I have disabled wireless authentication by default, enabled only for records from access list, and I want an automated way to connect new device (by WPS) and add it to access list. Script will be launched through ssh. Here is what I managed to write:
:log info "WPS script: starting"
# Allowing connection to AP.
/interface wireless set wlan1 default-authentication=yes default-forwarding=yes;
# Waiting for wlan reinitialization. Otherwise wps-push-button fails.
:delay 10
# Sending WPS button press command.
:do { /interface wireless wps-push-button wlan1
} on-error={:log error "WPS script: wps-push-button failed"}
# Waiting for connections for 2 minutes
:delay 120
# Adding new record to ACL.
# All entries in ACL should have non-empty comments, ACL share comments with reg table.
/interface wireless registration-table {
:foreach i in [ find ] do={
:local mac [ get $i mac-address ]
:local ipaddr [ get $i last-ip ]
:local comm [ get $i comment ]
:if ([:len $comm]=0) do={
:log info "WPS script: found new connection"
:log info "WPS script: adding $mac to ACL, assigned $ipaddr"
/interface wireless access-list \
add mac-address=$mac interface=wlan1 authentication=yes forwarding=yes \
comment="WPS script: added at $[/system clock get date]";
} else={
:log info "WPS script: found existing connection - $comm"
}
}
}
# Blocking connection to AP.
/interface wireless set 0 default-authentication=no default-forwarding=no;
:log info "WPS script: finished"
Still, I don’t quite like how I filter registration table from devices that are already in access list. Is there a better way to do that?