Professional Documents
Culture Documents
Setting
Up Capsman On Mikrotik (Seamless Roaming) Hardware Implementation
Mikrotik Wap
The number of wireless devices is growing rapidly, continuously increasing the requirements for
network bandwidth and its coating.
There are now enough solutions to create a large wireless network both in a small private house
and a large country cottage, starting with LUMA, EERO, and ending with Luma, Eero.
Some solutions are characterized by simplicity of settings and high price, others provide great
opportunities, but require a good database to configure. In particular, we are talking about Mikrotik
products, which is characterized by an excellent combination of high reliability, a large functional
and quite a democratic value. At the same time, Mikrotik will be folded in understanding the settings
for the overwhelming majority of home users, which increases the level of entry and strongly limits
the real use of systems based on Mikrotik at home.
Despite the lack described above, once configuring Mikrotik, you can forget about it for months, and
even years. Mikrotik equipment is able to work for half a year and even more without rebooting,
saving time and nerves.
As part of this publication, we will show and tell how to create and customize the Mikrotik based on
a reliable network with excellent wireless coating for a large apartment, a private house or a small
office with a minimum amount of wires.
SELECT ROUTER
To create a high-performance network, a router will fit well (RB960PGS model). The presence of
SFP slot allows you to connect to the Internet provider using optics, in addition, the device is
equipped with 5 gigabit interfaces.
If SFP is not used, the Internet connection can be implemented using the first RJ-45 network
interface, which also supports PoE in. The remaining 4 interfaces support POE OUT, which allows
them to be powered by several access points from them, but not more than 4.
In practice, the wired network is almost always used, so at least one port will have to be allocated
under a wired local network, we will have 3 PoE ports at our disposal, which is enough for a private
house of medium sizes.
If home use is assumed - any gigabit switch of any brand will be suitable before expanding the
wired network. At the same time, if you plan to use VLAN and other exotic, you will need a
managed switch, or at least Easy-Smart, we advise you to pay attention to the managed switcher.
In the case when you want to save more than 3 points of access, you can buy a managed switch
with PoE. Please note the purchase of an additional POE switch will be justified only if you pave 2-4
additional access points from it. Otherwise, buying a switch for food just one point will be excessive
money.
For networks per 100 Mbps, more affordable models of routers with PoE are suitable:
It is not necessary to purchase devices with PoE support at all, but in this case you will need to
assemble a small communication box and place all injectors and adapters in it.
Apply settings. After that, Winbox will become inaccessible, on some PCs it will be necessary to
reconnect to the network by overclocking the cable so that the network receives a new IP.
The rule of good tone will go to the IP - DHCP Server - Networks and manually add the IP of our
router as a DNS server for clients receiving DHCP settings. Mikrotik has its own DNS functionality,
so the use of provider DNS on clients does not make sense.
By the way, you can immediately specify the NTP, the server of the exact time can be easily raised
on the Mikrotik itself. If in static DNS records, replace time.windows.com on the IP micro, the
Windows operating machines can take the exact time from the main gateway without additional
settings. Read more in a separate publication, the link is higher.
Do not forget to update the gateway to the latest version of Routeros, in our case it is an update
from 6.36.1 to 6.38.1. The device will reboot to the update.
The overall setting of the gateway is complete. Creating a new user, password change, disabling
unnecessary services and other protection settings Mikrotik is a topic for a separate publication, so
you will not stop at this.
At this stage, you can connect the access points to the router.
Connecting access points to router
Both points will be powered by PoE from the main router. This approach will allow us to overload
the devices programmatically on the removal, and also get rid of the excess wires.
In practice, connecting points is better to implement stages, since all WAP have an open network
and a standard password.
We connect both points at once, because For an experienced user, the process takes just a couple
of minutes.
The usual MIKROTIK WAP access point was without any problems received POE power, and for
WAP AC, it was necessary to select POE "FORCED ON" in the port settings. In more detail about
priorities and setting up PoE Out as a whole, you can read in.
As you can see, in idle mode, WAP consumes only 1.1 W, and the senior fellow WAP AC is 3.3 W.
In the IP - DHCP Server section - Leases, you can make sure that both access points of the IP
address received.
Getting Starting the next setup step.
As you can see, the netbook successfully determined all 3 networks. Why are three, not two? The
fact is that WAP AC has one network by 2.4 GHz, the second is 5 GHz.
MIKROTIK-5EDCC7 - Our Mikrotik WAP, Mikrotik-7D550D and Mikrotik-7D550E network is a
Mikrotik WAP AC, which is easy to determine the name of the network (the name is distinguished
by the latest symbol).
The setting will begin with the simplest point itself, it is faster and allow you to understand how to
adjust the two-band point.
After connecting to the MIKROTIK-5EDCC7 wireless network, Winbox will detect a device with
standard IP 192.168.88.1
We accept standard configuration. As you can see, the device works in routing mode, which is why
it is not possible to connect to it through the cable.
We switch the point in Bridge mode (Bridge \u003d Bridge), it will make the device completely
transparent. The Adress Acquisition option exhibit in Automatic, i.e. The device will receive from a
DHCP server. If you wish, you can implement IP static, but a little later, we will implement it
somewhat differently.
"ADRESS SOURCE" should be specified "any", otherwise, when you choose it would seem logical
"Ethernet", the device will be IP 0.0.0.0 and you simply do not connect to it. If everything is done
correctly - the device will receive network settings.
As before, we change the name of the device.
In the Wireless - Interfaces section, open the properties of the wireless interface.
Personally, I am a supporter "Advanced Mode" (advanced mode) if the number of options scares
you - you can use "Simple Mode". Switching between the mode is carried out at any time on the
right side of the window with the settings.
On the current window we are interested in "Freq. Usage ... ". After clicking on this button, you will
open a new window, in which you should click "Start". The system will start scanning channels and
you can see the level of use of channels in real time.
As you can see, 2442-2452 MHz is used, so it is best to operate in the range of 2412-2432 MHz. At
the same time, we should not forget that when using wide channels in 40 MHz, the number of
non-passing channels is 3rd.
When configuring a wireless interface, I prefer to explicitly specify 2GHz-Only-n, which sets the
802.11n mode. If you have old devices without new standard, use mixed modes.
Channel width Install "20/40 CE", you can also specify "20/40 EC". The EC and CE index indicate
where the range is to expand, relative to the main channel. EC - extension down, CE - expansion
up. Thus, if you choose the first channel, you can only expand it up, in the case of the last channel,
the situation is reverse, it can be expanded only downwards.
SSID - Wireless Network Network. If you have access points with support for 5 GHz, you can
explicitly specify 2G and 5G suffixes, which will help distinguish between the ranges. If this is not
done, on the client, only one will be visible instead of the list, and the connection will be made
according to the adapter priorities (Prefer 2G / Prefer 5G).
WPS if not used should be turned off.
"Frequency Mode" set "regulatory-domain", and "Country" - "Ukraine". This setting will allow not to
violate regional restrictions on the use of the radio frequency resource.
"WMM Support" can be selected "Enabled". This is a special QoS-superstructure that allows you to
increase the priority of multimedia traffic.
Go to the Advanced tab. For the "HW. PROTECTION MODE "Select" RTS CTS ". If briefly, this
option helps to avoid conflicts when customers connected to the point do not see each other and
cannot match the alternateness of data transfer.
For "Adaptive Noise Immunity" set "AP and Client Mode". Again, if briefly, this option allows you to
activate the special noise filtering algorithm generated by a point and / or client, for example,
multiple signal reversions from the walls. Please note the option will only work on adapters with
ATHEROS chips.
On the HT tab, check the "TX / RX Chains" parameters, opposite which checkboxes must be
installed everywhere. If the checkbox is not installed on one of the channels, the adapter will not be
able to use it during operation.
Since we did not change the power parameters of the radio module, standard values
\u200b\u200bwill be valid.
In this case, we are interested exclusively HT20-X and HT40-X. In fact, this is a kind of power
reference for a particular radio module.
HT20 and HT40 indicate the width of the channel 20 and 40 MHz, respectively. Figure in the suffix -
MCS speed index for 802.11n standard. The higher the number, the greater the speed. As you can
see, smaller power is used for high speeds, and the higher the speed, the lower the power. Take
these data if you decide to adjust the power of the wireless module in manual mode.
At the final stage, go to the SECURITY PROFILES tab (security profiles). This section requires you
to adjust security profile. Select the "Dynamic Keys" mode, as well as the WPA2 and AES options.
You can forget about WPA and TKIP (not speaking about outdated WEP), these options have long
compromised themselves and have "loopholes", allowing an experienced attacker to access the
wireless network protected by this method.
The network password is entered in the WPA2 Pre-Shared Key field. This completed the first point
setting.
For a range of 5 GHz, we indicate the suffix 5G, it is not at all necessary, which has already been
mentioned earlier.
The width of the channel will be offered by the default 20/40 MHz, but we also know that 802.11ac
can use channels of 80 MHz wide and precisely on them it provides high speed.
For the channels for 80 MHz, an ECEE add-in in different combinations, all of them 4, because The
channel for 80 MHz combines 4 channels of 20 MHz. The logic of choice is the same as for 2.4
GHz.
We perform the settings in the same way as we were made for the previous point and the range of
2.4 GHz. Do not forget to check the chains and configure security settings (profile).
However, this method is not deprived of the shortcomings. The thing is that the points make a
compulsory disconnection of the client, which is why the final client arises a short-term
communication break. At best, it's ~ 2 seconds. Much depends on client equipment.
Signal level in -75 dBm I was set exclusively for an example, this is a more recommended level
than the universal parameter "for any case". In practice, it sometimes has to use -80 dBm and
below. In any case, the value is selected exclusively by the experimental method directly in place,
based on the specific coating and sensitivity of the client equipment.
FINALLY
Of course, options for implementing the home wireless network on Mikrotik set, starting with
manual setting and ending with Capsman and even Mesh.
We described the option fully manual setting so that the end user understands "how it works",
moreover, this option does not require deep knowledge. At the same time, this configuration allows
you to create a reliable wireless network that will be able to work stably without your intervention.
Of the disadvantages, it is worth noting the need for a separate setting of all devices, which takes a
little longer than when using Capsman. When using multiple points, this option is quite suitable and
provides good flexibility.
When setting up WiFi on Mikrotik routers there is a lot of nuances, which would cost to pay attention
to beginner sysadmins.
Therefore, in this article we will look at how to configure WiFi and create an access point on the
routers of the Mikrotik model range.