Testwiki/MikroTik Wireless Networks: Difference between revisions
Line 32: | Line 32: | ||
At the physical layer data signal is modulated using Orthogonal frequency-division multiplexing (OFDM) modulation. 802.11a products support more than one data rate and allow data rate shifting at 54Mbps, 48Mbps, 36Mbps, 24Mbps, 18Mbps, 12Mbps 9Mbps and 6Mbps. Data rate shifting means that data rate is selected dynamically depending on how far client is from the access point and this rate shifting happens without losing connection and no interaction from the user. Remember that greater data rate means lower operation distance. | At the physical layer data signal is modulated using Orthogonal frequency-division multiplexing (OFDM) modulation. 802.11a products support more than one data rate and allow data rate shifting at 54Mbps, 48Mbps, 36Mbps, 24Mbps, 18Mbps, 12Mbps 9Mbps and 6Mbps. Data rate shifting means that data rate is selected dynamically depending on how far client is from the access point and this rate shifting happens without losing connection and no interaction from the user. Remember that greater data rate means lower operation distance. | ||
The higher frequency means lower operation distance like 802.11b/g (that operate on 2.4GHz band). It also means that 802.11a signals have more difficulty penetrating walls and other obstructions. 802.11a operates in the 5Ghz radio band so it is immune to interference from devices that operate in the 2.4Ghz band, like microwave ovens, Bluetooth and other 2.4 Ghz access points. | ??? The higher frequency means lower operation distance like 802.11b/g (that operate on 2.4GHz band) ???. It also means that 802.11a signals have more difficulty penetrating walls and other obstructions. 802.11a operates in the 5Ghz radio band so it is immune to interference from devices that operate in the 2.4Ghz band, like microwave ovens, Bluetooth and other 2.4 Ghz access points. | ||
===802.11b=== | ===802.11b=== |
Revision as of 13:44, 23 September 2010
MikroTik Wireless Networks
This chapter covers wireless LAN technologies, basic wireless network parameters, standards and instructions how to set up basic MiktroTik wireless on MikroTik routers.
Wireless communication uses radio frequencies (RFs). Antenna receives signal from transmitter (router wireless card) and radiates RFs into the air. Next figure 5.1 shows simple Point-to-point wireless network topology.
Radio waves are influenced by different factors like frequency (wave length), other radiation sources with the same frequency and propagation environment from one point on the Earth to another. Waves can be absorbed, refracted, scattered from different kind of obstruction or reflected by walls, water and metal surfaces, as result we receive low strength signal.
When we speak about wireless technologies we need to remember some basic principles:
- We can get greater transmit distance by increasing the transmit power of wireless router (wireless card). It must be done carefully.
- We can get greater transmit distance by choosing antenna with greater gain.
- By using higher frequencies, we can achieve higher data rates but unfortunately decreases transmit distance and vice versa if we use lower frequency we got greater transmit distance but at lower data rate.
The 802.11 standards
Wireless networks are standardized by the Institute of Electrical and Electronics Engineers (IEEE). IEEE 802.11 is a set of standards for implementing wireless local area networks (WLANs) in the 2,4 and 5Ghz frequency bands. Also important fact is that these frequencies in most countries does not require license, but output power (radiation power from antenna) is limited. That ensure the user freedom installing devices that support these standards and operate without any licensing.
WiFi Alliance grants certification for interoperability among 802.11 products offered by various vendors.
Lets take a look at some of the most widely used standards and drafts created by IEEE that are also supported by MikroTik routers.
802.11a
802.11a standard was ratified in 1999 at the same time as 802.11b, but the first product supporting 802.11a appeared on the market only in 2001. 802.11a operates in the 5 GHz band with maximum bandwidth up to 54 Mbps and includes 12 non-overlapping frequency channels separated by 20MHz. That allows you to implement three access points in the same wireless area without any interference. [[Read more >>
]].
At the physical layer data signal is modulated using Orthogonal frequency-division multiplexing (OFDM) modulation. 802.11a products support more than one data rate and allow data rate shifting at 54Mbps, 48Mbps, 36Mbps, 24Mbps, 18Mbps, 12Mbps 9Mbps and 6Mbps. Data rate shifting means that data rate is selected dynamically depending on how far client is from the access point and this rate shifting happens without losing connection and no interaction from the user. Remember that greater data rate means lower operation distance.
??? The higher frequency means lower operation distance like 802.11b/g (that operate on 2.4GHz band) ???. It also means that 802.11a signals have more difficulty penetrating walls and other obstructions. 802.11a operates in the 5Ghz radio band so it is immune to interference from devices that operate in the 2.4Ghz band, like microwave ovens, Bluetooth and other 2.4 Ghz access points.
802.11b
IEEE expanded on the original 802.11 standard in July 1999, creating the 802.11b specification. 802.11a operates in the 2,4GHz band with a maximum bandwidth up to 11 Mbps, comparable to traditional Ethernet and includes only 14 frequencies channels with 3 non-overlapping channels. It was the most widely wireless standard until 802.11g has ratified. 802.11g also uses 2,4Ghz radio band but supports maximum data rate 54Mbps. At the physical layer data signal is modulated using direct-sequence spread spectrum (DSSS) modulation.
The same radio frequency and modulation type of 802.11b and 802.11g allow them to interoperate. For example, end user equipped with an 802.11b radio card will be able to connect with an 802.11g access point.
Similar to the 802.11a, all 802.11b products support data rate shifting while moving. These standards allow operate at 11Mbps, 5,5Mbps, 2Mbps and 1Mbps data rate.
This lower frequency compared to 802.11a provides higher operation the range (distance) of 802.11b networks.
802.11g
The 802.11g standard was ratified in 2003 and backward compatible with 802.11b. As I mentioned previously 802.11g standard provides the same maximum data rate as 802.11a – 54Mbps, but it operates in the 2,4Ghz the same as 802.11b and include the same non-overlapping channels as 802.11b. 802.11g products can be combined with 802.11b devices in the same network. 802.11g is backwards compatible with 802.11b, meaning that 802.11g access points will work with 802.11b wireless network adapters and vice versa. This standard supports to types of modulation at the physical layer DSSS and OFDM. Device that uses 802.11g standard for communication uses OFDM modulation for better performance, but when 802.11g user are connecting at the access point that operate at the 802.11b standard, they actually use the same modulation 802.11b does (DSSS).
802.11n
One of newer IEEE standard is 802.11n. It was designed to improve on 802.11g in the amount of bandwidth supported by adding MIMO (Multiple-Input Multiple-Output) technology that uses multiple transmitter and receiver antennas instead of one to increase data throughput. Maximal data rate may be even several hundred Mbps. At the physical layer data signal is modulated using OFDM modulation. 802.11n also offers somewhat better range over earlier Wi-Fi standards due to its increased signal intensity.
Channels and frequencies
802.11b/g channels in 2.4 GHz band.
Fourteen channels are defined in the IEEE 802.11b/g channel set. Each channel as transmitted is 22 MHz wide, however, the channel center separation is only 5 MHz as you can see in Figure 5.2.
For example the 2.412–2.484 GHz band is divided into 14 channels each of width 22 MHz with channel 1 centered on 2.412 GHz and 13 on 2.472 GHz to which Japan adds a 14th channel 12 MHz above channel 13.
Only three non-overlapping (non-interfering) channels are here possible (1, 6, and 11). As you can see channels overlap and signals from neighboring channels can interfere with each other, it is very important when you implement wireless network with several access points (multi-access point environment such as an office, hotel or campus) in the same area. Access points are usually deployed in "cellular" fashion and adjacent access points are allocated non-overlapping channels.
Availability of channels is regulated by country, not all channels are allowed in all countries dependent on how each country allocates radio spectrum to various services. For example, Japan permits the use of all 14 channels, while European model allows channels from 1 through 13) and North America allows channels from 1 to 11.
802.11a channels in 5 Ghz band
802.11a is a wireless LAN standard operating at 5 GHz carrier frequency in 3 unlicensed bands:
- 5.15 - 5.25 GHz (4 channels of 20 MHz)
- 5.25 - 5.35 GHz (4 channels of 20 MHz)
- 5.725 - 5.825 GHz (4 channels of 20 MHz)
These non-overlapping channels are spaced at 20 MHz apart and are considered non-interfering. Figure 11.3 shows the channel scheme for the 802.11a bands.
Wireless networks parameters
MikroTik RouterOS provides a complete support for IEEE 802.11a, 802.11b and 802.11g and now also for 802.11n wireless networking standards. There are several important parameters which should be always configured when implementing wireless networks.
SSID – Service Set Identifier is a name that identifies a particular 802.11 wireless network. Access point sends broadcast massage with SSID name and all clients receives broadcast messages. The client device can then select the network with which to associate.
Band – Frequency band, in which wireless router works (what IEEE standard it will use).
Frequency – Channel frequency on which access point will operate
Mode – Wireless router operating mode. MikroTik support several operating modes for different kind of wireless networks, but three basic modes are:
- AP-bridge – basic access point mode
- Station – work as client, find and connect to acceptable access point
- Bridge – Same as “AP-bridge”, but limited to one associated client.
Security profile – There are several basic security elements that can be used, such as open or shared-key authentication, static Wired Equivalency Protocol (WEP), and optional MAC authentication, but none of these don’t provide serious data security solution, therefore is implemented more sophisticated security methods. Open authentication only check if correct SSID is on both devices that connect through wireless. Shared-key authentication means that client and access point share the same key. Access point send the client device test packet that the client must then encrypt with the correct Wired Equivalency Protocol (WEP) key and return it to access point. Without the correct key client authentication to access point will be failed. MAC address authentication means that client MAC addresses are registered in the access point and clients with proper MAC address can access to them.
World is complicated and these previously named security solutions not always is provide sufficient security level.
Today is developed more advanced security mechanisms such as Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2), which provide access control per user, per session and can be used together with various encryption protocols such as Temporal Key Integrity Protocol (TKIP) or AES (Advanced Encryption Standard).
Configuring Wireless interface
Before we start configuration we decide what kind of wireless network we want to introduce. If we don’t look at some advanced wireless network configurations, like Wireless distribution systems (WDS), and wireless mesh we have two basic configurations:
- Point to point (PTP) – to introduce this kind of link one end-point works as Bridge (mode=bridge) and another as station (mode-station).
Note: Remember that station work as client what find and connect to acceptable access point, whereas bridge works as simple access point but limited to one associated client.
- Point to Multipoint (PMP-system) – one end-point should work as access point (mode=ap-bridge) by which connect others end-points that work as stations.
Next we can check how much wireless interface we have and what kind of IEEE protocol it supports. MikroTik RouterOS supports various types of Atheros chipset based wireless cards.
[admin@MikroTik_A] /interface wireless> print Flags: X - disabled, R - running 0 X name="wlan1" mtu=1500 mac-address=00:0C:42:1F:88:68 arp=enabled interface-type=Atheros AR5413 mode=bridgessid="MikroTik" frequency=2457 band=2.4ghz-b/g</u> scan-list=default antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no security-profile=default compression=no 1 X name="wlan2" mtu=1500 mac-address=00:0C:42:1F:9F:FD arp=enabled interface-type=Atheros AR5413 mode=station ssid="MikroTik" frequency=5180 band=5ghz scan-list=default antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no security-profile=default compression=no
Here you can see most important wireless interface parameters, like mode, SSID, band, frequency, used security profile name etc.
Using command print advanced you can obtain more detailed information:
[admin@MikroTik_A] /interface wireless> print advanced Flags: X - disabled, R - running 0 X name="wlan1" mtu=1500 mac-address=00:0C:42:1F:88:68 arp=enabled disable-running-check=no interface-type=Atheros AR5413 radio-name="000C421F8868" mode=bridge ssid="MikroTik" area="" frequency-mode=regulatory-domain country=latvia antenna-gain=0 frequency=2457 band=2.4ghz-b/g scan-list=default rate-set=default supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps, 54Mbps basic-rates-b=1Mbps basic-rates-a/g=6Mbps max-station-count=2007 ack-timeout=dynamic tx-power-mode=default noise-floor-threshold=default periodic-calibration=default periodic-calibration-interval=60 burst-time=disabled dfs-mode=none antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none wds-default-cost=100 wds-cost-range=50-150 wds-ignore-ssid=no update-stats-interval=disabled default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 proprietary-extensions=post-2.9.25 wmm-support=disabled hide-ssid=no security-profile=default disconnect-timeout=3s on-fail-retry-time=100ms preamble-mode=both compression=no allow-sharedkey=no station-bridge-clone-mac=00:00:00:00:00:00 hw-retries=4 frame-lifetime=0 adaptive-noise-immunity=none hw-fragmentation-threshold=disabled hw-protection-mode=none hw-protection-threshold=0
Next let's look at examples of both types of configuration.
Point to point link configuring example
Assume that we want implement network structure as shown below:
Set configuration on MikroTik_A router:
To set it as access point that allows only one client: mode=bridge. Set up working in IEEE 802.11a standard, using frequency 5180 MHz, set Service Set Identifier test, used default security profile and enable this interface, do the following configuration:
[admin@MikroTik_A] /interface wireless> set 0 mode=bridge ssid=test frequency=5180 band=5ghz /security-profile=default disabled=no
Set configuration on MikroTik_B router:
To set it as client: mode=station, set up working in IEEE 802.11a standard, using the same frequency as on MikroTik_B router – 5180 MHz and the same Service Set Identifier do the following configuration:
[admin@MikroTik_B] /interface wireless> set 0 mode=station ssid=test frequency=5180 band=5ghz /security-profile=default disabled=no
Information about available frequency channels is available by using command info print:
[admin@MikroTik_A] /interface wireless> info print 0 interface-type=Atheros AR5413 chip-info="mac:0xa/0x5, phy:0x61, a5:0x63, a2:0x0, eeprom:0x5003" pci-info="00:0d.0" capabilities=tx-power-control,ack-timeout-control, virtual-ap,alignment-mode,noise-floor- control,scanning,burst-support,nstreme, sniffing,compression,power-channel,wmm default-periodic-calibration=enabled supported-bands=2ghz-b,5ghz,2ghz-g,2ghz-g-turbo,5ghz-10mhz,5ghz-5mhz,2ghz- 10mhz,2ghz-5mhz 2ghz-b-channels=2412:20,2417:20,2422:20,2427:20,2432:20,2437:20,2442:20, 2447:20,2452:20,2457:20,2462:20,2467:20,2472:20 5ghz-channels=5180:20,5185:20,5190:20,5195:20,5200:20,5205:20,5210:20, 5215:20,5220:20,5225:20,5230:20,5235:20,5240:20,5245:20, 5250:20,5255:20,5260:20,5265:20,5270:20,5275:20,5280:20, 5285:20,5290:20,5295:20,5300:20,5305:20,5310:20,5315:20, 5320:20,5500:27,5505:27, 5510:27,5515:27,5520:27,5525:27 …
Set up IP addresses on wireless interface.
MikroTik_A:
[admin@MikroTik_A] > ip address add address=10.0.0.1/30 interface=wlan1
MikroTik_B:
[admin@MikroTik_B] > ip address add address=10.0.0.2/30 interface=wlan1
Set up routing between routers.
MikroTik_A:
[admin@MikroTik_A] > ip route add dst-address=192.168.1.0/24 gateway=10.0.0.1
MikroTik_B:
[admin@MikroTik_B] > ip route add dst-address=192.168.2.0/24 gateway=10.0.0.2
Check and verify your point to point connection:
[admin@MikroTik_B] > ping 10.10.10.1 10.10.10.1 64 byte ping: ttl=64 time=18 ms 10.10.10.1 64 byte ping: ttl=64 time=32 ms 10.10.10.1 64 byte ping: ttl=64 time=17 ms 10.10.10.1 64 byte ping: ttl=64 time=8 ms 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 8/18.7/32 ms [admin@MikroTik_B] > tool traceroute 10.10.10.1 ADDRESS STATUS 1 10.10.10.1 17ms 6ms 10ms [admin@MikroTik_B] >
Point to multipoint configuring example
Assume that we want implement network structure as shown below:
Set configuration on MikroTik_A router:
To set it as access point for multiple clients: mode=ap-bridge. Setting up to work with in IEEE 802.11b/g standards, using frequency 2457 MHz, set Service Set Identifier test, used default security profile and enable this interface, do the following configuration:
[admin@MikroTik_A] /interface wireless> set 0 mode=ap-bridge ssid=test frequency=2457 /band=2.4ghz-b/g security-profile=default disabled=no
Configuration on MikroTik_B router:
To set it as wireless client: mode=station. Setting up to work with in IEEE 802.11b/g standards, using frequency 2457 MHz, set Service Set Identifier test, used default security profile and enable this interface, do the following configuration:
[admin@MikroTik_B] /interface wireless> set 0 mode=station ssid=test frequency=2457 /band=2.4ghz-b/g security-profile=default disabled=no
The same as the previous example, also here IP addresses should be assigned to an interface
MikroTik_A:
[admin@MikroTik_A] > ip address add address=10.0.0.1/24 interface=wlan1
IP addresses in the point-to-multipoint wireless systems are very often assigned dynamically by using DHCP protocol. In this case wireless access point is configured as DHCP server and wireless clients work as DHCP client. Look at configuration example below.
MikroTik_A:
Configuring DHCP pool and server on access point:
[admin@MikroTik_A] /ip pool> add name=wireless ranges=10.0.0.2-10.0.0.254 [admin@MikroTik_A] /ip dhcp-server> add interface=wlan1 address-pool=wireless [admin@MikroTik_A] /ip dhcp-server network> add address=10.0.0.0/24 gateway=10.0.0.1 \ dns-server=4.4.4.4
As we can see, by using DHCP we assign default gateway and DNS server for clients too.
MikroTik_B:
Configuring DHCP client:
[admin@MikroTik_B] /ip dhcp-client> add interface=wlan1 use-peer-dns=yes
Set up default route for client and access point.
MikroTik_B:
[admin@MikroTik_B] /ip route> add dst-address=0.0.0.0/0 gateway=10.0.0.1
MikroTik_A:
admin@MikroTik_A] /ip route> add dst-address=0.0.0.0/0 gateway=87.156.1.1
Last step that you need for accessing on the Internet is implement NAT rule (masquerade) to hide your private network behind the router. You can use NAT to “hide” the private IP addresses behind a single public IP addresses. In this example ether1 is public interface.
MikroTik_A:
[admin@MikroTik_A] /ip firewall nat> add chain=srcnat action=masquerade out-interface=ether1