Association establishment rules on AP

From MikroTik Wiki
Jump to navigation Jump to search

AP uses the following set of rules to associate clients. AP is checking for the following, whether client is allowed to associate

  • max-station-count value; client is proccessed further if total number of client does not exceed configured value on AP, otherwise client is disconnected.
  • default-authentication; yes or not options are available. 'yes' enables AP to register a client even if it is not in access list, 'no' forces AP to use only entries from 'interface wireless access-list' to register clients.
  • 'interface wireless access-list' entries are used for default authentication=no or if router is consulting RADIUS server database ('radius-mac-authentication' is enabled on the appropriate 'interface wireless security-profile'), then settings from RADIUS server are used to validate client's MAC-address.

Client is preset on 'interface wireless registration-table', then all communications reliable on security-profile configuration.

  • 'security-profile mode=none' or 'static-keys' data is passed between AP and client;
  • 'security-profile mode=dynamic-keys authentication-types=wpa[2]-psk'. preshared keys matching is checked, only then data is passed between AP and client;
  • 'security-profile mode=dynamic-keys authentication-types=wpa[2]-eap'. EAP defined authentication method is processed, if EAP authentication is successfull data is passed between AP and client.