Manual:Interface/Wireless: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
m removed dead link
m Reverted edits by Antonsb (talk) to last revision by Uldis
Line 748: Line 748:
|type= disabled {{!}} push-button {{!}} push-button-virtual-only
|type= disabled {{!}} push-button {{!}} push-button-virtual-only
|default=depending on the device model  
|default=depending on the device model  
|desc=
|desc=[[#WPS Server | <code>Read more >></code>]]
}}
}}



Revision as of 09:10, 14 February 2018

Overview

Standards:
Package: wireless


RouterOS wireless comply with IEEE 802.11 standards, it provides complete support for 802.11a, 802.11b, 802.11g, 802.11n and 802.11ac as long as additional features like WPA, WEP, AES encryption, Wireless Distribution System (WDS), Dynamic Frequency selection (DFS), Virtual Access Point, Nstreme and NV2 proprietary protocols and many more. Wireless features compatibility table for different wireless protocols.

Wireless can operate in several modes: client (station), access point, wireless bridge etc. Client/station also can operate in different modes, a complete list of supported modes can be found here.

General interface properties

Sub-menu: /interface wireless


Property Description
adaptive-noise-immunity (ap-and-client-mode | client-mode | none; Default: none) This property is only effective for cards based on Atheros chipset.
allow-sharedkey (yes | no; Default: no) Allow WEP Shared Key clients to connect. Note that no authentication is done for these clients (WEP Shared keys are not compared to anything) - they are just accepted at once (if access list allows that)
ampdu-priorities (list of integer [0..7]; Default: 0) Frame priorities for which AMPDU sending (aggregating frames and sending using block acknowledgment) should get negotiated and used. Using AMPDUs will increase throughput, but may increase latency, therefore, may not be desirable for real-time traffic (voice, video). Due to this, by default AMPDUs are enabled only for best-effort traffic.
amsdu-limit (integer [0..8192]; Default: 8192) Max AMSDU that device is allowed to prepare when negotiated. AMSDU aggregation may significantly increase throughput especially for small frames, but may increase latency in case of packet loss due to retransmission of aggregated frame. Sending and receiving AMSDUs will also increase CPU usage.
amsdu-threshold (integer [0..8192]; Default: 8192) Max frame size to allow including in AMSDU.
antenna-gain (integer [0..4294967295]; Default: 0) Antenna gain in dBi, used to calculate maximum transmit power according to country regulations.
antenna-mode (ant-a | ant-b | rxa-txb | txa-rxb; Default: ) Select antenna to use for transmitting and for receiving
  • ant-a - use only 'a' antenna
  • ant-b - use only 'b' antenna
  • txa-rxb - use antenna 'a' for transmitting, antenna 'b' for receiving
  • rxa-txb - use antenna 'b' for transmitting, antenna 'a' for receiving
area (string; Default: ) Identifies group of wireless networks. This value is announced by AP, and can be matched in connect-list by area-prefix. This is a proprietary extension.
arp (disabled | enabled | proxy-arp | reply-only; Default: enabled) Read more >>
arp-timeout (auto | integer; Default: auto) ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in /ip settings, default is 30s
band (2ghz-b | 2ghz-b/g | 2ghz-b/g/n | 2ghz-onlyg | 2ghz-onlyn | 5ghz-a | 5ghz-a/n | 5ghz-onlyn | 5ghz-a/n/ac | 5ghz-only-ac; Default: ) Defines set of used data rates, channel frequencies and widths.
basic-rates-a/g (12Mbps | 18Mbps | 24Mbps | 36Mbps | 48Mbps | 54Mbps | 6Mbps | 9Mbps; Default: 6Mbps) Similar to the basic-rates-b property, but used for 5ghz, 5ghz-10mhz, 5ghz-5mhz, 5ghz-turbo, 2.4ghz-b/g, 2.4ghz-onlyg, 2ghz-10mhz, 2ghz-5mhz and 2.4ghz-g-turbo bands.
basic-rates-b (11Mbps | 1Mbps | 2Mbps | 5.5Mbps; Default: 1Mbps) List of basic rates, used for 2.4ghz-b, 2.4ghz-b/g and 2.4ghz-onlyg bands.

Client will connect to AP only if it supports all basic rates announced by the AP. AP will establish WDS link only if it supports all basic rates of the other AP.

This property has effect only in AP modes, and when value of rate-set is configured.
bridge-mode (disabled | enabled; Default: enabled) Allows to use station-bridge mode. Read more >>
burst-time (integer | disabled; Default: disabled) Time in microseconds which will be used to send data without stopping. Note that no other wireless cards in that network will be able to transmit data during burst-time microseconds. This setting is available only for AR5000, AR5001X, and AR5001X+ chipset based cards.
channel-width (20/40/80mhz-Ceee | 20/40/80mhz-eCee | 20/40/80mhz-eeCe | 20/40/80mhz-eeeC | 20/40mhz-Ce | 20/40mhz-eC | 40mhz-turbo | 20mhz | 10mhz | 5mhz; Default: 20mhz) Use of extension channels (e.g. Ce, eC etc) allows additional 20MHz extension channels and if it should be located below or above the control (main) channel. Extension channel allows 802.11n devices to use up to 40MHz (802.11ac up to 80MHz) of spectrum in total thus increasing max throughput.
comment (string; Default: ) Short description of the interface
compression (yes | no; Default: no) Setting this property to yes will allow the use of the hardware compression. Wireless interface must have support for hardware compression. Connections with devices that do not use compression will still work.
country (name of the country | no_country_set; Default: no_country_set) Limits available bands, frequencies and maximum transmit power for each frequency. Also specifies default value of scan-list. Value no_country_set is an FCC compliant set of channels.
default-ap-tx-limit (integer [0..4294967295]; Default: 0) This is the value of ap-tx-limit for clients that do not match any entry in the access-list. 0 means no limit.
default-authentication (yes | no; Default: yes) For AP mode, this is the value of authentication for clients that do not match any entry in the access-list. For station mode, this is the value of connect for APs that do not match any entry in the connect-list
default-client-tx-limit (integer [0..4294967295]; Default: 0) This is the value of client-tx-limit for clients that do not match any entry in the access-list. 0 means no limit
default-forwarding (yes | no; Default: yes) This is the value of forwarding for clients that do not match any entry in the access-list
disable-running-check (yes | no; Default: no) When set to yes interface will always have running flag. If value is set to no', the router determines whether the card is up and running - for AP one or more clients have to be registered to it, for station, it should be connected to an AP.
disabled (yes | no; Default: yes) Whether interface is disabled
disconnect-timeout (time [0s..15s]; Default: 3s) This interval is measured from third sending failure on the lowest data rate. At this point 3 * (hw-retries + 1) frame transmits on the lowest data rate had failed. During disconnect-timeout packet transmission will be retried with on-fail-retry-time interval. If no frame can be transmitted successfully during diconnect-timeout, connection is closed, and this event is logged as "extensive data loss". Successful frame transmission resets this timer.
distance (integer | dynamic | indoors; Default: dynamic) How long to wait for confirmation of unicast frames before considering transmission unsuccessful. Value 'dynamic' causes AP to detect and use smallest timeout that works with all connected clients. Acknowledgments are not used in Nstreme protocol.
frame-lifetime (integer [0..4294967295]; Default: 0) Discard frames that have been queued for sending longer than frame-lifetime. By default, when value of this property is 0, frames are discarded only after connection is closed.
frequency (integer [0..4294967295]; Default: ) Channel frequency value in MHz on which AP will operate.

Allowed values depend on selected band, and are restricted by country setting and wireless card capabilities. This setting has no effect if interface is in any of station modes, or in wds-slave mode, or if DFS is active.

Note: If using mode "superchannel", any frequency supported by the card will be accepted, but on the RouterOS client, any non-standard frequency must be configured in the scan-list, otherwise it will not be scanning in non-standard range. In Winbox, scanlist frequencies are in bold, any other frequency means the clients will need scan-list configured.
frequency-mode (manual-txpower | regulatory-domain | superchannel; Default: manual-txpower) Three frequency modes are available:
  • regulatory-domain - Limit available channels and maximum transmit power for each channel according to the value of country
  • manual-txpower - Same as above, but do not limit maximum transmit power.
  • superchannel - Conformance Testing Mode. Allow all channels supported by the card.
List of available channels for each band can be seen in /interface wireless info allowed-channels. This mode allows you to test wireless channels outside the default scan-list and/or regulatory domain. This mode should only be used in controlled environments, or if you have a special permission to use it in your region. Before v4.3 this was called Custom Frequency Upgrade, or Superchannel. Since RouterOS v4.3 this mode is available without special key upgrades to all installations.
frequency-offset (integer [-2147483648..2147483647]; Default: 0) Allows to specify offset if the used wireless card operates at a different frequency than is shown in RouterOS, in case a frequency converter is used in the card. So if your card works at 4000MHz but RouterOS shows 5000MHz, set offset to 1000MHz and it will be displayed correctly. The value is in MHz and can be positive or negative.
guard-interval (any | long; Default: any) Whether to allow use of short guard interval (refer to 802.11n MCS specification to see how this may affect throughput). "any" will use either short or long, depending on data rate, "long" will use long.
hide-ssid (yes | no; Default: no)
  • yes - AP does not include SSID in the beacon frames, and does not reply to probe requests that have broadcast SSID.
  • no - AP includes SSID in the beacon frames, and replies to probe requests that have broadcast SSID.
This property has effect only in AP mode. Setting it to yes can remove this network from the list of wireless networks that are shown by some client software. Changing this setting does not improve security of the wireless network, because SSID is included in other frames sent by the AP.
ht-basic-mcs (list of (mcs-0 | mcs-1 | mcs-2 | mcs-3 | mcs-4 | mcs-5 | mcs-6 | mcs-7 | mcs-8 | mcs-9 | mcs-10 | mcs-11 | mcs-12 | mcs-13 | mcs-14 | mcs-15 | mcs-16 | mcs-17 | mcs-18 | mcs-19 | mcs-20 | mcs-21 | mcs-22 | mcs-23); Default: mcs-0; mcs-1; mcs-2; mcs-3; mcs-4; mcs-5; mcs-6; mcs-7) Modulation and Coding Schemes that every connecting client must support. Refer to 802.11n for MCS specification.
ht-supported-mcs (list of (mcs-0 | mcs-1 | mcs-2 | mcs-3 | mcs-4 | mcs-5 | mcs-6 | mcs-7 | mcs-8 | mcs-9 | mcs-10 | mcs-11 | mcs-12 | mcs-13 | mcs-14 | mcs-15 | mcs-16 | mcs-17 | mcs-18 | mcs-19 | mcs-20 | mcs-21 | mcs-22 | mcs-23); Default: mcs-0; mcs-1; mcs-2; mcs-3; mcs-4; mcs-5; mcs-6; mcs-7; mcs-8; mcs-9; mcs-10; mcs-11; mcs-12; mcs-13; mcs-14; mcs-15; mcs-16; mcs-17; mcs-18; mcs-19; mcs-20; mcs-21; mcs-22; mcs-23) Modulation and Coding Schemes that this device advertises as supported. Refer to 802.11n for MCS specification.
hw-fragmentation-threshold (integer[256..3000] | disabled; Default: 0) Specifies maximum fragment size in bytes when transmitted over wireless medium. 802.11 standard packet (MSDU in 802.11 terminology) fragmentation allows packets to be fragmented before transmitting over wireless medium to increase probability of successful transmission (only fragments that did not transmit correctly are retransmitted). Note that transmission of fragmented packet is less efficient than transmitting unfragmented packet because of protocol overhead and increased resource usage at both - transmitting and receiving party.
hw-protection-mode (cts-to-self | none | rts-cts; Default: none) Frame protection support property read more >>
hw-protection-threshold (integer [0..65535]; Default: 0) Frame protection support property read more >>
hw-retries (integer [0..15]; Default: 7) Number of times sending frame is retried without considering it a transmission failure. Data rate is decreased upon failure and frame is sent again. Three sequential failures on lowest supported rate suspend transmission to this destination for the duration of on-fail-retry-time. After that, frame is sent again. The frame is being retransmitted until transmission success, or until client is disconnected after disconnect-timeout. Frame can be discarded during this time if frame-lifetime is exceeded.
interworking-profile (enabled | disabled; Default: disabled)
keepalive-frames (enabled | disabled; Default: enabled)
l2mtu (integer [0..65536]; Default: 1600)
mac-address (MAC; Default: )
master-interface (string; Default: ) Name of wireless interface that has virtual-ap capability. Virtual AP interface will only work if master interface is in ap-bridge, bridge or wds-slave mode. This property is only for virtual AP interfaces.
max-station-count (integer [1..2007]; Default: 2007) Maximum number of associated clients. WDS links also count toward this limit.
mode (station | station-wds | ap-bridge | bridge | alignment-only | nstreme-dual-slave | wds-slave | station-pseudobridge | station-pseudobridge-clone | station-bridge; Default: station) Selection between different station and access point (AP) modes.

Station modes:

  • station - Basic station mode. Find and connect to acceptable AP.
  • station-wds - Same as station, but create WDS link with AP, using proprietary extension. AP configuration has to allow WDS links with this device. Note that this mode does not use entries in wds.
  • station-pseudobridge - Same as station, but additionally perform MAC address translation of all traffic. Allows interface to be bridged.
  • station-pseudobridge-clone - Same as station-pseudobridge, but use station-bridge-clone-mac address to connect to AP.

AP modes:

  • ap-bridge - Basic access point mode.
  • bridge - Same as ap-bridge, but limited to one associated client.
  • wds-slave - Same as ap-bridge, but scan for AP with the same ssid and establishes WDS link. If this link is lost or cannot be established, then continue scanning. If dfs-mode is radar-detect, then APs with enabled hide-ssid will not be found during scanning.

Special modes:

  • alignment-only - Put interface in a continuous transmit mode that is used for aiming remote antenna.
  • nstreme-dual-slave - allow this interface to be used in nstreme-dual setup.
MAC address translation in pseudobridge modes works by inspecting packets and building table of corresponding IP and MAC addresses. All packets are sent to AP with the MAC address used by pseudobridge, and MAC addresses of received packets are restored from the address translation table. There is single entry in address translation table for all non-IP packets, hence more than one host in the bridged network cannot reliably use non-IP protocols. Note: Currently IPv6 doesn't work over Pseudobridge
Virtual AP interfaces do not have this property, they follow the mode of their master interface.
mtu (integer [0..65536]; Default: 1500)
multicast-buffering (disabled | enabled; Default: enabled)
multicast-helper (default | disabled | full; Default: default) When set to full multicast packets will be sent with unicast destination MAC address, resolving multicast problem on wireless link. This option should be enabled only on access point, clients should be configured in station-bridge mode. Available starting from v5.15.
  • disabled - disables the helper and sends multicast packets with multicast destination MAC addresses
  • full - all multicast packet mac address are changed to unicast mac addresses prior sending them out
  • default - default choice that currently is set to disabled. Value can be changed in future releases.
name (string; Default: ) name of the interface
noise-floor-threshold (default | integer [-128..127]; Default: default) This property is only effective for cards based on AR5211 chipset.
nv2-cell-radius (integer [10..200]; Default: 30) Setting affects the size of contention time slot that AP allocates for clients to initiate connection and also size of time slots used for estimating distance to client. When setting is too small, clients that are farther away may have trouble connecting and/or disconnect with "ranging timeout" error. Although during normal operation the effect of this setting should be negligible, in order to maintain maximum performance, it is advised to not increase this setting if not necessary, so AP is not reserving time that is actually never used, but instead allocates it for actual data transfer.
  • on AP: distance to farthest client in km
  • on station: no effect
nv2-noise-floor-offset (default | integer [0..20]; Default: default)
nv2-preshared-key (string; Default: )
nv2-qos (default | frame-priority; Default: default) Sets the packet priority mechanism, firstly data from high priority queue is sent, then lower queue priority data until 0 queue priority is reached. When link is full with high priority queue data, lower priority data is not sent. Use it very carefully, setting works on AP
  • frame-priority - manual setting that can be tuned with Mangle rules.
  • default - default setting where small packets receive priority for best latency
nv2-queue-count (integer [2..8]; Default: 2)
nv2-security (disabled | enabled; Default: disabled)
on-fail-retry-time (time [100ms..1s]; Default: 100ms) After third sending failure on the lowest data rate, wait for specified time interval before retrying.
periodic-calibration (default | disabled | enabled; Default: default) Setting default enables periodic calibration if info default-periodic-calibration property is enabled. Value of that property depends on the type of wireless card. This property is only effective for cards based on Atheros chipset.
periodic-calibration-interval (integer [1..10000]; Default: 60) This property is only effective for cards based on Atheros chipset.
preamble-mode (both | long | short; Default: both) Short preamble mode is an option of 802.11b standard that reduces per-frame overhead.
  • On AP:
    • long - Do not use short preamble.
    • short - Announce short preamble capability. Do not accept connections from clients that do not have this capability.
    • both - Announce short preamble capability.
  • On station:
    • long - do not use short preamble.
    • short - do not connect to AP if it does not support short preamble.
    • both - Use short preamble if AP supports it.
prism-cardtype (100mW | 200mW | 30mW; Default: ) Specify type of the installed Prism wireless card.
proprietary-extensions (post-2.9.25 | pre-2.9.25; Default: post-2.9.25) RouterOS includes proprietary information in an information element of management frames. This parameter controls how this information is included.
  • pre-2.9.25 - This is older method. It can interoperate with newer versions of RouterOS. This method is incompatible with some clients, for example, Centrino based ones.
  • post-2.9.25 - This uses standardized way of including vendor specific information, that is compatible with newer wireless clients.
radio-name (string; Default: MAC address of an interface) Descriptive name of the device, that is shown in registration table entries on the remote devices. This is a proprietary extension.
rate-selection (advanced | legacy; Default: advanced) Starting from v5.9 default value is advanced since legacy mode was inefficient.
rate-set (configured | default; Default: default) Two options are available:
  • default - default basic and supported rate sets are used. Values from basic-rates and supported-rates parameters have no effect.
  • configured - use values from basic-rates, supported-rates, basic-mcs, mcs. Read more >>.
rx-chains (list of integer [0..2]; Default: 0) Which antennas to use for receive.
scan-list
(Comma separated list of frequencies and frequency ranges | default. Since v6.35 (wireless-rep) type also support range:step option; Default: default)
The default value is all channels from selected band that are supported by card and allowed by the country and frequency-mode settings (this list can be seen in info). For default scan list in 5ghz band channels are taken with 20MHz step, in 5ghz-turbo band - with 40MHz step, for all other bands - with 5MHz step. If scan-list is specified manually, then all matching channels are taken. (Example: scan-list=default,5200-5245,2412-2427 - This will use the default value of scan list for current band, and add to it supported frequencies from 5200-5245 or 2412-2427 range.)

Since RouterOS v6.0 with Winbox or Webfig, for inputting of multiple frequencies, add each frequency or range of frequencies into separate multiple scan-lists. Using a comma to separate frequencies is no longer supported in Winbox/Webfig since v6.0.

Since RouterOS v6.35 (wireless-rep) scan-list support step feature where it is possible to manually specify the scan step. Example: scan-list=5500-5600:20 will generate such scan-list values 5500,5520,5540,5560,5580,5600
security-profile (string; Default: default) Name of profile from security-profiles
ssid (string (0..32 chars); Default: value of system/identity) SSID (service set identifier) is a name that identifies wireless network.
station-bridge-clone-mac (MAC; Default: ) This property has effect only in the station-pseudobridge-clone mode.

Use this MAC address when connection to AP. If this value is 00:00:00:00:00:00, station will initially use MAC address of the wireless interface.

As soon as packet with MAC address of another device needs to be transmitted, station will reconnect to AP using that address.
station-roaming (disabled | enabled; Default: enabled) Station Roaming feature is available only for 802.11 wireless protocol and only for station modes. Read more >>
supported-rates-a/g (list of rates [12Mbps | 18Mbps | 24Mbps | 36Mbps | 48Mbps | 54Mbps | 6Mbps | 9Mbps]; Default: 6Mbps; 9Mbps; 12Mbps; 18Mbps; 24Mbps; 36Mbps; 48Mbps; 54Mbps) List of supported rates, used for all bands except 2ghz-b.
supported-rates-b (list of rates [11Mbps | 1Mbps | 2Mbps | 5.5Mbps]; Default: 1Mbps; 2Mbps; 5.5Mbps; 11Mbps) List of supported rates, used for 2ghz-b, 2ghz-b/g and 2ghz-b/g/n bands. Two devices will communicate only using rates that are supported by both devices. This property has effect only when value of rate-set is configured.
tdma-period-size (integer [1..10]; Default: 2) Specifies TDMA period in milliseconds. It could help on the longer distance links, it could slightly increase bandwidth, while latency is increased too.
tx-chains (list of integer [0..2]; Default: 0) Which antennas to use for transmit.
tx-power (integer [-30..30]; Default: ) For 802.11ac wireless interface it's total power but for 802.11a/b/g/n it's power per chain.
tx-power-mode (default, card-rates, all-rated-fixed, manual-table; Default: default) sets up tx-power mode for wireless card
  • default - use values stored in the card
  • card-rates - use transmit power as defined by tx-power setting
  • all-rated-fixed - use same transmit power for all data rates. Can damage the card if transmit power is set above rated value of the card for used rate
  • manual-table - define transmit power for each rate separately. Can damage the card if transmit power is set above rated value of the card for used rate.
update-stats-interval (; Default: ) How often to request update of signals strength and ccq values from clients.

Access to registration-table also triggers update of these values.

This is proprietary extension.
vht-basic-mcs (none | MCS 0-7 | MCS 0-8 | MCS 0-9; Default: MCS 0-7) Modulation and Coding Schemes that every connecting client must support. Refer to 802.11ac for MCS specification.

You can set MCS interval for each of Spatial Stream

  • none - will not use selected Spatial Stream
  • MCS 0-7 - client must support MCS-0 to MCS-7
  • MCS 0-8 - client must support MCS-0 to MCS-8
  • MCS 0-9 - client must support MCS-0 to MCS-9
vht-supported-mcs (none | MCS 0-7 | MCS 0-8 | MCS 0-9; Default: MCS 0-9) Modulation and Coding Schemes that this device advertises as supported. Refer to 802.11ac for MCS specification.

You can set MCS interval for each of Spatial Stream

  • none - will not use selected Spatial Stream
  • MCS 0-7 - devices will advertise as supported MCS-0 to MCS-7
  • MCS 0-8 - devices will advertise as supported MCS-0 to MCS-8
  • MCS 0-9 - devices will advertise as supported MCS-0 to MCS-9
wds-cost-range (start [-end] integer[0..4294967295]; Default: 50-150) Bridge port cost of WDS links are automatically adjusted, depending on measured link throughput. Port cost is recalculated and adjusted every 5 seconds if it has changed by more than 10%, or if more than 20 seconds have passed since the last adjustment.

Setting this property to 0 disables automatic cost adjustment.

Automatic adjustment does not work for WDS links that are manually configured as a bridge port.
wds-default-bridge (string | none; Default: none) When WDS link is established and status of the wds interface becomes running, it will be added as a bridge port to the bridge interface specified by this property. When WDS link is lost, wds interface is removed from the bridge. If wds interface is already included in a bridge setup when WDS link becomes active, it will not be added to bridge specified by , and will (needs editing)
wds-default-cost (integer [0..4294967295]; Default: 100) Initial bridge port cost of the WDS links.
wds-ignore-ssid (yes | no; Default: no) By default, WDS link between two APs can be created only when they work on the same frequency and have the same SSID value. If this property is set to yes, then SSID of the remote AP will not be checked. This property has no effect on connections from clients in station-wds mode. It also does not work if wds-mode is static-mesh or dynamic-mesh.
wds-mode (disabled | dynamic | dynamic-mesh | static | static-mesh; Default: disabled) Controls how WDS links with other devices (APs and clients in station-wds mode) are established.
  • disabled does not allow WDS links.
  • static only allows WDS links that are manually configured in wds
  • dynamic also allows WDS links with devices that are not configured in wds, by creating required entries dynamically. Such dynamic WDS entries are removed automatically after the connection with the other AP is lost.
-mesh modes use different (better) method for establishing link between AP, that is not compatible with APs in non-mesh mode. This method avoids one-sided WDS links that are created only by one of the two APs. Such links cannot pass any data.
When AP or station is establishing WDS connection with another AP, it uses connect-list to check whether this connection is allowed. If station in station-wds mode is establishing connection with AP, AP uses access-list to check whether this connection is allowed.
If mode is station-wds, then this property has no effect.
wireless-protocol (802.11 | any | nstreme | nv2 | nv2-nstreme | nv2-nstreme-802.11 | unspecified; Default: unspecified) Specifies protocol used on wireless interface;
  • unspecified - protocol mode used on previous RouterOS versions (v3.x, v4.x). Nstreme is enabled by old enable-nstreme setting, Nv2 configuration is not possible.
  • any : on AP - regular 802.11 Access Point or Nstreme Access Point; on station - selects Access Point without specific sequence, it could be changed by connect-list rules.
  • nstreme - enables Nstreme protocol (the same as old enable-nstreme setting).
  • nv2 - enables Nv2 protocol.
  • nv2 nstreme : on AP - uses first wireless-protocol setting, always Nv2; on station - searches for Nv2 Access Point, then for Nstreme Access Point.
  • nv2 nstreme 802.11 - on AP - uses first wireless-protocol setting, always Nv2; on station - searches for Nv2 Access Point, then for Nstreme Access Point, then for regular 802.11 Access Point.
Warning! Nv2 doesn't have support for Virtual AP
wmm-support (disabled | enabled | required; Default: disabled) Specifies whether to enable WMM.
wps-mode (disabled | push-button | push-button-virtual-only; Default: depending on the device model) Read more >>


Transmit Power representation on 802.11n and 802.11ac

802.11n wireless chipsets represent power per chain and the 802.11ac wireless chipsets represent the total power, for reference see the table below:

Wireless chipset signal level representation
Wireless chipsetEnabled ChainsPower per ChainTotal Power
802.11n1Equal to the selected Tx PowerEqual to the selected Tx Power
802.11n2Equal to the selected Tx Power+3dBm
802.11n3Equal to the selected Tx Power+5dBm
802.11ac1Equal to the selected Tx PowerEqual to the selected Tx Power
802.11ac2-3dBmEqual to the selected Tx Power
802.11ac3-5dBmEqual to the selected Tx Power
802.11ac4-6dBmEqual to the selected Tx Power

Basic and MCS Rate table

Default basic and supported rates, depending on selected band
bandbasic ratesbasic-HT-mcsbasic-VHT-mcsVHT-mcsHT-mcssupported rates
2.4ghz-b1----1-11
2.4ghz-onlyg6----1-11,6-54
2.4ghz-onlyn60-7--0-231-11,6-54
2.4ghz-b/g1-11----1-11,6-54
2.4ghz-b/g/n1-11none--0-231-11,6-54
2.4ghz-g/n6none--0-236-54
2.4ghz-g-turbo6----6-54
5ghz-a6----6-54
5ghz-a/n6none--0-236-54
5ghz-onlyn60-7--0-236-54
5ghz-a/n/ac6nonenone0-90-236-54
5ghz-onlyac6none0-70-90-236-54


Used settings when rate-set=configured

bandused settings
2.4ghz-bbasic-b, supported-b
2.4ghz-b/g, 2.4ghz-onlygbasic-b, supported-b, basic-a/g, supported-a/g
2.4ghz-onlyn, 2.4ghz-b/g/nbasic-b, supported-b, basic-a/g, supported-a/g, ht-basic-mcs, ht-supported-mcs
2.4ghz-g/nbasic-a/g,supported-a/g,ht-basic-mcs,ht-supported-mcs
5ghz-abasic-a/g,supported-a/g
5ghz-a/n, 5ghz-onlynbasic-a/g,supported-a/g,ht-basic-mcs,ht-supported-mcs
5ghz-a/n/ac, 5ghz-onlyacbasic-a/g,supported-a/g,ht-basic-mcs,ht-supported-mcs,vht-basic-mcs,vht-supported-mcs


Settings independent from rate-set:

  1. allowed mcs depending on number of chains:
    • 1 chain: 0-7
    • 2 chains: 0-15
    • 3 chains: 0-23
  2. if standard channel width (20Mhz) is not used, then 2ghz modes (except 2.4ghz-b) are not using b rates (1-11)

Frame protection support (RTS/CTS)

802.11 standard provides means to protect transmission against other device transmission by using RTS/CTS protocol. Frame protection helps to fight "hidden node" problem. There are several types of protection:

  • RTS/CTS based protection - device willing to send frame at first sends RequestToSend frame and waits for ClearToSend frame from intended destination. By "seeing" RTS or CTS frame 802.11 compliant devices know that somebody is about to transmit and therefore do not initiate transmission themselves
  • "CTS to self" based protection - device willing to send frame sends CTS frame "to itself". As in RTS/CTS protocol every 802.11 compliant device receiving this frame know not to transmit. "CTS to self" based protection has less overhead, but it must be taken into account that this only protects against devices receiving CTS frame (e.g. if there are 2 "hidden" stations, there is no use for them to use "CTS to self" protection, because they will not be able to receive CTS sent by other station - in this case stations must use RTS/CTS so that other station knows not to transmit by seeing CTS transmitted by AP).

Protection mode is controlled by hw-protection-mode setting of wireless interface. Possible values: none - for no protection (default), rts-cts for RTS/CTS based protection or cts-to-self for "CTS to self" based protection.

Frame size threshold at which protection should be used is controlled by hw-protection-threshold setting of wireless interface.

For example, to enable "CTS-to-self" based frame protection on AP for all frames, not depending on size, use command:

[admin@MikroTik] /interface wireless> set 0 hw-protection-mode=cts-to-self hw-protection-threshold=0

To enable RTS/CTS based protection on client use command:

[admin@MikroTik] /interface wireless> set 0 hw-protection-mode=rts-cts hw-protection-threshold=0

Nv2

MikroTik has developed a new wireless protocol based on TDMA technology (Time Division Multiple Access) - (Nstreme version 2). See the Nv2 documentation: NV2

TDMA is a channel access method for shared medium networks. It allows several users to share the same frequency channel by dividing the signal into different time slots. The users transmit in rapid succession, one after the other, each using his own time slot. This allows multiple stations to share the same transmission medium (e.g. radio frequency channel) while using only a part of its channel capacity.

The most important benefits of Nv2 are:

  • Increased speed
  • More client connections in PTM environments
  • Lower latency
  • No distance limitations
  • No penalty for long distances

Starting from RouterOS v5.0beta5 you can configure Nv2 in the Wireless menu. Please take a look at the NV2 protocol implementation status. Nv2 protocol limit is 511 clients.

Warning: Nv2 doesn't have support for Virtual AP


Nv2 Troubleshooting

Increase throughput on long distance with tdma-period-size. In Every "period", the Access Point leaves part of the time unused for data transmission (which is equal to round trip time - the time in which the frame can be sent and received from the client), it is used to ensure that client could receive the last frame from Access Point, before sending its own packets to it. The longer the distance, the longer the period is unused.

For example, the distance between Access Point and client is 30km. Frame is sent in 100us one direction, respectively round-trip-time is ~200us. tdma-period-size default value is 2ms, it means 10% of the time is unused. When tdma-period-size is increased to 4ms, only 5% of time is unused. For 60km wireless link, round-trip-time is 400ms, unused time is 20% for default tdma-period-size 2ms, and 10% for 4ms. Bigger tdma-period-size value increases latency on the link.

Access List

Sub-menu: /interface wireless access-list


Access list is used by access point to restrict allowed connections from other devices, and to control connection parameters.

Operation:

  • Access list rules are checked sequentially.
  • Disabled rules are always ignored.
  • Only the first matching rule is applied.
  • If there are no matching rules for the remote connection, then the default values from the wireless interface configuration are used.
  • If remote device is matched by rule that has authentication=no value, the connection from that remote device is rejected.


Warning: If there is no entry in ACL about client which connects to AP (wireless,debug wlan2: A0:0B:BA:D7:4D:B2 not in local ACL, by default accept), then ACL for this client is ignored during all connection time.


For example, if client's signal during connection is -41 and we have ACL rule

/interface wireless access-list
add authentication=yes forwarding=yes interface=wlan2 signal-range=-55..0

Then connection is not matched to any ACL rule and if signal drops to -70..-80, client will not be disconnected.


To make it work correctly it is required that client is matched by any of ACL rules.

If we modify ACL rules in previous example to:

/interface wireless access-list
add interface=wlan2 signal-range=-55
add authentication=no forwarding=no interface=wlan2 signal-range=-120..-56

Then if signal drops to -56, client will be disconnected.


Properties

Property Description
ap-tx-limit (integer [0..4294967295]; Default: 0) Limit rate of data transmission to this client. Value 0 means no limit. Value is in bits per second.
authentication (yes | no; Default: yes)
  • no - Client association will always fail.
  • yes - Use authentication procedure that is specified in the security-profile of the interface.
client-tx-limit (integer [0..4294967295]; Default: 0) Ask client to limit rate of data transmission. Value 0 means no limit.

This is a proprietary extension that is supported by RouterOS clients.

Value is in bits per second.
comment (string; Default: ) Short description of an entry
disabled (yes | no; Default: no)
forwarding (yes | no; Default: yes)
  • no - Client cannot send frames to other station that are connected to same access point.
  • yes - Client can send frames to other stations on the same access point.
interface (string | all; Default: all) Rules with interface=all are used for all wireless interfaces. To make rule that applies only to one wireless interface, specify that interface as a value of this property.
mac-address (MAC; Default: 00:00:00:00:00:00) Rule matches client with the specified MAC address. Value 00:00:00:00:00:00 matches always.
management-protection-key (string; Default: "")
private-algo (104bit-wep | 40bit-wep | aes-ccm | none | tkip; Default: none) Only for WEP modes.
private-key (string; Default: "") Only for WEP modes.
private-pre-shared-key (string; Default: "") Used in WPA PSK mode.
signal-range (NUM..NUM - both NUM are numbers in the range -120..120; Default: -120..120) Rule matches if signal strength of the station is within the range.
If signal strength of the station will go out of the range that is specified in the rule, access point will disconnect that station.
time (TIME-TIME,sun,mon,tue,wed,thu,fri,sat - TIME is time interval 0..86400 seconds; all day names are optional; value can be unset; Default: ) Rule will match only during specified time.

Station will be disconnected after specified time ends. Both start and end time is expressed as time since midnight, 00:00.

Rule will match only during specified days of the week.

Align

Sub-menu: /interface wireless align

Align tool is used to help in alignment devices running this tool.

Property Description
active-mode (yes | no; Default: yes) If in active mode, will send out frames for align.
audio-max (integer [-2147483648..2147483647]; Default: -20) Maxumum signal strength for beeper
audio-min (integer [-2147483648..2147483647]; Default: -100) Minimum signal strength for beeper
audio-monitor (MAC; Default: 00:00:00:00:00:00) Which MAC address to use for audio monitoring
filter-mac (MAC; Default: 00:00:00:00:00:00) Filtered out MAC address that will be shown in monitor screen.
frame-size (integer [200..1500]; Default: 300) Size of the frames used by monitor.
frames-per-second (integer [1..100]; Default: 25) Frame transmit interval
receive-all (yes | no; Default: no) If set to "yes", monitor will find all available devices.
ssid-all (yes | no; Default: no) Whether to show all SSIDs in the monitor or only one configured in wireless settings.

Menu Specific Commands

Property Description
monitor (interface name) Start align monitoring
test-audio (integer [-2147483648..2147483647]) Test the beeper

Connect List

Sub-menu: /interface wireless connect-list


connect-list is used to assign priority and security settings to connections with remote access points, and to restrict allowed connections. connect-list is an ordered list of rules. Each rule in connect-list is attached to specific wireless interface, specified in the interface property of that rule (this is unlike access-list, where rules can apply to all interfaces). Rule can match MAC address of remote access point, it's signal strength and many other parameters.

Operation:

  • connect-list rules are always checked sequentially, starting from the first.
  • disabled rules are always ignored.
  • Only the first matching rule is applied.
  • If connect-list does not have any rule that matches remote access point, then the default values from the wireless interface configuration are used.
  • If access point is matched by rule that has connect=no value, connection with this access point will not be attempted.
  • If access point is matched by rule that has connect=yes value, connection with this access point will be attempted.
    • In station mode, if several remote access points are matched by connect list rules with connect=yes value, connection will be attempted with access point that is matched by rule higher in the connect-list.
    • If no remote access points are matched by connect-list rules with connect=yes value, then value of default-authentication interface property determines whether station will attempt to connect to any access point. If default-authentication=yes, station will choose access point with best signal and compatible security.
  • In access point mode, connect-list is checked before establishing WDS link with remote device. If access point is not matched by any rule in the connect list, then the value of default-authentication determines whether WDS link will be established.


Properties

Property Description
3gpp (string; Default: )
area-prefix (string; Default: ) Rule matches if area value of AP (a proprietary extension) begins with specified value.area value is a proprietary extension.
comment (string; Default: ) Short description of an entry
connect (yes | no; Default: yes) Available options:
  • yes - Connect to access point that matches this rule.
  • no - Do not connect to any access point that matches this rule.
disabled (yes | no; Default: no)
mac-address (MAC; Default: 00:00:00:00:00:00) Rule matches only AP with the specified MAC address. Value 00:00:00:00:00:00 matches always.
security-profile (string | none; Default: none) Name of security profile that is used when connecting to matching access points, If value of this property is none, then security profile specified in the interface configuration will be used. In station mode, rule will match only access points that can support specified security profile. Value none will match access point that supports security profile that is specified in the interface configuration. In access point mode value of this property will not be used to match remote devices.
signal-range (NUM..NUM - both NUM are numbers in the range -120..120; Default: -120..120) Rule matches if signal strength of the access point is within the range. If station establishes connection to access point that is matched by this rule, it will disconnect from that access point when signal strength goes out of the specified range.
ssid (string; Default: "") Rule matches access points that have this SSID. Empty value matches any SSID. This property has effect only when station mode interface ssid is empty, or when access point mode interface has wds-ignore-ssid=yes
wireless-protocol (802.11 | any | nstreme | tdma; Default: any)
interface (string; Default: ) Each rule in connect list applies only to one wireless interface that is specified by this setting.


Usage

Restrict station connections only to specific access points

  • Set value of default-authentication interface property to no.
/interface wireless set station-wlan default-authentication=no
  • Create rules that matches allowed access points. These rules must have connect=yes and interface equal to the name of station wireless interface.
/interface wireless connect-list add interface=station-wlan connect=yes mac-address=00:11:22:33:00:01
/interface wireless connect-list add interface=station-wlan connect=yes mac-address=00:11:22:33:00:02

Disallow connections to specific access points

  • Set value of default-authentication interface property to yes.
/interface wireless set station-wlan default-authentication=yes
  • Create connect=no rules that match those access points that station should not connect to. These rules must have connect=no and interface equal to the name of station wireless interface.
/interface wireless connect-list add interface=station-wlan connect=no mac-address=00:11:22:33:44:55

Select preferred access points

  • Create rules that match preferred access points. These rules must have connect=yes and interface equal to the name of station wireless interface.
  • Put rules that match preferred access points higher in the connect-list, in the order of preference.

Restrict WDS link establishment

  • Place rules that match allowed access points at the top.
  • Add deny-all rule at the end of connect list.

Info

Sub-menu: /interface wireless info


Property Description
2ghz-10mhz-power-channels ()
2ghz-11n-channels ()
2ghz-5mhz-power-channels ()
2ghz-b-channels ()
2ghz-g-channels ()
2ghz-g-turbo-channels ()
5ghz-10mhz-power-channels ()
5ghz-11n-channels ()
5ghz-5mhz-power-channels ()
5ghz-channels ()
5ghz-turbo-channels ()
capabilities ()
chip-info ()
default-periodic-calibration ()
firmware ()
ht-chains ()
interface-type ()
name ()
pci-info ()
supported-bands ()

Manual TX Power Table

Sub-menu: /interface wireless manual-tx-power-table


Property Description
comment (string; Default: ) Short description of an entry
manual-tx-powers (list of [Rate:TxPower];

Rate ::= 11Mbps | 12Mbps | 18Mbps | 1Mbps | 24Mbps | ...

TxPower ::= integer [-30..30]
; Default: )
name (string) Name of the wireless interface to which tx powers will be applied.

Wireless hardware table

Warning: You must follow to regulatory domain requirements in your country. If you are allowed to use other frequencies, note that Antenna Gain and Transmit Power may decrease depending on board and frequency. Devices are calibrated only for regulatory frequencies, use non standard frequencies at your own risk. The list only specifies frequencies accepted by the wireless chip, these frequencies might not always work due to antenna that is built into the product, device design, filters and other factors. USE STRICTLY AT YOUR OWN RISK


Integrated wireless interface frequency table
Board nameWireless interfacesFrequency range [MHz]
2011UAS-2HnD12312-2732
751G-2HnD12200-2700
751U-2HnD12200-2700
911-2Hn12312-2732
911-5HacD14920-6100
911-5Hn14920-6100
911-5HnD14920-6100
911G-2HPnD12312-2732
911G-5HPacD /-NB /-QRT14920-6100
911G-5HPnD /-QRT14920-6100
912UAG-2HPnD /-OUT12312-2732
912UAG-5HPnD /-OUT14920-6100
921GS-5HPacD-15S /-19S14920-6100
921UAGS-5SHPacD-NM14920-6100
921UAGS-5SHPacT-NM14920-6100
922UAGS-5HPacD /-NM14920-6100
922UAGS-5HPacT /-NM14920-6100
941-2nD /-TC12312-2732
951G-2HnD12312-2732
951Ui-2HnD12312-2732
951Ui-2nD12312-2732
952Ui-5ac2nD /-TC22312-2732,4920-6100
953GS-5HnT /-RP14920-6100
962UiGS-5HacT2HnT22312-2732,4920-6100
cAP2n12312-2732
cAP2nD12312-2732
cAPL-2nD12312-2732
CRS109-8G-1S-2HnD-IN12312-2732
CRS125-24G-1S-2HnD-IN12312-2732
Disc-5nD14920-6100
DynaDishG-5HacD14920-6100
Groove52HPn14920-6100,2312-2732
GrooveA-52HPn14920-6100,2312-2732
GrooveG-52HPacn14920-6100,2312-2732
GrooveGA-52HPacn14920-6100,2312-2732
LDF-5nD14920-6100
LHG-5nD14920-6100
mAP2n12312-2732
mAP2nD12312-2732
mAPL-2nD12312-2732
Metal2SHPn12200-2700
Metal5SHPn14800-6100
Metal9HPn1902-928
MetalG-52SHPacn14920-6100,2312-2732
OmniTikG-5HacD14920-6100
OmniTikPG-5HacD14920-6100
OmniTIKU-5HnD14800-6100
OmniTIKUPA-5HnD14800-6100
QRTG-2SHPnD12312-2732
SEXTANTG-5HPnD14920-6100
SXT2nDr212312-2732
SXT5HacD2n22312-2732,4920-6100
SXT5HPnDr214920-6100
SXT5nDr214920-6100
SXTG-2HnD12200-2700
SXTG-2HnDr212300-2700
SXTG-5HPacD14920-6100
SXTG-5HPacD-HG /-SA14920-6100
SXTG-5HPnD-HGr2 /-SAr214920-6100
SXTG-6HPnD15500-6500
wAP2nD /-BE12312-2732
wAPG-5HacT2HnD /-BE22312-2732,4920-6100
R11e-2HnD12312-2732
R11e-2HPnD12312-2732
R11e-5HacD14920-6100
R11e-5HacT14920-6100
R11e-5HnD14920-6100
R2SHPn12200-2700
R52H14920-6100,2192-2507
R52HnD14800-6100,2200-2700
R52nM14800-6100,2200-2700
R5SHPn14800-6100

Nstreme

Sub-menu: /interface wireless nstreme


This menu allows to switch a wireless card to the nstreme mode. In this case the card will work only with nstreme clients.


Property Description
comment (string; Default: ) Short description of an entry
disable-csma (yes | no; Default: no) Disable CSMA/CA when polling is used (better performance)
enable-nstreme (yes | no; Default: no) Whether to switch the card into the nstreme mode
enable-polling (yes | no; Default: yes) Whether to use polling for clients
framer-limit (integer [100..4000]; Default: 3200) Maximal frame size
framer-policy (best-fit | dynamic-size | exact-size | none; Default: none) The method how to combine frames. A number of frames may be combined into a bigger one to reduce the amount of protocol overhead (and thus increase speed). The card is not waiting for frames, but in case a number of packets are queued for transmitting, they can be combined. There are several methods of framing:
  • none - do nothing special, do not combine packets (framing is disabled)
  • best-fit - put as many packets as possible in one frame, until the framer-limit limit is met, but do not fragment packets
  • exact-size - put as many packets as possible in one frame, until the framer-limit limit is met, even if fragmentation will be needed (best performance)
  • dynamic-size - choose the best frame size dynamically
name (string) Name of an interface, to which setting will be applied. Read only.


Note: The settings here (except for enabling nstreme) are relevant only on Access Point, they are ignored for client devices! The client automatically adapts to the AP settings.
WDS for Nstreme protocol requires using station-wds mode on one of the peers. Configurations with WDS between AP modes (bridge and ap-bridge) will not work.


Nstreme Dual

Sub-menu: /interface wireless nstreme-dual


Two radios in nstreme-dual-slave mode can be grouped together to make nstreme2 Point-to-Point connection. To put wireless interfaces into a nstreme2 group, you should set their mode to nstreme-dual-slave. Many parameters from /interface wireless menu are ignored, using the nstreme2, except:

  • frequency-mode
  • country
  • antenna-gain
  • tx-power
  • tx-power-mode
  • antenna-mode


{{Mr-arg-table |arg=rates-a/g |type=list of rates [6Mbps,9Mbps, 12Mbps, 18Mbps, 24Mbps, 36Mbps, 48Mbp
Property Description
arp (disabled | enabled | proxy-arp | reply-only; Default: enabled) Read more >>
comment (string; Default: ) Short description of an entry
disable-csma (yes | no; Default: no) Disable CSMA/CA (better performance)
disable-running-check (yes | no; Default: no) Whether the interface should always be treated as running even if there is no connection to a remote peer
disabled (yes | no; Default: yes)
framer-limit (integer [64..4000]; Default: 2560) Maximal frame size
framer-policy (best-fit | exact-size | none; Default: none) The method how to combine frames. A number of frames may be combined into one bigger one to reduce the amout of protocol overhead (and thus increase speed). The card are not waiting for frames, but in case a number packets are queued for transmitting, they can be combined. There are several methods of framing:
  • none - do nothing special, do not combine packets
  • best-fit - put as much packets as possible in one frame, until the framer-limit limit is met, but do not fragment packets
  • exact-size - put as much packets as possible in one frame, until the framer-limit limit is met, even if fragmentation will be needed (best performance)
ht-channel-width (2040mhz | 20mhz | 40mhz; Default: 20mhz)
ht-guard-interval (both | long | short; Default: long)
ht-rates (list of rates [1,2,3,4,5,6,7,8]; Default: 1,2,3,4,5,6,7,8)
ht-streams (both | double | single; Default: single)
l2mtu (integer [0..65536]; Default: )
mtu (integer [0..65536]; Default: 1500)
name (string; Default: ) Name of an entry