2018-08-28

Bonjour tous,

Êtes-vous curieux de savoir comment on peut se connecter au Wi-Fi d’un hôtel, par exemple, et offrir un réseau Wi-Fi sécurisé à votre cellulaire et laptop en même temps? Est-ce compliqué?

Dans un post sur le forum de MikroTik, quelqu’un affirmait que pour pouvoir être client (station)  et AP Wi-Fi, pour répondre à la question initiale, il fallait un routeur avec deux cartes réseaux ou deux routeurs reliés ensembles. FAUX! Le plus petit hAP lite fera l’affaire amplement avec une ou plusieurs VAPs (Virtual Access Point)! Voici comment.

————————————————————————————-

/interface wireless
###BASIC WLAN1 SETUP. BOGUS SECURITY PROFILE TO PREVENT ROUTER FROM CONNECTING TO ANY “OPEN” WI-FI. NOTE ALSO EMPTY SSID.
set [ find default-name=wlan1 ] antenna-gain=1 band=2ghz-onlyn country=canada \
    default-forwarding=no disabled=no distance=indoors frequency=auto \
    frequency-mode=regulatory-domain radio-name=mAP-Alain security-profile=\
    Bidon ssid=”” wireless-protocol=802.11

###VAP HERE. VAP BROADCASTS HOME SSID WITH SAME SECURITY PROFILE. WE DON’T HAVE TO RECONFIGURE OUR DEVICES WHILE ON THE ROAD.

add disabled=no keepalive-frames=disabled mac-address=4E:5E:0C:6C:64:0C \
    master-interface=wlan1 multicast-buffering=disabled name=[b]wlan2 [/b]\
    security-profile=MAISON ssid=DSWLAN wds-cost-range=0 wds-default-cost=0 \
    wps-mode=disabled

###CONNECT LISTS TO SPECIFY SSIDs TO CONNECT AND SECURITY PROFILES TO USE
/interface wireless connect-list
add comment=”Park Lane Inn & Suites” interface=wlan1 security-profile=default ssid=Park_Lane_Guest_WiFi wireless-protocol=802.11
add comment=”Country Inn Lexington VA” interface=wlan1 security-profile=default ssid=country wireless-protocol=802.11
add comment=”Grand Times Hotel” interface=wlan1 security-profile=times ssid=Times wireless-protocol=802.11
ETC.

###
###VAP AND ONE ETHERNET ARE ON LAN BRIDGE. PRETTY STANDARD SETUP FROM THERE
###
/interface bridge
add admin-mac=4C:5E:0C:6C:64:0B auto-mac=no name=LAN

/interface bridge port
add bridge=LAN interface=ether2
add bridge=LAN interface=wlan2

/ip address
add address=192.168.255.1/24 comment=LAN interface=LAN network=192.168.255.0

/ip dhcp-client
add comment=”default configuration” default-route-distance=5 dhcp-options= hostname,clientid disabled=no interface=wlan1
add comment=”default configuration” default-route-distance=5 dhcp-options=hostname,clientid disabled=no interface=ether1

/ip pool
add name=pool-LAN ranges=192.168.255.10-192.168.255.254

/ip dhcp-server
add address-pool=pool-LAN disabled=no interface=LAN name=dhcp-LAN

/ip dhcp-server network
add address=192.168.255.0/24 comment=LAN dns-server=192.168.255.1 gateway=192.168.255.1

###
FIREWAL FILTERS, NAT, ROUTING AND OTHER PARAMETERS OMITTED FOR SIMPLICITY’S SAKE
###

————————————————————————————-

Ce qu’il faut comprendre, c’est que la carte Wi-Fi bascule rapidement entre les modes STA (la carte physique dans notre exemple) et AP (la carte virtuelle) pour combler les deux rôles. Il faut aussi comprendre que l’interface virtuelle utilise obligatoirement le même protocole 802.11 (a, b, g, n, ac ou toute combinaison supportée) et la même fréquence que la carte physique. Impossible de faire autrement. Finalement, les VAP ne sont pas supportées en NV2 et Nstreme, seulement en 802.11.

Attention! MikroTik supporte un maximum de 127 VAPs, mais aller au-delà de 3 ou 4 (gros max) serait de causer de grosses limitations de performance sur le réseau Wi-Fi.

Salutations,
Alain Casault, ing.

KazCom : La conférence pour les télécommunications!
https://alaincasault.com/kazcom-2018/
Formations à Ottawa
https://alaincasault.com/ottawa-2018/

Si vous avez trouvé cette information utile, « aimez » et « Partagez »
Facebook : https://www.facebook.com/alaincasault78
LinkedIn : https://www.linkedin.com/groups/8220286
Infolettre : https://mailchi.mp/662154821be5/abonnement


2018-08-28

Hi all,

Are you curious about how to connect to a hotel’s Wi-Fi, for example, and offer a private (and secure) Wi-Fi network to your cell phone and laptop at the same time? Is it complicated?

In a post on MikroTik’s forum, someone said that to have a Wi-Fi client (station) and AP at the same time, to fulfil the initial request, you needed a router with two network cards or two routers connected together. FALSE! The smallest hAP lite will do the trick with one or more VAPs (Virtual Access Point)! Here’s how.

————————————————————————————-

/interface wireless
###BASIC WLAN1 SETUP. BOGUS SECURITY PROFILE TO PREVENT ROUTER FROM CONNECTING TO ANY “OPEN” WI-FI. NOTE ALSO EMPTY SSID.
set [ find default-name=wlan1 ] antenna-gain=1 band=2ghz-onlyn country=canada \
    default-forwarding=no disabled=no distance=indoors frequency=auto \
    frequency-mode=regulatory-domain radio-name=mAP-Alain security-profile=\
    Bidon ssid=”” wireless-protocol=802.11

###VAP HERE. VAP BROADCASTS HOME SSID WITH SAME SECURITY PROFILE. WE DON’T HAVE TO RECONFIGURE OUR DEVICES WHILE ON THE ROAD.

add disabled=no keepalive-frames=disabled mac-address=4E:5E:0C:6C:64:0C \
    master-interface=wlan1 multicast-buffering=disabled name=[b]wlan2 [/b]\
    security-profile=MAISON ssid=DSWLAN wds-cost-range=0 wds-default-cost=0 \
    wps-mode=disabled

###CONNECT LISTS TO SPECIFY SSIDs TO CONNECT AND SECURITY PROFILES TO USE
/interface wireless connect-list
add comment=”Park Lane Inn & Suites” interface=wlan1 security-profile=default ssid=Park_Lane_Guest_WiFi wireless-protocol=802.11
add comment=”Country Inn Lexington VA” interface=wlan1 security-profile=default ssid=country wireless-protocol=802.11
add comment=”Grand Times Hotel” interface=wlan1 security-profile=times ssid=Times wireless-protocol=802.11
ETC.

###
###VAP AND ONE ETHERNET ARE ON LAN BRIDGE. PRETTY STANDARD SETUP FROM THERE
###
/interface bridge
add admin-mac=4C:5E:0C:6C:64:0B auto-mac=no name=LAN

/interface bridge port
add bridge=LAN interface=ether2
add bridge=LAN interface=wlan2

/ip address
add address=192.168.255.1/24 comment=LAN interface=LAN network=192.168.255.0

/ip dhcp-client
add comment=”default configuration” default-route-distance=5 dhcp-options= hostname,clientid disabled=no interface=wlan1
add comment=”default configuration” default-route-distance=5 dhcp-options=hostname,clientid disabled=no interface=ether1

/ip pool
add name=pool-LAN ranges=192.168.255.10-192.168.255.254

/ip dhcp-server
add address-pool=pool-LAN disabled=no interface=LAN name=dhcp-LAN

/ip dhcp-server network
add address=192.168.255.0/24 comment=LAN dns-server=192.168.255.1 gateway=192.168.255.1

###
FIREWAL FILTERS, NAT, ROUTING AND OTHER PARAMETERS OMITTED FOR SIMPLICITY’S SAKE
###

————————————————————————————-

What you have to understand is that the Wi-Fi card quickly switches between the STA (the physical card in our example) and AP (the virtual card) modes to fill both roles. It should also be understood that the virtual interface necessarily uses the same 802.11 protocol (a, b, g, n, ac or any supported combination) and the same frequency as the physical card. It’s impossible to do otherwise. Finally, VAPs are not supported in NV2 and Nstreme, only in 802.11.

Warning! MikroTik supports a maximum of 127 VAPs, but going beyond 3 or 4 (tops) would cause big performance issues on the Wi-Fi network.

Cheers,
Alain Casault, eng.

KazCom: The Telecommunications seminar!
https://alaincasault.com/ca/kazcom-2018/
Ottawa trainings
https://alaincasault.com/ca/ottawa-2018/

If you found this information useful, please “Like” and “Share”
Facebook : https://www.facebook.com/alaincasault78
LinkedIn : https://www.linkedin.com/groups/8220286
News Letter : https://mailchi.mp/662154821be5/abonnement

Visit Us On FacebookVisit Us On Linkedin