, suitable for connecting to base stations of clients with laptops or USB adapters. Nstreme- old polling protocol. If it is set in the settings, only devices that support it will be able to connect to the BS. You cannot connect using a laptop or USB adapter. NV2- the latest proprietary polling protocol from Mikrotik. Let's use it. Again, the connection will be available for devices that support this type protocol. You cannot connect using a laptop or USB adapter. Any- this mode is set for subscribers. This ensures connection with the BS in any modes set on it.
Security Profile	Selecting an encryption method.	Usually - default.
Frequency Mode	Mode for selecting available frequencies and powers	Manual Txpower- this mode provides the ability to manually change the radio signal power settings. Regulatory Domain- selection of operating mode with power parameters and frequencies permitted for a particular country. Superchannel- in this mode you can change the power, as well as use all available frequencies.
County	Select a country to determine the list of frequencies that are available in it.
Antenna Gain	Device power limitation.	Most often not used, the field is set to "0".
WMM Support	Radio channel priorities.
Bridge Mode	Enable/disable "bridg" mode on the radio card.	Always - enabled.
Default Authenticate	Allowing connections.	When the checkbox is checked, all devices can connect; when unchecked, only those that are on the allowed list.
Default Forward	A checkmark means that data exchange between connected client devices is prohibited. This setting only works in 802.11 mode for laptops and devices without WDS support.
Hide SSID	A checked checkbox hides the network name (the network does not appear in the list when scanning). To connect, you need to manually enter a name on the client's device.

2. Settings on the Data Rates tab

If we select N-only mode for devices, thenall checkboxes on this tab are unchecked. Otherwise, see the settings below.

Parameter	Description	Value options
Rate Selection	Modulation selection	We put Advanced For self-determination best modulation by devices.
Supported Rates B	Allowed modulations for the standard B.	We uncheck the boxes so that the devices use only the higher speed standards G and N.
Supported Rates A/G	Allowed modulations for standards A And G.	Here we check all the boxes.
Basic Rates B		We uncheck all the boxes.
Basic Rates A/G	Allowed modulations for service traffic.	We install only 6 M.

3. Settings on the Advanced tab

Parameter	Description	Value options
Max Station Count	Maximum quantity client connections
Distance	Maximum distance to subscriber stations	Dynamic- the distance is determined automatically. Indoor- this value is set for indoor data transmission.
Noise Floor Threshold	Manual adjustment of the noise level on the channel.	The most common values ​​are -92 ... -107. You can also determine it yourself: measure the noise level and reduce this figure by 5-10 units. For example: the actual noise level is -107, therefore, the value is set to -100.
Periodic Calibration	Automatic channel noise correction.	It is recommended to always turn this parameter on (enabled), so the device will automatically adjust to increasing/decreasing interference levels.
Calibration Interval	The time intervals after which the device will determine the level of interference.	It is recommended to set it to 10 seconds. The default value is 1 minute.
Hw. Retries	The number of times the data will be sent if confirmation of receipt is not received.	Values ​​from 1 to 5- the network speed is higher, but for subscribers with a poor signal the stability of the connection will deteriorate (packet loss, frequent disconnection). Values ​​from 5 to 10- golden mean. Values ​​from 10 to 15- maximum guarantee of data delivery, but in a problem network the speed will slow down. Based on this, it is preferable to set average values ​​(5-7) for the base station, and a maximum of 15 for the point-to-point channel.
Hw. Protection Mode	Enables hidden node protection.	We always exhibit RTS/CTS.
Adaptive Noise Immunity	Interference filtering using a radio card.	It is recommended to activate the parameter AP and client mode to protect against interference if there are several base stations nearby.
Disconnect Timeout	The time period after which a client that does not respond to requests will be disconnected.
On Fail Retry Time	The amount of time the device waits before resending data.	It is recommended to leave it at 100 ms.

4. Settings on the HT, HT MCS, WDS tabs

If our devices use MIMO (which is desirable, since the throughput of such equipment is higher), then we need to pay attention to the appropriate settings of the antennas on HT tab:

• HT Tx Chains- receiving channel, HT Rx Chains- transmission channel. If MIMO is used, it is best to activate both antennas for both reception and transmission (chain0, chain1). Of course, if there is only one antenna, then we activate one channel.
• In the parameter HT Guard Interval ALWAYS exhibit long, if standard N is used for external links.
• HT Extension Channel- this parameter is intended to add additional channels when using a 40 MHz band. Optimal values ​​are established experimentally.

On WDS tab We are interested in 2 parameters:

• WDS Mode - it is recommended to set the mode Dynamic, then new clients will be added to the bridge automatically. If you prefer manual addition, select Static.
• WDS Default Bridge- by default, clients will be added to the bridge specified in this field. Therefore, we indicate its name here: bridge1.

5. Settings on the NV2 tab

Here we configure the parameters of the Mikrotik NV2 protocol (by the way, we do not consider the settings of the NSTREME protocol and the corresponding tab precisely because it is outdated and practically not used).

• TDMA Period Size- transmission time. It is recommended to set 5-7 for the base station, 1-2 for the radio bridge. How less value in this field, the less delay during transmission, but the speed decreases. And vice versa - a larger value will mean greater speed, but also increased delays. The optimal value is selected through experimentation.
• Cell Radius- here we set the distance to the most distant client
• Security- enable/disable the encryption protocol using the NV2 protocol. This is a completely separate encryption mechanism and has nothing to do with what we will configure in the Security Profiles tab.
• Preshared Key- security key for connecting to the network, set the same on all devices.

6. Settings on the TX POWER tab

Most often the value is left Default. If you select Manual, then the settings fields expand and you can manually adjust the power parameters of the radio card.

Setting up encryption

In the Wireless section, go to the tabSecurity Profiles:

• Name- assign a name to the encryption profile.
• Mode- select an encryption mode, most often set to Dynamic Keys.
• Authentication Types- check the boxes for either WPA PSK or WPA2 PSK, or select both.
• Unicast Ciphers- selection of encryption algorithm. AES is recommended because it is supported by a radio card.
• Group Ciphers- the same settings as in the previous paragraph.
• WPA Pre-Shared Key- code word for encryption WPA type. We install the same on all devices
• WPA2 Pre-Shared Key- similarly, password for WPA2 encryption type

Setting up a second device

Most settings are identical, except:

• When setting IP addresses make the second point different from the address of the first.
• When setting up the wireless interface parameters on the Wireless tab, indicate: in the field Mode - station wds, in the field SSID - name of the first point.

View connection metrics

If we have configured everything correctly, then on the Status tab of the wireless interface you can see the parameters:

Parameter	Description
Band	Frequency and standard of operation of the point (mode)
Frequency	Channel frequency of the device
Tx/Rx Rate	Receive and transmit modulations
SSID	Network name
BSSID	Mac address of the second device
Radio Name	Second device name
Tx/Rx Signal Strength	Receive/transmit signal level. If two antennas are used, the data is summed.
Tx/Rx Signal Strength Ch0	Receive/transmit signal level on the neutral antenna (channel)
Tx/Rx Signal Strength Ch1	Receive/transmit signal level on the first antenna (channel)
Noise Floor	Noise level
Signal To Noise	Signal to noise ratio. It is generally considered that values ​​from 5 to 15 are low, from 15 to 30 are medium, and from 30 to 60 are high. The higher the value in this field, the better.
Tx/Rx CCQ	Quality of the receive/transmit channel. From 1 to 50 - bad From 50-80 - average From 80-100 - good.
Distance	Distance to second device
Router OS Version	Firmware version of the second device
Last IP	Last IP address recorded in the device
WDS Link	Shows work in WDS.

website

In this article we will tell you how to quickly and easily set up Wi-Fi point MikroTik for Internet distribution.

MikroTik wireless points are controlled operating system MikroTik RouterOS with a huge amount capabilities and settings. Therefore, it is quite difficult for a beginner to understand it.

But there is a simplified Quick Set setting that allows you to quickly configure the basic functionality of the device. We will tell you how to set up a MikroTik Wi-Fi point for distribution from using Quick Set.

This instruction is suitable for all MikroTik Wi-Fi points with RouterOS Level4 and higher: wAP, Groove A-52HPn, Metal 2SHPn, SXT 5 ac, SXT G-2HnD, etc.

Settings can be performed via a Web browser or the Winbox program for Windows OS. The most convenient way to do this is through Winbox, since the program can connect to the device not only by IP address, but also by MAC address.

It happens that after resetting a device to factory settings, it is not assigned the default IP address 192.168.88.1 until you apply standard configuration. In this case, you need to connect to the device by MAC address using Winbox.

We will look at setting up using the Winbox program. Configuration via a Web browser is performed in the same way.

Connecting a Wi-Fi point to a computer

First, connect the device to the computer. Once configured, the wireless point can be disconnected from the computer and connected to the provider’s cable, router or switch.

MikroTik points come with a POE injector, which is often not connected correctly. The connection must be made as shown in the figure.

Setting up a computer's network card

To get into the Wi-Fi settings of the Mikrotik point, you need to configure the computer’s network card to an IP address from the same subnet, for example 192.168.88.21 .

Open Start → Control Panel → Network and Sharing Center.

Right click on Local network connection and select Properties.

Select Internet Protocol Version 4 (TCP/IPv4) and press the button Properties.

Select Use the following IP address, enter the IP address 192.168.88.21 , Subnet mask 255.255.255.0 and press the button OK.

Login to settings

If you are setting up a MikroTik Wi-Fi point via a Web browser ( Internet Explorer or other), write in the address bar 192.168.88.1 - This is the default IP address for MikroTik devices.

Attention! The Web browser should not have a proxy server specified in its settings.

In the window that opens, enter Login: admin without password and press the button Login.

We will configure the MikroTik Wi-Fi point using the program, so we download Winbox from the manufacturer’s website and launch it.

Go to the tab Neighbors and press the button Refresh. Your point should appear in the list.

Please note that if you click on the MAC address, we will connect to the device by MAC address.

If you click on the IP address, we will connect to the device by IP address.

We click on the MAC address, after which it will appear in the field Connect To:, enter your login admin without a password, and press the button Connect.

After that, click on the menu on the left Quick Set.

In this window we will configure the MikroTik Wi-Fi point for Internet distribution.

Wi-Fi setup

First select the access point mode WISP AP and start setting up Wi-Fi.

• Wireless Protocol- select wireless protocol 802.11 . The nstreme and nv2 protocols are proprietary MikroTik protocols and can only be used by MikroTik equipment.
• Network Name- please indicate Wi-Fi name dot that will be displayed when scanning Wi-Fi networks.
• Frequency- select operating frequency wireless point. If you have a Wi-Fi router or other points on your network, choose a frequency so that it does not coincide with other points and they do not interfere with each other.
• Band- indicate the standards 2GHz-B/G/N so that older devices running in B And G standards, could connect to a Wi-Fi point.
• Channel Width- set the channel width 20/40MHz Ce to get maximum data transfer speeds with devices that support 40 MHz channel width.
  Sometimes devices that do not support 40 MHz channel width cannot connect with these settings. In this case, try setting the channel width to 20MHz.
• Country- the country selection can be left blank. For better compatibility with Apple devices, they say it is better to choose the United States country.
• Security- security settings. For better security, just check the box next to it. WPA2.
• Encryption- select encryption algorithm only aes ccm;
• Wi-Fi Password- enter a password to connect to the Wi-Fi point of at least 8 characters.

Operating mode selection

In the section Configuration you need to select the operating mode of the MikroTik wireless point.

Mode Router— used when a Wi-Fi point is connected directly to the provider’s cable. In this case, you need to hide clients that connect to the Wi-Fi point in a separate subnet. Otherwise, it would be necessary to enter into an agreement with the provider to connect each client to the Internet. In this mode, the Internet provider does not see subscribers located behind the wireless point. The Wi-Fi point plays the role of an Internet gateway for clients.

Mode Bridge— used when a Wi-Fi point is connected to a router. In this mode, the router distributes automatic network settings clients connecting to a Wi-Fi point. In this case, subscribers connected to the router via cable and to the wireless point are on the same subnet and can transfer data to each other.

Setting up work in Router mode

In the section Configuration select operating mode Router.

If your provider provides network settings automatically via DHCP, then in the section Internet

• Address Acquisition- select Automatic;
• MAC Address

If your provider uses static network settings, in the section Internet make the following settings:

• Address Acquisition- select Static;
• IP Address- enter the IP address given to you by your provider. Usually static settings specified in the agreement with the provider;
• Netmask- specify the mask;
• Gateway- enter the gateway address;
• DNS Servers- specify the DNS server addresses;
• MAC Address- leave unchanged. If your provider blocks access to the MAC address, change it to allowed. This is usually the MAC address of the network card of a computer or router.

If your provider uses a PPPoE connection, in the section Internet make the following settings:

• Address Acquisition- select PPPoE;
• PPPoE User- enter your username;
• PPPoE Password- enter the password;
• PPPoE Service Name- enter the service name;
• MAC Address- leave unchanged. If your ISP blocks access to the MAC address, change it to allow it. This is usually the MAC address of the network card of a computer or router.

Now let's configure the local network in the section Local Network:

• IP Address- indicate the IP address of the Wi-Fi point. Let's leave the standard one 192.168.88.1 ;
• Netmask- select a standard mask for our subnet 255.255.255.0 ;
• DHCP Server- check the box to enable DHCP server. It will allow you to automatically distribute network settings to connecting clients;
• DHCP Server Range- range of IP addresses that will be issued to connecting clients. Enter the range 192.168.88.2-192.168.88.254 ;
• NAT- check the box to allow connecting clients to access the Internet.

Setting up work in Bridge mode

Select in section Configuration operating mode Bridge.

If you want the Wi-Fi point to receive network settings from the router automatically via DHCP, then in the section Bridge

• Address Acquisition- select Automatic;
• MAC Address- leave unchanged.

I prefer to specify the IP address of the Wi-Fi point manually, so that later I know exactly where to look for it. That's why I use static network settings.

If you are using static network settings, in the section Bridge make the following settings:

• Address Acquisition- select Static;
• IP Address- enter the IP address of the Wi-Fi point. It must be from the same subnet as the router;
• Netmask- select a mask 255.255.255.0 ;
• Gateway- enter the IP address of the gateway (IP address of your router);
• DNS Servers- specify the DNS server addresses. You can specify the router address or DNS address Google servers 8.8.8.8 .

Changing the default administrator password

To prevent anyone other than the administrator from accessing the Wi-Fi hotspot settings, you need to set a password. By default there is no password.

To do this, in the section System in the field Password enter New Password and confirm it in the field Confirm Password.

Finally, press the button OK to save all settings.

Now the MikroTik Wi-Fi point can be connected to the provider’s cable or router, depending on the type of your connection.

At the end, do not forget to change the settings of your computer’s network card to the necessary ones.

Reset settings

If you've gone overboard with the settings and can't get into your device, reset it to factory settings.

1. Turn off the power;
2. Press and hold the button Reset;
3. Apply food;
4. Wait until the indicator starts flashing;
5. Release the button Reset;
6. After the reboot, connect to the device using the Winbox program using the MAC address, because the device may have an IP address of 0.0.0.0. In this case, you will not be able to access the settings via the Web interface using the standard IP address 192.168.88.1.
7. In Winbox, in the window that appears, click the button OK to apply the default settings. In some firmware, this window may not appear, but the standard configuration will be applied immediately.

The number of wireless devices is growing rapidly, continuously increasing the requirements for network bandwidth and coverage.

There are now enough solutions on the market for creating a large wireless network in both a small private house and a large country cottage, starting with Luma, Eero, and ending with.

Some solutions are easy to set up and have a high price, while others provide great capabilities but require a good base for configuration. In particular we're talking about about Mikrotik products, which are distinguished by an excellent combination of high reliability, great functionality and quite affordable cost. At the same time, Mikrotik will be difficult to understand the settings for the vast majority of home users, which increases the level of entry and greatly limits real application Mikrotik-based systems at home.

Despite the disadvantage described above, once you set up Mikrotik, you can forget about it for months, even years. Mikrotik equipment can work for six months or even more without rebooting, saving a lot of time and nerves.

As part of this publication, we will show and tell you how to create and configure a reliable network based on Mikrotik with excellent wireless coverage for large apartment, private home or small office with minimum quantity wires

Choosing a router

A router (model RB960PGS) is well suited for creating a high-performance network. The presence of an SFP slot allows you to connect to an Internet provider using optics; in addition, the device is equipped with 5 gigabit interfaces.

If SFP is not used, Internet connection can be made using the first RJ-45 network interface, which also supports PoE In. The remaining 4 interfaces support PoE Out, which allows you to power several access points from them, but no more than 4.

In practice, a wired network is almost always used, so at least one port will need to be allocated for a wired local network, so in total we will have 3 PoE ports at our disposal, which is enough for a medium-sized private house.

If you plan to use it at home, any gigabit switch of any brand will do before expanding your wired network. At the same time, if you plan to use VLANs and other exotic things, you will need a managed switch, or at least Easy-Smart, we recommend paying attention to a managed switch.

In cases where you need to power more than 3 access points, you can purchase an additional managed switch with PoE -. Please note that purchasing an additional PoE switch will only be justified if you will power 2-4 additional access points from it. Otherwise, buying a switch to power just one point will be a waste of money.

For 100 Mbit networks, more affordable router models with PoE are suitable:

It is not at all necessary to purchase devices that support PoE, but in this case you will need to assemble a small communication box and place all the injectors and adapters in it.

Selecting access points

In the case of access points, the choice is much wider. Below we have selected the most interesting offers, and they are sorted in ascending order of price.

Please note that the Groove 52 (RBGroove52HPn) model will not fit, because... Comes with a Level 3 license which does not allow use of AP mode.

You probably have a natural question: what does hAP ac lite do in this table? It's simple. Firstly, it has PoE support, which allows you to power it remotely. Secondly, the router has the ability to be wall mounted. Thirdly, this is, of course, support for 802.11ac and the price is only 45 USD.

Thanks to the combination of these parameters, it can be used as a Dual-Band access point with the functionality of an additional switch. The only limitation is the speed of network interfaces of 100 Mbit.

Point GrooveA 52 is highlighted separately, because it is equipped with a powerful radio module and is suitable for outdoor use when it is necessary to cover a very large area. Please note that the device can only operate in one band at a time - either 2.4 GHz or 5 GHz. The range is selected manually in the control panel.

The table also does not include OmniTIK and Metal due to the price/feature ratio. These solutions are more suitable for use in commercial networks.

The best option for building a network at home is, and. Moreover, wAP and wAP ac can be used outdoors.

The older wAP ac model is equipped with a gigabit network interface to provide high throughput; it supports simultaneous operation in two bands with channel speeds of 300 and 1300 Mbit for 2.4 and 5 GHz, respectively.

Actually, using the example of wAP and wAP ac in conjunction with the hEX PoE switch, we will consider building a home wireless network.

Connecting and configuring the gateway

hEX PoE will act as the main router, providing clients with access to the Internet. As expected, the gateway will issue IP addresses for other devices, but the DHCP server will be disabled on the access points themselves.

We connect the device and log in to the control panel.

The setup process will be discussed using the default settings as an example, in order to simplify the process as much as possible for novice Mikrotik users.

The standard configuration is quite suitable for us, the only thing you will need to do is configure the type of connection to the provider’s network and select the ETH1 port ( twisted pair) or SFP (optics)

For convenience, we change the IP devices and local network settings to more familiar ones - 192.168.0.1/24.

Please note that we intentionally raised the DHCP pool up, which is not at all necessary. Personally, it’s easier for me to use static and MAC:IP binding in the lower part, and issue IP for other clients in the “upper” part.

Be sure to change the name of the device, in our case it will be “GATEWAY” (gateway); in the future, with a large number of devices, it will be much easier for you to navigate by names than by IP.

Apply the settings. After this, Winbox will become inaccessible; on some PCs you will need to reconnect to the network by unplugging the cable so that the network receives a new IP.

The rule good manners will go to IP - DHCP Server - Networks and manually add the IP of our router as a DNS server for clients receiving settings via DHCP. Mikrotik has its own DNS functionality, so using the provider's DNS on clients does not make sense.

By the way, you can also specify NTP here; you can easily raise it on Mikrotik itself. If in static DNS records replace time.windows.com with Mikrotik IP, machines running Windows OS will be able to take the exact time from the main gateway without additional settings. Read more in a separate publication, link above.

Don't forget to update the gateway to the latest version of RouterOS, in our case this is an update from 6.36.1 to 6.38.1. The device will reboot to update.

The general configuration of the gateway is complete. Creating a new user, changing the password, disabling unnecessary services and other settings Mikrotik protection- a topic for a separate publication, so we won’t dwell on it.

At this stage, you can connect access points to the router.

Connecting access points to the router

Both points will be powered via PoE from the main router. This approach will allow us to overload devices programmatically at a distance, and also get rid of unnecessary wires.

In practice, it is better to connect points in stages, since all wAPs have an open network and a standard password.

We will connect both points at once, because For an experienced user, the process takes only a couple of minutes.

A regular Mikrotik wAP access point received power via PoE without any problems, but for wAP ac we had to select the PoE “forced on” mode in the port settings. You can read more about priorities and setting up PoE Out in general in.

As you can see, in idle mode wAP consumes only 1.1 W, and its older brother wAP ac consumes 3.3 W.

In the IP - DHCP Server - Leases section, you can make sure that both access points have received an IP address.

Let's move on to the next setup step.

Mikrotik wAP connection

The process of setting up both wAPs is done by connecting to the access point's open wireless network. A netbook, laptop or PC with a wireless adapter is suitable for these purposes. In our case it will be a netbook.

As you can see, the netbook successfully identified all 3 networks. Why three and not two? The fact is that wAP ac has one network at 2.4 GHz, the second at 5 GHz.

MikroTik-5EDCC7 is our Mikrotik wAP, the MikroTik-7D550D and MikroTik-7D550E networks are Mikrotik wAP ac, which is easy to identify by the name of the network (the name is distinguished by the last character).

We will start setting up from the simplest point, this is faster and will allow you to understand how to set up a dual-band point.

After connecting to the MikroTik-5EDCC7 wireless network, Winbox will detect a device with standard IP 192.168.88.1

We accept the standard configuration. As you can see, the device operates in routing mode, which is why it is not possible to connect to it via a cable.

Switch the point to bridge mode (Bridge = bridge), this will make the device completely transparent. We set the “Adress Acquisition” option to “Automatic”, i.e. The device will receive IP from the DHCP server. If you wish, you can implement a static IP, but more on that a little later; we will implement it a little differently.

“Adress Source” should be specified as “Any”, otherwise when you select the seemingly logical “Ethernet”, the device will have IP 0.0.0.0 and you simply will not connect to it. If everything is done correctly, the device will receive network settings.

As before, we change the name of the device.

Connecting Mikrotik wAP ac

We repeat all the above steps for new point, as well as each subsequent one that will be added to the network.

If everything is done correctly, all three devices will be visible in Winbox.

And, of course, don’t forget to update RouterOS on all network devices.

Setting up a wireless network in Mikrotik wAP

First, let's configure the wAP access point.

In the Wireless - Interfaces section, open the properties of the wireless interface.

Personally, I am a supporter of “Advanced Mode”, if the number of options scares you, you can use “Simple Mode”. Switching between modes is carried out at any time in the right part of the settings window.

In the current window we are interested in “Freq. Usage..." After clicking on this button, a new window will open in which you should click “Start”. The system will start scanning channels and you will be able to see the usage level of channels in real time.

As you can see, 2442-2452 MHz is used, so it is best to work in the 2412-2432 MHz range. It should not be forgotten that when using wide channels of 40 MHz, the number of non-overlapping channels is 3.

When setting up a wireless interface, I prefer to explicitly specify 2GHz-only-N, which sets the 802.11n mode. if you have old devices without support for the new standard, use mixed modes.

We set the channel width to “20/40 Ce”; you can also specify “20/40 eC”. The eC and Ce index indicate where the range needs to be expanded in relation to the main channel. eC - downward expansion, Ce - upward expansion. Thus, if you select the first channel, you can only expand it upwards, in the case of last channel the situation is the opposite, it can only be expanded downwards.

SSID - name of the wireless network. If you have 5GHz-capable access points, you can explicitly specify the 2G and 5G suffixes to help differentiate the bands. If this is not done, instead of two networks on the client, only one will be visible in the list, and the connection will be carried out according to the priorities of the adapter (Prefer 2G/Prefer 5G).

WPS should be disabled if not used.

“Frequency Mode” is set to “regulatory-domain”, and “Country” is set to “ukraine”. This setting will allow you not to violate regional restrictions on the use of radio frequency resources.

“WMM Support” can be selected “enabled”. This is a special QoS add-on that allows you to increase the priority of multimedia traffic.

Go to the “Advanced” tab. For the option “Hw. Protection Mode" select "rts cts". In short, this option helps to avoid conflicts when clients connected to the point do not see each other and cannot agree on the order of data transfer.

For “Adaptive Noise Immunity” we set “ap and client mode”. Again, in short, this option allows you to activate a special noise filtering algorithm, created by a point and/or by the client, for example, multiple reflections of the signal from the walls. Please note that the option will only work on adapters with Atheros chips.

On the HT tab, check the “Tx/Rx Chains” parameters, which should be checked everywhere. If the checkbox is not checked on one of the channels, the adapter will not be able to use it during operation.

Since we did not change the power parameters of the radio module, the standard values ​​will apply.

In this case, we are exclusively interested in HT20-x and HT40-x. Essentially, this is a kind of power guide for a specific radio module.

HT20 and HT40 indicate channel widths of 20 and 40 MHz, respectively. The number in the suffix is ​​the MCS speed index for the 802.11n standard. The higher the number, the greater the speed. As you can see, higher speeds use less power, and the higher the speed, the lower the power. Take this data into account if you decide to adjust the power wireless module in manual mode.

At the final stage, go to the “Security Profiles” tab. This section requires you to adjust your security profile. Select the “dynamic keys” mode, as well as the WPA2 and AES options. You can forget about WPA and TKIP forever (not to mention the outdated WEP); these security options have long been compromised and have “loopholes” that allow an experienced attacker to gain access to a wireless network protected by this method.

The network password is entered in the “WPA2 Pre-Shared Key” field. This completes the setting of the first point.

Setting up a wireless network in Mikrotik wAP ac

When setting up the second access point, we do everything similarly to the first access point.

Do not forget that it is necessary to scan the wireless network for each point, since air conditions may vary depending on the location. If you want to trust automation, choose the “auto” channel; Mikrotik copes with this task quite well on its own.

Do not forget to specify for the new and each subsequent point exactly the same SSID as on the first device. This is necessary for automatic roaming of clients between APs.

The operating frequency can be specified the same, but only if the access points overlap slightly. Otherwise, the points will share the airwaves among themselves, which will negatively affect the speed when working simultaneously. It is best to use the “chessboard” principle, i.e. alternate channels so that they do not intersect at all.

In the case of Dual-Band access points, there will be 2 interfaces in the Wireless Interfaces list; each is configured separately.

The principle is the same, scan the range and select optimal frequency. If your range 5745-5805 is clear, we recommend using it. In our case, it is already “crowded” with local providers.

By the way, experienced administrators will be interested in spectral-scan and spectral-history. Both tools work through the terminal.

To call, use the following commands:

/interface wireless spectral-scan

/interface wireless spectral-history

The channels and frequencies have been decided.

For the 5 GHz range, we indicate the 5G suffix; this is not at all necessary, as was already mentioned earlier.

The default channel width will be 20/40 MHz, but we know that 802.11ac can use 80 MHz channels and it is on them that it provides high speed.

For 80 MHz channels, the eCee add-on is used different combinations, there are 4 of them in total, because an 80 MHz channel combines 4 20 MHz channels. The selection logic is the same as for 2.4 GHz.

We carry out the settings in the same way as we did for previous point and 2.4 GHz band. Don't forget to check Chains and configure your security settings (profile).

The nuances of roaming on Mikrotik

In principle, this could be the end of the short instructions, but there is one more nuance.

In practice, there are quite often cases when wireless networks intersect. In such cases, the client may stubbornly hang on to a point with a weak signal, even though there is a point with an excellent signal level “under his nose.”

Actually, an example of such a case is in the screenshot above. On the left we see that the phone is connected to the 5 GHz network with good signal strength. After moving to another zone, the smartphone still remains stuck on the 5 GHz network, despite the fact that the channel speed has dropped to 87 Mbit, and there is a 2.4 GHz network nearby with an excellent signal.

What to do in this case? You can switch networks manually if the networks have different names, but you can also use a file and crutches.

First of all, everyone wireless interfaces you need to disable the “Default Authenticate” option. This is necessary in order to use the ACL functionality.

In the Access List tab (the section is still the same, Wireless) we create 2 rules.

First rule. We set the signal level range -75...120 dBm, set the Authentication and Forward options. This rule will allow connections for clients whose signal level is at least -75 dBm.

Second rule. Set the range to -120...-76 dBm, disable the Authentication and Forward options. This rule will disconnect clients whose signal level drops below -76 dBm.

The Authentication option allows the connection; therefore, its absence denies the connection. The Forward option allows data exchange between stations/clients. Forward can be useful in a secure home network, but in a public open network, data exchange between clients must be prohibited for security reasons.

If desired, here you can set up rules for days of the week and time. For these purposes, below under the Time spoiler there are the necessary parameters.

Once the ACL rules are created, you can see a list of authorized clients in the Registration table. Moreover, the comment for each client will contain a comment from the ACL rule (if it is specified), which is very convenient.

We check the work on the smartphone. When the signal level deteriorates to -75 dBm, the device still remains at the old point. As soon as the signal deteriorates to -76 dBm, the point automatically disconnects the client, after which the client connects to the strongest point.

However, this method is not without its shortcomings. The thing is that the points forcefully disconnect the client, which causes the end client to experience a short-term loss of communication. At best it's ~2 seconds. Much depends on the client equipment.

I set the signal level to -75 dBm solely as an example; this is a more recommended level than the universal “for any occasion” parameter. In practice, it is sometimes necessary to use -80 dBm or lower. In any case, the value is selected exclusively by an experimental method on site, based on the specific coverage and sensitivity of the client equipment.

In conclusion

Of course, there are many options for implementing a home wireless network on Mikrotik, starting with manual settings and ending with the use of CAPsMAN and even Mesh.

We have described a completely manual configuration option so that the end user understands “how it works”; moreover, this option does not require deep knowledge. At the same time, this configuration allows you to create a reliable wireless network that can operate stably without your intervention.

Among the disadvantages, it is worth noting the need to separately configure all devices, which takes a little more time than when using CAPsMAN. When using multiple points, this option is quite suitable and provides good flexibility.