Association establishment rules on AP

From MikroTik Wiki
Jump to: navigation, search

AP uses the following set of rules to associate clients. AP is checking for the following, whether client is allowed to associate

  • max-station-count value; client is proccessed further if total number of client does not exceed configured value on AP, otherwise client is disconnected.
  • default-authentication; yes or not options are available. 'yes' enables AP to register a client even if it is not in access list, 'no' forces AP to use only entries from 'interface wireless access-list' to register clients.
  • 'interface wireless access-list' entries are used for default authentication=no or if router is consulting RADIUS server database ('radius-mac-authentication' is enabled on the appropriate 'interface wireless security-profile'), then settings from RADIUS server are used to validate client's MAC-address.

Client is preset on 'interface wireless registration-table', then all communications reliable on security-profile configuration.

  • 'security-profile mode=none' or 'static-keys' data is passed between AP and client;
  • 'security-profile mode=dynamic-keys authentication-types=wpa[2]-psk'. preshared keys matching is checked, only then data is passed between AP and client;
  • 'security-profile mode=dynamic-keys authentication-types=wpa[2]-eap'. EAP defined authentication method is processed, if EAP authentication is successfull data is passed between AP and client.