I think that this feature is not (yet) implemented, but before asking it to the MikroTik support team. Has anyone been able to get dynamic VLAN assignement working on the wifiwave2 package?
I have configured a FreeRADIUS server to be able to send VLAN’s based on mac-address in order to segment several device types without broadcasting multiple SSID’s, because I don’t want to disrupt an already crowded airspace anymore.
On RouterOS 7.5 en 7.6 the wifiwave2 package seems just to ignore the Radius response with a tagged VLAN. (In the MikroTik-Wireless-VLAN-ID radius attribute), on version 7.7beta6 the logs show the following:
xx:xx:xx:xx:xx:xx@wifi4 disconnected, can not assign vlan, signal strength -79
The wireless interface shows an additional comment that “client was disconnected because could not assign vlan”
In release notes of ROS v7.7beta (3,4 and 6) , dynamic VLAN support mentioned as added for 802.11ax interface.
If it can be done in access-list , maybe it will also work for RADIUS
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
Hi …
i was just wondering if that dynamic VLAN feature within wifiwave2 became available in the meanwhile -
either with RADIUS or through AccessLists?
thank you for a short update
My assumption is that depending on the mac address you want to assign different Vlans using radius.
I’ve implemented by simply configuring the bridge vlan and then per user in user manager In user manage I’m the adding the vlan attribute to specify for each user the vlan and other parameters it should use.
I’ve tested the approach with AX using the new WIfi packages and also on wifi 5 devices with the wireless packages.
Wave 2 on my wifi 5 doesn’t permit assining vlan’s this way.
Would you be so kind to share that with us, @lmeira? Perhaps an export of the relevant part?
I currently use PPSK, but am looking for a more future proof solution (that supports WPA3 as well).
Radius is being used to authenticate Wireless and Dot1x ( Ethernet Ports ) using mac address authentication.
Once the mac addresss is authenticated, User Manager & Radius return a specific VLAN. Depending on the processs being authenticated ( Wireless / Ethernet ) different attributes are used to return the vlan.
For the sake of testing two bridge vlan’s are configured Vlan 99 - Management Vlana and Vlan 20 - Home Devices.
I’ve left two mac address to examplify the parameters expected to be passed when performing the different type of authentication.
I’ve still not able to upgrade. One of my routers if i upgrade will loose 5ghz radio, on the other router vlan assignment still doensn’t work.
It’s a problem of the config but on the new wave2 drivers for ac devices.
I’ve tested similar setup on two AX router without issues.
There a few slight changes on the radius setup for eg in wave2:
you’ll need to add an access list enty in Wifi-> Access List to call the Radius for authentication. Previously this was in Wifi-> Security → Radius.
In Wifi → AAA , you’ll define the radius parameters format. This values were previously fixed.
You’ll need to assign the AAA format that you want to use to your configuration.
Attach you have some sreenshots.
I would like to use wave2, it would have solve a lot of my issues. But, it’s too unstable at least for my level of knowlege.
I’ve got a lot of wifi smar devices and for some of the old ones, for some reason I’ve stugling for ages, they disconeect and reconnect every few seconds. For this reason I’ve posponing the swap.
