Home Wireless Network On Mikrotik: Example Fully Manual Setting.

Setting
Up Capsman On Mikrotik (Seamless Roaming) Hardware Implementation
Mikrotik Wap
The number of wireless devices is growing rapidly, continuously increasing the requirements for
network bandwidth and its coating.
There are now enough solutions to create a large wireless network both in a small private house
and a large country cottage, starting with LUMA, EERO, and ending with Luma, Eero.
Some solutions are characterized by simplicity of settings and high price, others provide great
opportunities, but require a good database to configure. In particular, we are talking about Mikrotik
products, which is characterized by an excellent combination of high reliability, a large functional
and quite a democratic value. At the same time, Mikrotik will be folded in understanding the settings
for the overwhelming majority of home users, which increases the level of entry and strongly limits
the real use of systems based on Mikrotik at home.
Despite the lack described above, once configuring Mikrotik, you can forget about it for months, and
even years. Mikrotik equipment is able to work for half a year and even more without rebooting,
saving time and nerves.
As part of this publication, we will show and tell how to create and customize the Mikrotik based on
a reliable network with excellent wireless coating for a large apartment, a private house or a small
office with a minimum amount of wires.

SELECT ROUTER
To create a high-performance network, a router will fit well (RB960PGS model). The presence of
SFP slot allows you to connect to the Internet provider using optics, in addition, the device is
equipped with 5 gigabit interfaces.
If SFP is not used, the Internet connection can be implemented using the first RJ-45 network
interface, which also supports PoE in. The remaining 4 interfaces support POE OUT, which allows
them to be powered by several access points from them, but not more than 4.
In practice, the wired network is almost always used, so at least one port will have to be allocated
under a wired local network, we will have 3 PoE ports at our disposal, which is enough for a private
house of medium sizes.
If home use is assumed - any gigabit switch of any brand will be suitable before expanding the
wired network. At the same time, if you plan to use VLAN and other exotic, you will need a
managed switch, or at least Easy-Smart, we advise you to pay attention to the managed switcher.
In the case when you want to save more than 3 points of access, you can buy a managed switch
with PoE. Please note the purchase of an additional POE switch will be justified only if you pave 2-4
additional access points from it. Otherwise, buying a switch for food just one point will be excessive
money.
For networks per 100 Mbps, more affordable models of routers with PoE are suitable:
It is not necessary to purchase devices with PoE support at all, but in this case you will need to
assemble a small communication box and place all injectors and adapters in it.

SELECT ACCESS POINTS

In the case of access points, the choice is much wider. Just below, we picked up the most
interesting offers, and they are sorted in ascending order.
Note, the Groove 52 model (RBGROOVE52HPN) does not suit, because Comes with the 3rd level
of a license that does not allow using AP mode.
Probably, you have a natural question that the HAP AC Lite does in this table? Everything is simple.
First, he has PoE support, which allows you to pave it remotely. Secondly, the router provides the
possibility of a wall installation. Thirdly, it is, of course, support 802.11ac and the price of only 45
USD.
Due to the totality of these parameters, you can use as a dual-band access point with an additional
switch functionality. The only limitation is the speed of network interfaces in 100 Mbps.
Separately highlighted the point Groovea 52, because It is equipped with a powerful radio module
and suitable for use outside the room when it is necessary to cover a very large area. Note,
simultaneously the device can only work in one range - either 2.4 GHz, or 5 GHz. The selection of
the range is carried out in manual in the control panel.
The table also does not have Omnitik and Metal, due to the price / possibility ratio. These solutions
are more suitable for use in commercial networks.
The most optimal option for building a home network - WAP, CAP and WAP AC. Moreover, WAP
and WAP AC can be used outside the room.
The older WAP AC model is equipped with a gigabit network interface to ensure high bandwidth,
simultaneous operation in two bands with a channel speed of 300 and 1300 Mbps for 2.4 and 5
GHz, respectively, are supported.
Actually, on the example of WAP and WAP AC in a bundle with a HEX POE switch, we will consider
building a home wireless network.

CONNECTING AND SETTING THE GATEWAY

hEX POE will execute the role of the main router that provides customer logging on the Internet. As
it should be supposed, the gateway will issue IP addresses for other devices, on the access points
themselves, the DHCP server will be disconnected.
Connect the device and log in to the control panel.
The configuration process will be considered on the default settings example to simplify the process
for novice users of Mikrotik.
The standard configuration will be quite suitable for us, the only thing that will require this will
configure the type of connection to the provider's network and select the ETH1 port (twisted pair) or
SFP (optics)
For convenience, we change the IP devices and settings for the local network to more familiar -
192.168.0.1/24.
Please note that the DHCP pool was deliberately raised up, which is not at all. Personally, it is
easier for me to use the statics and the Mac binding: IP, and in the "top" part of the IP for the rest of
the clients.
Be sure to change the name of the device, in our case it will be "Gateway" (gateway), in the future
with a large number of devices you will be much easier to navigate the names than by IP.

Apply settings. After that, Winbox will become inaccessible, on some PCs it will be necessary to
reconnect to the network by overclocking the cable so that the network receives a new IP.
The rule of good tone will go to the IP - DHCP Server - Networks and manually add the IP of our
router as a DNS server for clients receiving DHCP settings. Mikrotik has its own DNS functionality,
so the use of provider DNS on clients does not make sense.
By the way, you can immediately specify the NTP, the server of the exact time can be easily raised
on the Mikrotik itself. If in static DNS records, replace time.windows.com on the IP micro, the
Windows operating machines can take the exact time from the main gateway without additional
settings. Read more in a separate publication, the link is higher.

Do not forget to update the gateway to the latest version of Routeros, in our case it is an update
from 6.36.1 to 6.38.1. The device will reboot to the update.
The overall setting of the gateway is complete. Creating a new user, password change, disabling
unnecessary services and other protection settings Mikrotik is a topic for a separate publication, so
you will not stop at this.
At this stage, you can connect the access points to the router.
Connecting access points to router
Both points will be powered by PoE from the main router. This approach will allow us to overload
the devices programmatically on the removal, and also get rid of the excess wires.
In practice, connecting points is better to implement stages, since all WAP have an open network
and a standard password.
We connect both points at once, because For an experienced user, the process takes just a couple
of minutes.
The usual MIKROTIK WAP access point was without any problems received POE power, and for
WAP AC, it was necessary to select POE "FORCED ON" in the port settings. In more detail about
priorities and setting up PoE Out as a whole, you can read in.
As you can see, in idle mode, WAP consumes only 1.1 W, and the senior fellow WAP AC is 3.3 W.
In the IP - DHCP Server section - Leases, you can make sure that both access points of the IP
address received.
Getting Starting the next setup step.

CONNECTING MIKROTIK WAP

The process of configuring both WAP points is carried out by connecting to the open wireless
network of the access point. For these purposes, a netbook is suitable, a laptop or a PC with a
wireless adapter. In our case, it will be a netbook.

As you can see, the netbook successfully determined all 3 networks. Why are three, not two? The
fact is that WAP AC has one network by 2.4 GHz, the second is 5 GHz.
MIKROTIK-5EDCC7 - Our Mikrotik WAP, Mikrotik-7D550D and Mikrotik-7D550E network is a
Mikrotik WAP AC, which is easy to determine the name of the network (the name is distinguished
by the latest symbol).
The setting will begin with the simplest point itself, it is faster and allow you to understand how to
adjust the two-band point.
After connecting to the MIKROTIK-5EDCC7 wireless network, Winbox will detect a device with
standard IP 192.168.88.1
We accept standard configuration. As you can see, the device works in routing mode, which is why
it is not possible to connect to it through the cable.
We switch the point in Bridge mode (Bridge \u003d Bridge), it will make the device completely
transparent. The Adress Acquisition option exhibit in Automatic, i.e. The device will receive from a
DHCP server. If you wish, you can implement IP static, but a little later, we will implement it
somewhat differently.
"ADRESS SOURCE" should be specified "any", otherwise, when you choose it would seem logical
"Ethernet", the device will be IP 0.0.0.0 and you simply do not connect to it. If everything is done
correctly - the device will receive network settings.
As before, we change the name of the device.

CONNECTING MIKROTIK WAP AC

All of the above actions repeat for a new point, as well as each subsequent, which will be added to
the network.
If everything is done correctly, all three devices will be prominted in WINBOX.
And, of course, do not forget to update Routeros on all network devices.

SETTING UP A WIRELESS NETWORK IN MIKROTIK WAP

First set the WAP access point.

In the Wireless - Interfaces section, open the properties of the wireless interface.
Personally, I am a supporter "Advanced Mode" (advanced mode) if the number of options scares
you - you can use "Simple Mode". Switching between the mode is carried out at any time on the
right side of the window with the settings.
On the current window we are interested in "Freq. Usage ... ". After clicking on this button, you will
open a new window, in which you should click "Start". The system will start scanning channels and
you can see the level of use of channels in real time.
As you can see, 2442-2452 MHz is used, so it is best to operate in the range of 2412-2432 MHz. At
the same time, we should not forget that when using wide channels in 40 MHz, the number of
non-passing channels is 3rd.
When configuring a wireless interface, I prefer to explicitly specify 2GHz-Only-n, which sets the
802.11n mode. If you have old devices without new standard, use mixed modes.
Channel width Install "20/40 CE", you can also specify "20/40 EC". The EC and CE index indicate
where the range is to expand, relative to the main channel. EC - extension down, CE - expansion
up. Thus, if you choose the first channel, you can only expand it up, in the case of the last channel,
the situation is reverse, it can be expanded only downwards.
SSID - Wireless Network Network. If you have access points with support for 5 GHz, you can
explicitly specify 2G and 5G suffixes, which will help distinguish between the ranges. If this is not
done, on the client, only one will be visible instead of the list, and the connection will be made
according to the adapter priorities (Prefer 2G / Prefer 5G).
WPS if not used should be turned off.
"Frequency Mode" set "regulatory-domain", and "Country" - "Ukraine". This setting will allow not to
violate regional restrictions on the use of the radio frequency resource.
"WMM Support" can be selected "Enabled". This is a special QoS-superstructure that allows you to
increase the priority of multimedia traffic.
Go to the Advanced tab. For the "HW. PROTECTION MODE "Select" RTS CTS ". If briefly, this
option helps to avoid conflicts when customers connected to the point do not see each other and
cannot match the alternateness of data transfer.
For "Adaptive Noise Immunity" set "AP and Client Mode". Again, if briefly, this option allows you to
activate the special noise filtering algorithm generated by a point and / or client, for example,
multiple signal reversions from the walls. Please note the option will only work on adapters with
ATHEROS chips.
On the HT tab, check the "TX / RX Chains" parameters, opposite which checkboxes must be
installed everywhere. If the checkbox is not installed on one of the channels, the adapter will not be
able to use it during operation.
Since we did not change the power parameters of the radio module, standard values
\u200b\u200bwill be valid.
In this case, we are interested exclusively HT20-X and HT40-X. In fact, this is a kind of power
reference for a particular radio module.
HT20 and HT40 indicate the width of the channel 20 and 40 MHz, respectively. Figure in the suffix -
MCS speed index for 802.11n standard. The higher the number, the greater the speed. As you can
see, smaller power is used for high speeds, and the higher the speed, the lower the power. Take
these data if you decide to adjust the power of the wireless module in manual mode.
At the final stage, go to the SECURITY PROFILES tab (security profiles). This section requires you
to adjust security profile. Select the "Dynamic Keys" mode, as well as the WPA2 and AES options.
You can forget about WPA and TKIP (not speaking about outdated WEP), these options have long
compromised themselves and have "loopholes", allowing an experienced attacker to access the
wireless network protected by this method.
The network password is entered in the WPA2 Pre-Shared Key field. This completed the first point
setting.

SETTING UP A WIRELESS NETWORK IN MIKROTIK WAP AC

When configuring the second access point, we make everything similarly to the first access point.
Do not forget that you need to scan the wireless network for each point, since the conditions of the
ether may vary, depending on the placement location. If you want to trust automation - select the
AUTO channel, Mikrotik is quite well coping with this task.
Do not forget to specify for a new one and each subsequent point exactly the same SSID, as in the
first device. It is necessary to do this for automatic client roaming between AP.
The operating frequency can be specified the same, but only if the access points are weakly
intersect. Otherwise, the points will share the ether among themselves, which will negatively affect
the speed at simultaneous work. It is best to use the principle of "chessboard", i.e. Alternate
channels so that they do not intersect at all.
In the case of DUAL-BAND access points, there will be 2 interfaces in the Wireless Interfaces list,
each individually is adjusted.
The principle is the same, scan the range and choose the optimal frequency. If you have a range of
5745-5805, we recommend using it. In our case, he is already "scored" by local providers.
By the way, for experienced administrators will be interested in SPESTRAL-SCAN and
Spectral-History. Both instruments are working through the terminal.
Commands are used to call:
/ Interface Wireless Spectral-Scan
/ Interface Wireless Spectral-History
Channels and frequencies were determined.

For a range of 5 GHz, we indicate the suffix 5G, it is not at all necessary, which has already been
mentioned earlier.
The width of the channel will be offered by the default 20/40 MHz, but we also know that 802.11ac
can use channels of 80 MHz wide and precisely on them it provides high speed.
For the channels for 80 MHz, an ECEE add-in in different combinations, all of them 4, because The
channel for 80 MHz combines 4 channels of 20 MHz. The logic of choice is the same as for 2.4
GHz.
We perform the settings in the same way as we were made for the previous point and the range of
2.4 GHz. Do not forget to check the chains and configure security settings (profile).

ROAMING NUANCES ON MIKROTIK

In principle, this could be completed a brief instruction, but there is another nuance.
In practice, there are quite often cases when wireless networks intersect. In such cases, the client
can stubbornly hang on a point with a weak signal, even though he has a "under his nose" there is a
point with an excellent signal level.
Actually an example of such a case in the screenshot above. On the left we see that the phone is
connected to a 5 GHz network with a good signal level. After moving to another zone, the
smartphone still remains hanging on a 5 GHz network, despite the fact that the channel speed
dropped to 87 Mbps, and there is a 2.4 GHz network with an excellent signal.
What to do in this case? You can switch the network manually if networks have different names, but
you can also use a "file" and "crutches".
First of all, on all wireless interfaces, you must disable the "Default Authenticate" option. It is
necessary to use the ACL functionality.
In the Access List tab (all the same section, Wireless) Create 2 rules.
The first rule. Set the signal level range -75 ... 120 dBm, set the Authentication and Forward
options. This rule will allow connections for clients who have a signal level of at least -75 dBm.
Second rule. We specify the range -120 ...- 76 dBm, turn off the Authentication and Forward
options. This rule will disable customers who have the signal level below -76 dBm.
The Authentication option allows the connection, therefore, its no connection prohibits. The
Forward option allows data exchange between stations / clients. Forward may be useful in a secure
home network, but in a public open network, data exchange between customers must be prohibited
in security reasons.
If desired, here you can configure the rules of the day of the week and time. For these purposes
below, the Time spoiler has the necessary parameters.
After the ACL rules are created, in the Registration Table (Registration) you can see a list of
authorized customers. Moreover, in the comments to each client will be the comment of the ACL
rule (if it is specified), which is very convenient.
Check the work on the smartphone. With a worsening of the signal level up to -75 dBm, the device
still holds at the old point. As soon as the signal worsens up to -76 dBm, the point automatically
disables the client, after which the client connects to the strongest point.

However, this method is not deprived of the shortcomings. The thing is that the points make a
compulsory disconnection of the client, which is why the final client arises a short-term
communication break. At best, it's ~ 2 seconds. Much depends on client equipment.
Signal level in -75 dBm I was set exclusively for an example, this is a more recommended level
than the universal parameter "for any case". In practice, it sometimes has to use -80 dBm and
below. In any case, the value is selected exclusively by the experimental method directly in place,
based on the specific coating and sensitivity of the client equipment.

FINALLY
Of course, options for implementing the home wireless network on Mikrotik set, starting with
manual setting and ending with Capsman and even Mesh.
We described the option fully manual setting so that the end user understands "how it works",
moreover, this option does not require deep knowledge. At the same time, this configuration allows
you to create a reliable wireless network that will be able to work stably without your intervention.
Of the disadvantages, it is worth noting the need for a separate setting of all devices, which takes a
little longer than when using Capsman. When using multiple points, this option is quite suitable and
provides good flexibility.
When setting up WiFi on Mikrotik routers there is a lot of nuances, which would cost to pay attention
to beginner sysadmins.
Therefore, in this article we will look at how to configure WiFi and create an access point on the
routers of the Mikrotik model range.