Module – 05: Wireless

# IEEE802.11 Standards:
▪ The 802.11 standard is defined through several specifications of WLANs. It defines an
over-the-air interface between a wireless client and a base station or between two
wireless clients.
▪ There are several different 802.11 variants in use. Different 802.11 variants use different
bands. A summary of the bands used by the 802.11 systems is given below.

Standard Frequency Maximum Speed Backwards Compatibility

802.11 2.4 GHz 2 Mbps -
802.11a 5 GHz 54 Mbps -
802.11b 2.4 GHz 11 Mbps -
802.11g 2.4 GHz 54 Mbps 802.11b
802.11n 2.4 & 5 GHz 600 Mbps 802.11a/b/g
802.11ac 2.4 & 5 GHz 1300 Mbps 802.11a/n
802.11ad 2.4, 5 & 60 GHz 7 Gbps 802.11a/b/g/n/ac

# Wireless networks parameters

MikroTik RouterOS provides a complete support for IEEE 802.11a, 802.11b and 802.11g and,
starting from v3, also 802.11n wireless networking standards. There are several important
parameters which should be always configured when setting up wireless networks.

▪ SSID – (Service Set Identifier) a name that identifies particular 802.11 wireless network.
▪ Band – Frequency band, in which wireless router works (what IEEE standard it will use).
▪ Frequency – Channel frequency on which access point will operate
▪ Mode – MikroTik supports several operating modes for different kind of wireless
networks. Three basic modes are:
✓ AP-bridge – basic access point mode
✓ Station – works as a client, find, and connect to acceptable access point.
✓ Bridge – Same as “AP-bridge” but limited to one associated client.
▪ Security profile – There are several basic security elements that can be used, such as
open or shared-key authentication, static Wired Equivalency Protocol (WEP), and
optional MAC authentication.
# MikroTik Wireless Setup by AP-bridge Mode
Step-1: wlan1 Configuration
▪ Wireless → enable wlan1 → Wireless → Mode (ap bridge)
▪ Band (2Ghz-B/G/N) → Channel Width (20MHz) → Frequency (2412/auto)
▪ SSID (hAP Lite) → Wireless Protocol (802.11) → Security Profile (default)
▪ Checked (Default Authentication & Default Forward)
▪ Apply → Okay.
Step-2: Configure Security Profile
▪ Wireless → Security Profile -> Name (WiFi Profile)
▪ Authentication type (WPA PSK, WPA2 PSK)
▪ Checked (aesc cm & aesc cm)
▪ WPA / WPA2 Pre-shared key (********)
▪ Apply → Okay.
# default-authentication:
▪ For AP mode, this is the value of authentication for clients that do not match any entry
in the access-list.
▪ For station mode, this is the value of connect for APs that do not match any entry in the
connect-list
# default-forwarding:
▪ This is the value of forwarding for clients that do not match any entry in the access-list.
# WPA (Wi-Fi Protected Access)
▪ It’s a data encryption specification for a wireless LAN.
▪ It improves upon the security feature of WEP by using Extensible Authentication
Protocol (EAP) to secure network access and an encryption method to secure data
transmissions.
▪ It can also be used in a less secure "Pre-Shared Key (PSK)" mode.
▪ PSK is designed for home and small office networks where every user has the same
passphrase. WPA-PSK is also called WPA-Personal.
# TKIP (Temporal Key Integrity Protocol) is an encryption method. TKIP provides per-packet
key mixing a message integrity and re-keying mechanism.
# AES (Advanced Encryption Standard) is the Wi-Fi authorized strong encryption standard.
WPA-PSK/ WPA2-PSK and TKIP or AES use a Pre-Shared Key (PSK) that is 8 or more characters in
length, up to a maximum of 63 characters.
# WiFi Station Setup with MikroTik Wireless Router
▪ Able to connect to a remote WiFi AP
▪ The connection can be used as wireless WAN connection.
Step-1: IP Address assign by dhcp-client on wlan.
▪ Wireless → enable wlan1
▪ IP → dhcp-client → Plus → DHCP → Interface (wlan1)
▪ Checked Use peer DNS and NTP, Add Default Route (yes)
Step-2: Subscription of WiFi Connection from ISP
▪ Wireless → Security Profile → Plus → Name (WiFi Profile)
▪ Checked WPA PSK, WPA2 PSK and aes ccm
▪ Assign WPA/WPA2 Pre-shared key and Apply
Step-3: Enable Wireless Station on wlan1
▪ Click on wlan1 → Wireless →Mode (Station)
▪ Advanced Mode → Security Profile (WiFi Profile)
▪ Scan → Interface (wlan1) → Start → SSID (SAMEEN) → Connect and Apply
Step-4: Connection checked from LAN Device.
▪ IP → Address → Plus → Address (10.10.10.1/24) → Interface (Ether1)
▪ IP → Firewall → Plus → NAT → chain (scrnat) → Src Address (10.10.10.0/24)
▪ Action → masquerade → apply → ok

# Access List: Access list is used by access point to restrict allowed connections from other
devices, and to control connection parameters.
# Connect List: It’s works with station mode. when wireless interface is client, to what APs it
should connect.

Reference:
https://www.youtube.com/watch?v=SrW4OVa84O8
https://www.youtube.com/watch?v=atKCXTj7ACw
https://wiki.mikrotik.com/wiki/Testwiki/Advanced_MikroTik_Wireless_networks
https://wiki.mikrotik.com/wiki/Manual:Interface/Wireless