2.4ghz WDS WPA Issues

dbmillar · March 6, 2012, 12:39am

Hi,

I’m having an issue getting security to work over 2.4ghz with WDS.

I have 3x RB751U Access Points with 1 of them acting at the AP-Bridge and the other two are WDS Slave.

It seems to work with WPA security on the two WDS Slaves but when i put security on the AP-Bridge, it all falls over. Also, i can’t get clients to connect to the WDS Slaves. Any help would be appreciated.

Goal: To try and distribute 2.4ghz around a house with WPA security from one central antenna.

AP1:

/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    disabled=no forward-delay=15s l2mtu=1598 max-message-age=20s mtu=1500 \
    name=bridge priority=0x8000 protocol-mode=none transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1600 \
    mac-address=00:0C:42:FB:68:36 mtu=1500 name=ether1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:FB:68:37 \
    master-port=none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:FB:68:38 \
    master-port=none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:FB:68:39 \
    master-port=none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:FB:68:3A \
    master-port=none mtu=1500 name=ether5 speed=100Mbps

/interface wireless security-profiles

add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=tkip \
    group-key-update=5m interim-update=0s management-protection=allowed \
    management-protection-key="" mode=dynamic-keys name=security \
    radius-eap-accounting=no radius-mac-accounting=no \
    radius-mac-authentication=no radius-mac-caching=disabled \
    radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
    static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
    none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
    static-sta-private-algo=none static-sta-private-key="" \
    static-transmit-key=key-0 supplicant-identity="" tls-certificate=none \
    tls-mode=no-certificates unicast-ciphers=tkip wpa-pre-shared-key=\
    thisvoucherisredeemable wpa2-pre-shared-key=thisvoucherisredeemable

/interface wireless
set 0 adaptive-noise-immunity=none allow-sharedkey=no antenna-gain=0 \
    antenna-mode=ant-a area="" arp=enabled band=2ghz-b/g/n basic-rates-a/g=\
    6Mbps basic-rates-b=1Mbps bridge-mode=enabled channel-width=20mhz \
    compression=no country=no_country_set default-ap-tx-limit=0 \
    default-authentication=yes default-client-tx-limit=0 default-forwarding=\
    yes dfs-mode=none disable-running-check=no disabled=no \
    disconnect-timeout=3s distance=dynamic frame-lifetime=0 frequency=2412 \
    frequency-mode=manual-txpower frequency-offset=0 hide-ssid=no \
    ht-ampdu-priorities=0 ht-amsdu-limit=8192 ht-amsdu-threshold=8192 \
    ht-basic-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 \
    ht-guard-interval=any ht-rxchains=0 ht-supported-mcs="mcs-0,mcs-1,mcs-2,mc\
    s-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14\
    ,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" \
    ht-txchains=0 hw-fragmentation-threshold=disabled hw-protection-mode=none \
    hw-protection-threshold=0 hw-retries=7 l2mtu=2290 mac-address=\
    00:0C:42:FB:68:3B max-station-count=2007 mode=ap-bridge mtu=1500 name=\
    wlan1 noise-floor-threshold=default nv2-cell-radius=30 \
    nv2-noise-floor-offset=default nv2-preshared-key="" nv2-qos=default \
    nv2-queue-count=2 nv2-security=disabled on-fail-retry-time=100ms \
    periodic-calibration=default periodic-calibration-interval=60 \
    preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=AP01 \
    rate-selection=legacy rate-set=default scan-list=default \
    security-profile=WPA2 ssid=Oishi station-bridge-clone-mac=\
    00:00:00:00:00:00 supported-rates-a/g=\
    6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\
    1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power-mode=default \
    update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=\
    bridge wds-default-cost=100 wds-ignore-ssid=no wds-mode=dynamic \
    wireless-protocol=any wmm-support=disabled

/interface bridge port
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=wlan1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether2 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether3 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether4 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether5 path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
    no

/ip dhcp-client
add add-default-route=yes default-route-distance=0 disabled=no interface=\
    ether2 use-peer-dns=yes use-peer-ntp=yes

AP2:

/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    disabled=no forward-delay=15s l2mtu=1598 max-message-age=20s mtu=1500 \
    name=bridge priority=0x8000 protocol-mode=none transmit-hold-count=6

/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=tkip \
    group-key-update=5m interim-update=0s management-protection=allowed \
    management-protection-key="" mode=dynamic-keys name=security \
    radius-eap-accounting=no radius-mac-accounting=no \
    radius-mac-authentication=no radius-mac-caching=disabled \
    radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
    static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
    none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
    static-sta-private-algo=none static-sta-private-key="" \
    static-transmit-key=key-0 supplicant-identity="" tls-certificate=none \
    tls-mode=no-certificates unicast-ciphers=tkip wpa-pre-shared-key=\
    thisvoucherisredeemable wpa2-pre-shared-key=thisvoucherisredeemable

/interface wireless
set 0 adaptive-noise-immunity=none allow-sharedkey=no antenna-gain=0 \
    antenna-mode=ant-a area="" arp=enabled band=2ghz-b/g/n basic-rates-a/g=\
    6Mbps basic-rates-b=1Mbps bridge-mode=enabled channel-width=20mhz \
    compression=no country=no_country_set default-ap-tx-limit=0 \
    default-authentication=yes default-client-tx-limit=0 default-forwarding=\
    yes dfs-mode=none disable-running-check=no disabled=no \
    disconnect-timeout=3s distance=dynamic frame-lifetime=0 frequency=2437 \
    frequency-mode=manual-txpower frequency-offset=0 hide-ssid=no \
    ht-ampdu-priorities=0 ht-amsdu-limit=8192 ht-amsdu-threshold=8192 \
    ht-basic-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 \
    ht-guard-interval=any ht-rxchains=0 ht-supported-mcs="mcs-0,mcs-1,mcs-2,mc\
    s-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14\
    ,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" \
    ht-txchains=0 hw-fragmentation-threshold=disabled hw-protection-mode=none \
    hw-protection-threshold=0 hw-retries=7 l2mtu=2290 mac-address=\
    00:0C:42:FB:68:47 max-station-count=2007 mode=wds-slave mtu=1500 name=\
    wlan1 noise-floor-threshold=default nv2-cell-radius=30 \
    nv2-noise-floor-offset=default nv2-preshared-key="" nv2-qos=default \
    nv2-queue-count=2 nv2-security=disabled on-fail-retry-time=100ms \
    periodic-calibration=default periodic-calibration-interval=60 \
    preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=AP02 \
    rate-selection=legacy rate-set=default scan-list=default \
    security-profile=WPA2 ssid=Oishi station-bridge-clone-mac=\
    00:00:00:00:00:00 supported-rates-a/g=\
    6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\
    1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power-mode=default \
    update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=\
    bridge wds-default-cost=100 wds-ignore-ssid=no wds-mode=static \
    wireless-protocol=802.11 wmm-support=disabled

/interface wireless wds
add arp=enabled disabled=no l2mtu=2290 master-interface=wlan1 mtu=1500 name=\
    wds wds-address=00:0C:42:FB:68:3B

/interface bridge port
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=wlan1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether2 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether3 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether4 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether5 path-cost=10 point-to-point=auto priority=0x80

AP3:

	
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    disabled=no forward-delay=15s l2mtu=1598 max-message-age=20s mtu=1500 \
    name=bridge priority=0x8000 protocol-mode=none transmit-hold-count=6

/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=tkip \
    group-key-update=5m interim-update=0s management-protection=allowed \
    management-protection-key="" mode=dynamic-keys name=security \
    radius-eap-accounting=no radius-mac-accounting=no \
    radius-mac-authentication=no radius-mac-caching=disabled \
    radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
    static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
    none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
    static-sta-private-algo=none static-sta-private-key="" \
    static-transmit-key=key-0 supplicant-identity="" tls-certificate=none \
    tls-mode=no-certificates unicast-ciphers=tkip wpa-pre-shared-key=\
    thisvoucherisredeemable wpa2-pre-shared-key=thisvoucherisredeemable

/interface wireless
set 0 adaptive-noise-immunity=none allow-sharedkey=no antenna-gain=0 \
    antenna-mode=ant-a area="" arp=enabled band=2ghz-b/g/n basic-rates-a/g=\
    6Mbps basic-rates-b=1Mbps bridge-mode=enabled channel-width=20mhz \
    compression=no country=no_country_set default-ap-tx-limit=0 \
    default-authentication=yes default-client-tx-limit=0 default-forwarding=\
    yes dfs-mode=none disable-running-check=no disabled=no \
    disconnect-timeout=3s distance=dynamic frame-lifetime=0 frequency=2412 \
    frequency-mode=manual-txpower frequency-offset=0 hide-ssid=no \
    ht-ampdu-priorities=0 ht-amsdu-limit=8192 ht-amsdu-threshold=8192 \
    ht-basic-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 \
    ht-guard-interval=any ht-rxchains=0 ht-supported-mcs="mcs-0,mcs-1,mcs-2,mc\
    s-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14\
    ,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" \
    ht-txchains=0 hw-fragmentation-threshold=disabled hw-protection-mode=none \
    hw-protection-threshold=0 hw-retries=7 l2mtu=2290 mac-address=\
    00:0C:42:F9:47:37 max-station-count=2007 mode=wds-slave mtu=1500 name=\
    wlan1 noise-floor-threshold=default nv2-cell-radius=30 \
    nv2-noise-floor-offset=default nv2-preshared-key="" nv2-qos=default \
    nv2-queue-count=2 nv2-security=disabled on-fail-retry-time=100ms \
    periodic-calibration=default periodic-calibration-interval=60 \
    preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=AP03 \
    rate-selection=legacy rate-set=default scan-list=default \
    security-profile=WPA2 ssid=Oishi station-bridge-clone-mac=\
    00:00:00:00:00:00 supported-rates-a/g=\
    6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\
    1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power-mode=default \
    update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=\
    bridge wds-default-cost=100 wds-ignore-ssid=no wds-mode=static \
    wireless-protocol=802.11 wmm-support=disabled

/interface wireless wds
add arp=enabled disabled=no l2mtu=2290 master-interface=wlan1 mtu=1500 name=\
    wds1 wds-address=00:0C:42:FB:68:3B

/interface bridge port
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether2 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether4 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether3 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether5 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=wlan1 path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
    no

vik1988 · March 6, 2012, 4:29am

dbmillar:

Hi,

I’m having an issue getting security to work over 2.4ghz with WDS.

I have 3x RB751U Access Points with 1 of them acting at the AP-Bridge and the other two are WDS Slave.

It seems to work with WPA security on the two WDS Slaves but when i put security on the AP-Bridge, it all falls over. Also, i can’t get clients to connect to the WDS Slaves. Any help would be appreciated.

Goal: To try and distribute 2.4ghz around a house with WPA security from one central antenna.

AP1:

/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    disabled=no forward-delay=15s l2mtu=1598 max-message-age=20s mtu=1500 \
    name=bridge priority=0x8000 protocol-mode=none transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1600 \
    mac-address=00:0C:42:FB:68:36 mtu=1500 name=ether1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:FB:68:37 \
    master-port=none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:FB:68:38 \
    master-port=none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:FB:68:39 \
    master-port=none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:FB:68:3A \
    master-port=none mtu=1500 name=ether5 speed=100Mbps

/interface wireless security-profiles

add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=tkip \
    group-key-update=5m interim-update=0s management-protection=allowed \
    management-protection-key="" mode=dynamic-keys name=security \
    radius-eap-accounting=no radius-mac-accounting=no \
    radius-mac-authentication=no radius-mac-caching=disabled \
    radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
    static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
    none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
    static-sta-private-algo=none static-sta-private-key="" \
    static-transmit-key=key-0 supplicant-identity="" tls-certificate=none \
    tls-mode=no-certificates unicast-ciphers=tkip wpa-pre-shared-key=\
    thisvoucherisredeemable wpa2-pre-shared-key=thisvoucherisredeemable

/interface wireless
set 0 adaptive-noise-immunity=none allow-sharedkey=no antenna-gain=0 \
    antenna-mode=ant-a area="" arp=enabled band=2ghz-b/g/n basic-rates-a/g=\
    6Mbps basic-rates-b=1Mbps bridge-mode=enabled channel-width=20mhz \
    compression=no country=no_country_set default-ap-tx-limit=0 \
    default-authentication=yes default-client-tx-limit=0 default-forwarding=\
    yes dfs-mode=none disable-running-check=no disabled=no \
    disconnect-timeout=3s distance=dynamic frame-lifetime=0 frequency=2412 \
    frequency-mode=manual-txpower frequency-offset=0 hide-ssid=no \
    ht-ampdu-priorities=0 ht-amsdu-limit=8192 ht-amsdu-threshold=8192 \
    ht-basic-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 \
    ht-guard-interval=any ht-rxchains=0 ht-supported-mcs="mcs-0,mcs-1,mcs-2,mc\
    s-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14\
    ,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" \
    ht-txchains=0 hw-fragmentation-threshold=disabled hw-protection-mode=none \
    hw-protection-threshold=0 hw-retries=7 l2mtu=2290 mac-address=\
    00:0C:42:FB:68:3B max-station-count=2007 mode=ap-bridge mtu=1500 name=\
    wlan1 noise-floor-threshold=default nv2-cell-radius=30 \
    nv2-noise-floor-offset=default nv2-preshared-key="" nv2-qos=default \
    nv2-queue-count=2 nv2-security=disabled on-fail-retry-time=100ms \
    periodic-calibration=default periodic-calibration-interval=60 \
    preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=AP01 \
    rate-selection=legacy rate-set=default scan-list=default \
    security-profile=WPA2 ssid=Oishi station-bridge-clone-mac=\
    00:00:00:00:00:00 supported-rates-a/g=\
    6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\
    1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power-mode=default \
    update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=\
    bridge wds-default-cost=100 wds-ignore-ssid=no wds-mode=dynamic \
    wireless-protocol=any wmm-support=disabled

/interface bridge port
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=wlan1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether2 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether3 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether4 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether5 path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
    no

/ip dhcp-client
add add-default-route=yes default-route-distance=0 disabled=no interface=\
    ether2 use-peer-dns=yes use-peer-ntp=yes

AP2:

/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    disabled=no forward-delay=15s l2mtu=1598 max-message-age=20s mtu=1500 \
    name=bridge priority=0x8000 protocol-mode=none transmit-hold-count=6

/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=tkip \
    group-key-update=5m interim-update=0s management-protection=allowed \
    management-protection-key="" mode=dynamic-keys name=security \
    radius-eap-accounting=no radius-mac-accounting=no \
    radius-mac-authentication=no radius-mac-caching=disabled \
    radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
    static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
    none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
    static-sta-private-algo=none static-sta-private-key="" \
    static-transmit-key=key-0 supplicant-identity="" tls-certificate=none \
    tls-mode=no-certificates unicast-ciphers=tkip wpa-pre-shared-key=\
    thisvoucherisredeemable wpa2-pre-shared-key=thisvoucherisredeemable

/interface wireless
set 0 adaptive-noise-immunity=none allow-sharedkey=no antenna-gain=0 \
    antenna-mode=ant-a area="" arp=enabled band=2ghz-b/g/n basic-rates-a/g=\
    6Mbps basic-rates-b=1Mbps bridge-mode=enabled channel-width=20mhz \
    compression=no country=no_country_set default-ap-tx-limit=0 \
    default-authentication=yes default-client-tx-limit=0 default-forwarding=\
    yes dfs-mode=none disable-running-check=no disabled=no \
    disconnect-timeout=3s distance=dynamic frame-lifetime=0 frequency=2437 \
    frequency-mode=manual-txpower frequency-offset=0 hide-ssid=no \
    ht-ampdu-priorities=0 ht-amsdu-limit=8192 ht-amsdu-threshold=8192 \
    ht-basic-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 \
    ht-guard-interval=any ht-rxchains=0 ht-supported-mcs="mcs-0,mcs-1,mcs-2,mc\
    s-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14\
    ,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" \
    ht-txchains=0 hw-fragmentation-threshold=disabled hw-protection-mode=none \
    hw-protection-threshold=0 hw-retries=7 l2mtu=2290 mac-address=\
    00:0C:42:FB:68:47 max-station-count=2007 mode=wds-slave mtu=1500 name=\
    wlan1 noise-floor-threshold=default nv2-cell-radius=30 \
    nv2-noise-floor-offset=default nv2-preshared-key="" nv2-qos=default \
    nv2-queue-count=2 nv2-security=disabled on-fail-retry-time=100ms \
    periodic-calibration=default periodic-calibration-interval=60 \
    preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=AP02 \
    rate-selection=legacy rate-set=default scan-list=default \
    security-profile=WPA2 ssid=Oishi station-bridge-clone-mac=\
    00:00:00:00:00:00 supported-rates-a/g=\
    6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\
    1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power-mode=default \
    update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=\
    bridge wds-default-cost=100 wds-ignore-ssid=no wds-mode=static \
    wireless-protocol=802.11 wmm-support=disabled

/interface wireless wds
add arp=enabled disabled=no l2mtu=2290 master-interface=wlan1 mtu=1500 name=\
    wds wds-address=00:0C:42:FB:68:3B

/interface bridge port
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=wlan1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether2 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether3 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether4 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether5 path-cost=10 point-to-point=auto priority=0x80

AP3:

	
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
    disabled=no forward-delay=15s l2mtu=1598 max-message-age=20s mtu=1500 \
    name=bridge priority=0x8000 protocol-mode=none transmit-hold-count=6

/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=tkip \
    group-key-update=5m interim-update=0s management-protection=allowed \
    management-protection-key="" mode=dynamic-keys name=security \
    radius-eap-accounting=no radius-mac-accounting=no \
    radius-mac-authentication=no radius-mac-caching=disabled \
    radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
    static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
    none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
    static-sta-private-algo=none static-sta-private-key="" \
    static-transmit-key=key-0 supplicant-identity="" tls-certificate=none \
    tls-mode=no-certificates unicast-ciphers=tkip wpa-pre-shared-key=\
    thisvoucherisredeemable wpa2-pre-shared-key=thisvoucherisredeemable

/interface wireless
set 0 adaptive-noise-immunity=none allow-sharedkey=no antenna-gain=0 \
    antenna-mode=ant-a area="" arp=enabled band=2ghz-b/g/n basic-rates-a/g=\
    6Mbps basic-rates-b=1Mbps bridge-mode=enabled channel-width=20mhz \
    compression=no country=no_country_set default-ap-tx-limit=0 \
    default-authentication=yes default-client-tx-limit=0 default-forwarding=\
    yes dfs-mode=none disable-running-check=no disabled=no \
    disconnect-timeout=3s distance=dynamic frame-lifetime=0 frequency=2412 \
    frequency-mode=manual-txpower frequency-offset=0 hide-ssid=no \
    ht-ampdu-priorities=0 ht-amsdu-limit=8192 ht-amsdu-threshold=8192 \
    ht-basic-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 \
    ht-guard-interval=any ht-rxchains=0 ht-supported-mcs="mcs-0,mcs-1,mcs-2,mc\
    s-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14\
    ,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" \
    ht-txchains=0 hw-fragmentation-threshold=disabled hw-protection-mode=none \
    hw-protection-threshold=0 hw-retries=7 l2mtu=2290 mac-address=\
    00:0C:42:F9:47:37 max-station-count=2007 mode=wds-slave mtu=1500 name=\
    wlan1 noise-floor-threshold=default nv2-cell-radius=30 \
    nv2-noise-floor-offset=default nv2-preshared-key="" nv2-qos=default \
    nv2-queue-count=2 nv2-security=disabled on-fail-retry-time=100ms \
    periodic-calibration=default periodic-calibration-interval=60 \
    preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=AP03 \
    rate-selection=legacy rate-set=default scan-list=default \
    security-profile=WPA2 ssid=Oishi station-bridge-clone-mac=\
    00:00:00:00:00:00 supported-rates-a/g=\
    6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\
    1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power-mode=default \
    update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=\
    bridge wds-default-cost=100 wds-ignore-ssid=no wds-mode=static \
    wireless-protocol=802.11 wmm-support=disabled

/interface wireless wds
add arp=enabled disabled=no l2mtu=2290 master-interface=wlan1 mtu=1500 name=\
    wds1 wds-address=00:0C:42:FB:68:3B

/interface bridge port
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether2 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether4 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether3 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=ether5 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
    interface=wlan1 path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
    no

i have checked all the configuration but didn’t understand when you are using name=security in security profile then why do you configure WPA2 in “int wireless security-profile=WPA2”..

dbmillar · March 20, 2012, 9:45pm

Hi there,

I was still struggling to find answers to the problem i was facing in the forums and wiki, and after a few reset-configurations i’ve finally got it.

I’m using 3x RB751’s throughout a house to distribute wireless with WPA encryption, with AP02 and AP03 talking back to AP01

AP1

/interface bridge
add name=bridge 

/interface wireless security-profiles
add authentication-types=wpa-psk eap-methods="" group-ciphers=aes-ccm group-key-update=5m interim-update=0s management-protection=allowed management-protection-key="" mode=dynamic-keys name=profile radius-eap-accounting=no radius-mac-accounting=no \
    radius-mac-authentication=no radius-mac-caching=disabled radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=none static-key-0="" static-key-1="" static-key-2="" \
    static-key-3="" static-sta-private-algo=none static-sta-private-key="" static-transmit-key=key-0 supplicant-identity="" tls-certificate=none tls-mode=no-certificates unicast-ciphers=aes-ccm wpa-pre-shared-key=thisvoucherisredeemable \
    wpa2-pre-shared-key=""
	
/interface wireless
set 0 band=2ghz-b/g/n frequency=2412 mode=ap-bridge security-profile=profile ssid=Oishi wds-default-bridge=bridge wds-mode=dynamic

/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=wlan1

/system identity
set name=AP01

AP2

/interface bridge
add name=bridge 

/interface wireless security-profiles
add authentication-types=wpa-psk eap-methods="" group-ciphers=aes-ccm group-key-update=5m interim-update=0s management-protection=allowed management-protection-key="" mode=dynamic-keys name=profile radius-eap-accounting=no radius-mac-accounting=no \
    radius-mac-authentication=no radius-mac-caching=disabled radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=none static-key-0="" static-key-1="" static-key-2="" \
    static-key-3="" static-sta-private-algo=none static-sta-private-key="" static-transmit-key=key-0 supplicant-identity="" tls-certificate=none tls-mode=no-certificates unicast-ciphers=aes-ccm wpa-pre-shared-key=thisvoucherisredeemable \
    wpa2-pre-shared-key=""
	
/interface wireless
set 0 band=2ghz-b/g/n frequency=2412 mode=wds-slave security-profile=profile ssid=Oishi wds-default-bridge=bridge wds-mode=dynamic

/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=wlan1

/system identity
set name=AP02

/interface wireless connect-list
add area-prefix="" connect=no disabled=no interface=wlan1 mac-address=[b]MAC_OF_OTHER_UNIT[/b] security-profile=default signal-range=-120..120 ssid="" wireless-protocol=any

AP3

/interface bridge
add name=bridge 

/interface wireless security-profiles
add authentication-types=wpa-psk eap-methods="" group-ciphers=aes-ccm group-key-update=5m interim-update=0s management-protection=allowed management-protection-key="" mode=dynamic-keys name=profile radius-eap-accounting=no radius-mac-accounting=no \
    radius-mac-authentication=no radius-mac-caching=disabled radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=none static-key-0="" static-key-1="" static-key-2="" \
    static-key-3="" static-sta-private-algo=none static-sta-private-key="" static-transmit-key=key-0 supplicant-identity="" tls-certificate=none tls-mode=no-certificates unicast-ciphers=aes-ccm wpa-pre-shared-key=thisvoucherisredeemable \
    wpa2-pre-shared-key=""
	
/interface wireless
set 0 band=2ghz-b/g/n frequency=2412 mode=wds-slave security-profile=profile ssid=Oishi wds-default-bridge=bridge wds-mode=dynamic

/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=wlan1

/system identity
set name=AP03

/interface wireless connect-list
add area-prefix="" connect=no disabled=no interface=wlan1 mac-address=[b]MAC_OF_OTHER_UNIT[/b] security-profile=default signal-range=-120..120 ssid="" wireless-protocol=any

I hope this can help some people

dbmillar · March 22, 2012, 9:20pm

Hi all,

I’ve had some issues with DHCP not being passed through on any of the access points. Rebooting all the devices fixed this, but only for 5min. Was having quite a bit of trouble with high traffic going between the units. statically setting the WDS on the AP01 unit for the 2x other units (AP02 and AP03) seemed to fix this.