Testwiki/MikroTik Wireless Networks: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
 
mNo edit summary
Line 3: Line 3:
=MikroTik Wireless Networks=
=MikroTik Wireless Networks=


In this chapter will be covered wireless LAN technologies, basic wireless network parameters, standards and instructions how to set up basic MiktroTik wireless on MikroTik routers.   
This chapter covers wireless LAN technologies, basic wireless network parameters, standards and instructions how to set up basic MiktroTik wireless on MikroTik routers.   


Wireless communication uses radio frequencies (RFs). Antenna receives signal from transmitter (router wireless card) and radiates RFs into the air. Next figure 5.1 shows simple Point-to-point wireless network topology.
Wireless communication uses radio frequencies (RFs). Antenna receives signal from transmitter (router wireless card) and radiates RFs into the air. Next figure 5.1 shows simple Point-to-point wireless network topology.

Revision as of 11:49, 22 September 2010

MikroTik Wireless Networks

This chapter covers wireless LAN technologies, basic wireless network parameters, standards and instructions how to set up basic MiktroTik wireless on MikroTik routers.

Wireless communication uses radio frequencies (RFs). Antenna receives signal from transmitter (router wireless card) and radiates RFs into the air. Next figure 5.1 shows simple Point-to-point wireless network topology.

File:Image5001.gif

Radio waves are influenced by different factors like frequency (wave length), other radiation sources with the same frequency and propagation environment from one point on the Earth to another. Waves can be absorbed, refracted, scattered from different kind of obstruction or reflected by walls, water and metal surfaces, as result we receive low strength signal.

When we speak about wireless technologies we need to remember some basic principles:

  • We can get greater transmit distance by increasing the transmit power of wireless router (wireless card). It must be done carefully.
  • We can get greater transmit distance by choosing antenna with greater gain.
  • By using higher frequencies, we can achieve higher data rates but unfortunately decreases transmit distance and vice versa if we use lower frequency we got greater transmit distance but at lower data rate.

The 802.11 standards

Wireless networks are standardized by the Institute of Electrical and Electronics Engineers (IEEE). IEEE 802.11 is a set of standards for implement wireless local area networks (WLANs) in the 2,4 and 5Ghz frequencies band. Also important fact is that these frequencies by 802.11 specifications were developed as unlicensed in most countries that ensure the user freedom to install devices that support these standards and operate without any licensing. But I want mention here that these frequencies (2,4 and 5Ghz) is unlicensed, but output power (radiation power from antenna) is limited in most countries.

WiFi Alliance grants certification for interoperability among 802.11 products offered by various vendors.

There are several accepted operational standards and drafts created by IEEE. Let’s take a look at some of the most widely used standards that is supported also by MikroTik routers.

802.11a

The IEEE ratified the 802.11a standard in 1999 at the same time when 802.11b, but the first products with 802.11a support appearing on the market at 2001. 802.11a operates in the 5 GHz band with maximum bandwidth up to 54 Mbps and includes 12 non-overlapping frequency channels separated by 20MHz that allow you implement three access points in the same wireless area without any interference. (looks for information about frequency channels later in this chapter).

At the physical layer data signal is modulated using Orthogonal frequency-division multiplexing (OFDM) modulation. 802.11a use 802.11a products also support different data rates and allow data rate shifting at 54Mbps, 48Mbps, 36Mbps, 24Mbps, 18Mbps, 12Mbps 9Mbps and 6Mbps. Data rate shifting means that data rate is selected dynamically depending on how far you are from the access point and this rate shifting happens without losing connection and no interaction from the user. Remember that greater data rate means lower operation distance.

The higher frequency means lower operation distance like 802.11b/g (that operate on 2.4GHz band) and higher frequency also means 802.11a signals have more difficulty penetrating walls and other obstructions. Such as 802.11a operates in the 5Ghz radio band it is immune to interference from device that operate in the 2,4Ghz band, like microwave ovens, Bluetooth and other access points that operate in the 2.4 Ghz radio band.


802.11b

IEEE expanded on the original 802.11 standard in July 1999, creating the 802.11b specification. 802.11a operates in the 2,4GHz band with a maximum bandwidth up to 11 Mbps, comparable to traditional Ethernet and includes only 14 frequencies channels with 3 non-overlapping channels. It was the most widely wireless standard until 802.11g has ratified. 802.11g also uses 2,4Ghz radio band but supports maximum data rate 54Mbps. At the physical layer data signal is modulated using direct-sequence spread spectrum (DSSS) modulation.

The same radio frequency and modulation type of 802.11b and 802.11g allow them to interoperate. For example, end user equipped with an 802.11b radio card will be able to connect with an 802.11g access point.

Similar to the 802.11a, all 802.11b products support data rate shifting while moving. These standards allow operate at 11Mbps, 5,5Mbps, 2Mbps and 1Mbps data rate.

This lower frequency compared to 802.11a provides higher operation the range (distance) of 802.11b networks.

802.11g

The 802.11g standard was ratified in 2003 and backward compatible with 802.11b. As I mentioned previously 802.11g standard provides the same maximum data rate as 802.11a – 54Mbps, but it operates in the 2,4Ghz the same as 802.11b and include the same non-overlapping channels as 802.11b. 802.11g products can be combined with 802.11b devices in the same network. 802.11g is backwards compatible with 802.11b, meaning that 802.11g access points will work with 802.11b wireless network adapters and vice versa. This standard supports to types of modulation at the physical layer DSSS and OFDM. Device that uses 802.11g standard for communication uses OFDM modulation for better performance, but when 802.11g user are connecting at the access point that operate at the 802.11b standard, they actually use the same modulation 802.11b does (DSSS).

802.11n

One of newer IEEE standard is 802.11n. It was designed to improve on 802.11g in the amount of bandwidth supported by adding MIMO (Multiple-Input Multiple-Output) technology that uses multiple transmitter and receiver antennas instead of one to increase data throughput. Maximal data rate may be even several hundred Mbps. At the physical layer data signal is modulated using OFDM modulation. 802.11n also offers somewhat better range over earlier Wi-Fi standards due to its increased signal intensity.

Channels and frequencies

802.11b/g channels in 2.4 GHz band.

Fourteen channels are defined in the IEEE 802.11b/g channel set. Each channel as transmitted is 22 MHz wide, however, the channel center separation is only 5 MHz as you can see in Figure 5.2.

File:Image5002.gif

For example the 2.412–2.484 GHz band is divided into 14 channels each of width 22 MHz with channel 1 centered on 2.412 GHz and 13 on 2.472 GHz to which Japan adds a 14th channel 12 MHz above channel 13.

Only three non-overlapping (non-interfering) channels are here possible (1, 6, and 11). As you can see channels overlap and signals from neighboring channels can interfere with each other, it is very important when you implement wireless network with several access points (multi-access point environment such as an office, hotel or campus) in the same area. Access points are usually deployed in "cellular" fashion and adjacent access points are allocated non-overlapping channels.

Availability of channels is regulated by country, not all channels are allowed in all countries dependent on how each country allocates radio spectrum to various services. For example, Japan permits the use of all 14 channels, while European model allows channels from 1 through 13) and North America allows channels from 1 to 11.


802.11a channels in 5 Ghz band

802.11a is a wireless LAN standard operating at 5 GHz carrier frequency in 3 unlicensed bands:

  • 5.15 - 5.25 GHz (4 channels of 20 MHz)
  • 5.25 - 5.35 GHz (4 channels of 20 MHz)
  • 5.725 - 5.825 GHz (4 channels of 20 MHz)


File:Image5003.gif

These non-overlapping channels are spaced at 20 MHz apart and are considered non-interfering. Figure 11.3 shows the channel scheme for the 802.11a bands.


Wireless networks parameters

MikroTik RouterOS provides a complete support for IEEE 802.11a, 802.11b and 802.11g and now also for 802.11n wireless networking standards. There are several important parameters which should be always configured when implementing wireless networks.

SSID – Service Set Identifier is a name that identifies a particular 802.11 wireless network. Access point sends broadcast massage with SSID name and all clients receives broadcast messages. The client device can then select the network with which to associate.

Band – Frequency band, in which wireless router works (what IEEE standard it will use).

Frequency – Channel frequency on which access point will operate

Mode – Wireless router operating mode. MikroTik support several operating modes for different kind of wireless networks, but three basic modes are:

  • AP-bridge – basic access point mode
  • Station – work as client, find and connect to acceptable access point
  • Bridge – Same as “AP-bridge”, but limited to one associated client.

Security profile – There are several basic security elements that can be used, such as open or shared-key authentication, static Wired Equivalency Protocol (WEP), and optional MAC authentication, but none of these don’t provide serious data security solution, therefore is implemented more sophisticated security methods. Open authentication only check if correct SSID is on both devices that connect through wireless. Shared-key authentication means that client and access point share the same key. Access point send the client device test packet that the client must then encrypt with the correct Wired Equivalency Protocol (WEP) key and return it to access point. Without the correct key client authentication to access point will be failed. MAC address authentication means that client MAC addresses are registered in the access point and clients with proper MAC address can access to them.

World is complicated and these previously named security solutions not always is provide sufficient security level.

Today is developed more advanced security mechanisms such as Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2), which provide access control per user, per session and can be used together with various encryption protocols such as Temporal Key Integrity Protocol (TKIP) or AES (Advanced Encryption Standard).


Configuring Wireless interface

Before we start configuration we decide what kind of wireless network we want to introduce. If we don’t look at some advanced wireless network configurations, like Wireless distribution systems (WDS), and wireless mesh we have two basic configurations:

  • Point to point (PTP) – to introduce this kind of link one end-point works as Bridge (mode=bridge) and another as station (mode-station).


Icon-note.png

Note: Remember that station work as client what find and connect to acceptable access point, whereas bridge works as simple access point but limited to one associated client.


  • Point to Multipoint (PMP-system) – one end-point should work as access point (mode=ap-bridge) by which connect others end-points that work as stations.


Next we can check how much wireless interface we have and what kind of IEEE protocol it supports. MikroTik RouterOS supports various types of Atheros chipset based wireless cards.

[admin@MikroTik_A] /interface wireless> print 
Flags: X - disabled, R - running 
 0 X  name="wlan1" mtu=1500 mac-address=00:0C:42:1F:88:68 arp=enabled 
      interface-type=Atheros AR5413 mode=bridgessid="MikroTik" 
      frequency=2457 band=2.4ghz-b/g</u> scan-list=default antenna-mode=ant-a 
      wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no 
      default-authentication=yes default-forwarding=yes 
      default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no security-profile=default 
      compression=no 

 

 1 X  name="wlan2" mtu=1500 mac-address=00:0C:42:1F:9F:FD arp=enabled 
      interface-type=Atheros AR5413 mode=station ssid="MikroTik" 
      frequency=5180 band=5ghz scan-list=default antenna-mode=ant-a 
      wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no 
	  default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 
	  default-client-tx-limit=0 hide-ssid=no security-profile=default 
      compression=no

Here you can see most important wireless interface parameters, like mode, SSID, band, frequency, used security profile name etc.


Using command print advanced you can obtain more detailed information:

[admin@MikroTik_A] /interface wireless> print advanced 
Flags: X - disabled, R - running 
 0 X name="wlan1" mtu=1500 mac-address=00:0C:42:1F:88:68 arp=enabled 
      disable-running-check=no interface-type=Atheros AR5413 
      radio-name="000C421F8868" mode=bridge ssid="MikroTik" area="" 
      frequency-mode=regulatory-domain country=latvia antenna-gain=0 
      frequency=2457 band=2.4ghz-b/g scan-list=default rate-set=default 
      supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps 
      supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,
                          54Mbps 
      basic-rates-b=1Mbps basic-rates-a/g=6Mbps max-station-count=2007 
      ack-timeout=dynamic tx-power-mode=default noise-floor-threshold=default 
      periodic-calibration=default periodic-calibration-interval=60 
      burst-time=disabled dfs-mode=none antenna-mode=ant-a wds-mode=disabled 
      wds-default-bridge=none wds-default-cost=100 wds-cost-range=50-150 
      wds-ignore-ssid=no update-stats-interval=disabled 
      default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 
      default-client-tx-limit=0 proprietary-extensions=post-2.9.25 
      wmm-support=disabled hide-ssid=no security-profile=default 
      disconnect-timeout=3s on-fail-retry-time=100ms preamble-mode=both 
      compression=no allow-sharedkey=no 
      station-bridge-clone-mac=00:00:00:00:00:00 hw-retries=4 
      frame-lifetime=0 adaptive-noise-immunity=none 
      hw-fragmentation-threshold=disabled hw-protection-mode=none 
      hw-protection-threshold=0

Next let's look at examples of both types of configuration.

Point to point link configuring example

Assume that we want implement network structure as shown below:

File:Image5004.gif


Set configuration on MikroTik_A router:

To set it as access point that allows only one client: mode=bridge. Set up working in IEEE 802.11a standard, using frequency 5180 MHz, set Service Set Identifier test, used default security profile and enable this interface, do the following configuration:

[admin@MikroTik_A] /interface wireless> set 0 mode=bridge ssid=test frequency=5180 band=5ghz 
/security-profile=default disabled=no


Set configuration on MikroTik_B router:

To set it as client: mode=station, set up working in IEEE 802.11a standard, using the same frequency as on MikroTik_B router – 5180 MHz and the same Service Set Identifier do the following configuration:

[admin@MikroTik_B] /interface wireless> set 0 mode=station ssid=test frequency=5180 band=5ghz 
/security-profile=default disabled=no


Information about available frequency channels is available by using command info print:

[admin@MikroTik_A] /interface wireless> info print 
 0 interface-type=Atheros AR5413 
   chip-info="mac:0xa/0x5, phy:0x61, a5:0x63, a2:0x0, eeprom:0x5003" 
   pci-info="00:0d.0" capabilities=tx-power-control,ack-timeout-control,
                                   virtual-ap,alignment-mode,noise-floor-
                                   control,scanning,burst-support,nstreme,
                                   sniffing,compression,power-channel,wmm 
   default-periodic-calibration=enabled 
   supported-bands=2ghz-b,5ghz,2ghz-g,2ghz-g-turbo,5ghz-10mhz,5ghz-5mhz,2ghz-
                   10mhz,2ghz-5mhz 
   2ghz-b-channels=2412:20,2417:20,2422:20,2427:20,2432:20,2437:20,2442:20,
                   2447:20,2452:20,2457:20,2462:20,2467:20,2472:20 
   5ghz-channels=5180:20,5185:20,5190:20,5195:20,5200:20,5205:20,5210:20,
                 5215:20,5220:20,5225:20,5230:20,5235:20,5240:20,5245:20,
                 5250:20,5255:20,5260:20,5265:20,5270:20,5275:20,5280:20,
                 5285:20,5290:20,5295:20,5300:20,5305:20,5310:20,5315:20,
                 5320:20,5500:27,5505:27, 5510:27,5515:27,5520:27,5525:27
…


Set up IP addresses on wireless interface.

MikroTik_A:

[admin@MikroTik_A] > ip address add address=10.0.0.1/30 interface=wlan1  

MikroTik_B:

[admin@MikroTik_B] > ip address add address=10.0.0.2/30 interface=wlan1  


Set up routing between routers.

MikroTik_A:

[admin@MikroTik_A] > ip route add dst-address=192.168.1.0/24 gateway=10.0.0.1

MikroTik_B:

[admin@MikroTik_B] > ip route add dst-address=192.168.2.0/24 gateway=10.0.0.2


Check and verify your point to point connection:

[admin@MikroTik_B] > ping 10.10.10.1          
10.10.10.1 64 byte ping: ttl=64 time=18 ms
10.10.10.1 64 byte ping: ttl=64 time=32 ms
10.10.10.1 64 byte ping: ttl=64 time=17 ms
10.10.10.1 64 byte ping: ttl=64 time=8 ms
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 8/18.7/32 ms
[admin@MikroTik_B] > tool traceroute 10.10.10.1
     ADDRESS                                    STATUS
   1         10.10.10.1 17ms 6ms 10ms 
[admin@MikroTik_B] >


Point to multipoint configuring example

Assume that we want implement network structure as shown below:

File:Image5005.gif

Set configuration on MikroTik_A router:

To set it as access point for multiple clients: mode=ap-bridge. Setting up to work with in IEEE 802.11b/g standards, using frequency 2457 MHz, set Service Set Identifier test, used default security profile and enable this interface, do the following configuration:

[admin@MikroTik_A] /interface wireless> set 0 mode=ap-bridge ssid=test frequency=2457 
/band=2.4ghz-b/g security-profile=default disabled=no


Configuration on MikroTik_B router:

To set it as wireless client: mode=station. Setting up to work with in IEEE 802.11b/g standards, using frequency 2457 MHz, set Service Set Identifier test, used default security profile and enable this interface, do the following configuration:

[admin@MikroTik_B] /interface wireless> set 0 mode=station ssid=test frequency=2457 
/band=2.4ghz-b/g security-profile=default disabled=no


The same as the previous example, also here IP addresses should be assigned to an interface


MikroTik_A:

[admin@MikroTik_A] > ip address add address=10.0.0.1/24 interface=wlan1  

IP addresses in the point-to-multipoint wireless systems are very often assigned dynamically by using DHCP protocol. In this case wireless access point is configured as DHCP server and wireless clients work as DHCP client. Look at configuration example below.


MikroTik_A:

Configuring DHCP pool and server on access point:

[admin@MikroTik_A] /ip pool> add name=wireless ranges=10.0.0.2-10.0.0.254
[admin@MikroTik_A] /ip dhcp-server> add interface=wlan1 address-pool=wireless
[admin@MikroTik_A] /ip dhcp-server network> add address=10.0.0.0/24 gateway=10.0.0.1 \
dns-server=4.4.4.4

As we can see, by using DHCP we assign default gateway and DNS server for clients too.


MikroTik_B:

Configuring DHCP client:

[admin@MikroTik_B]  /ip dhcp-client> add interface=wlan1 use-peer-dns=yes


Set up default route for client and access point.


MikroTik_B:

[admin@MikroTik_B] /ip route> add dst-address=0.0.0.0/0 gateway=10.0.0.1


MikroTik_A:

admin@MikroTik_A] /ip route> add dst-address=0.0.0.0/0 gateway=87.156.1.1


Last step that you need for accessing on the Internet is implement NAT rule (masquerade) to hide your private network behind the router. You can use NAT to “hide” the private IP addresses behind a single public IP addresses. In this example ether1 is public interface.


MikroTik_A:

[admin@MikroTik_A] /ip firewall nat> add chain=srcnat action=masquerade out-interface=ether1