MAC based access control is not a solution because MAC address can be easily changed.
Indeed but I could probably live with it for a little while.
Hi,
Problem is that ipad and iphone both persist and had a bug in Mac OS but yet i can not able to solve that problem due to black WPA Password
test
Hi Guys,
I am having a peculiar problem that specifically affects apple products. Apple products regardless of their IOS are exhibiting very slow loading time from websites and most times will not open at all. I have found a work around of “binding” the specific client IP address and “bypassing” it. This always solves the problem but I want it to work normally without having to by pass the IP addresses since bypassing the client makes it impossible to monitor or control his/her bandwidth.
The problem has occurred several times before but it always goes away with time but this time around it has persisted.
Note that my authentication is the hotspot http chap therefore the issues discussed above regarding AES are not related with this.
Find my router configuration below. Your help will be very much appreciated.
Regards,
Matu
jan/04/2007 start-time=07:30:00
add comment=“” disabled=yes interval=1w name=“Weekend BW Upgrade Sat”
on-event=“04 - Upgrade_BW” policy=read,write,test start-date=jul/28/2007
start-time=07:05:00
add comment=“” disabled=no interval=1w name=“Weekend BW Upgrade Sun”
on-event=“04 - Upgrade_BW” policy=read,write,test start-date=jul/29/2007
start-time=07:05:00
add comment=“” disabled=no interval=30s name=“07 - Remove busy status”
on-event=“07 - Remove busy status” policy=read,write,test start-date=
nov/11/2011 start-time=16:45:00
add comment=“” disabled=no interval=1m name=“08 - Busy status remove”
on-event=“08 - Busy status remove” policy=read,write,test start-date=
nov/11/2011 start-time=16:52:00
/system script
add name=Email_backup_file policy=ftp,reboot,read,write,policy,test source=“/s
ystem backup save name=email-system\r
\n/tool e-mail send to="" from=".
co.ke" server="smtp.accesskenya.com" subject=("Backup of: " . [/syste
m identity get name] . "-" . [/system clock get time] . "-" . [/syste
m clock get date]) body=" This is the weekly backup of the hotgossip rout
er. Please find attached the backup config for router .
Keep this in a safe place." file=email-system.backup\r
\n:log info "Backup email sent OK""
add name=“04 - Upgrade_BW” policy=ftp,reboot,read,write,policy,test,winbox
source=“:log info "Begin bandwidth daily upgrade…"\r
\n###\r
\n# Change 24/48 Day - 32/128 Night back to 32/128 for Night\r
\n/ip hotspot user profile set "24/48 Day - 32/128 Night" rate-limit="3
2k/128k 100000000k/100000000k 18k/36k 40 8"\r
\n\r
\n###\r
\n# Change 24/48 to 32/64 for night\r
\n/ip hotspot user profile set "24/48 Customers" rate-limit="32k/64k 10
0000000k/100000000k 24k/48k 40 8"\r
\n\r
\n###\r
\n# Change 24k/48k Night to 1k/1k for day\r
\n/ip hotspot user profile set "24k/48k Night" rate-limit="24k/48k 1000
00000k/100000000k 18k/36k 40 8"\r
\n\r
\n###\r
\n# Change 24/48 Day - 32/96 Night to 32/96 for night\r
\n/ip hotspot user profile set "24/48 Day - 32/96 Night" rate-limit="32
k/96k 100000000k/100000000k 24k/68k 40 8"\r
\n\r
\n###\r
\n# Change 32/64 to 48/96 for night\r
\n/ip hotspot user profile set "32/64 Customers" rate-limit="48k/96k 10
0000000k/100000000k 33k/68k 40 8"\r
\n\r
\n###\r
\n# Change 48/64 to 48/96 for night\r
\n/ip hotspot user profile set "48/64 Customers" rate-limit="48k/96k 10
0000000k/100000000k 33k/68k 40 8"\r
\n\r
\n###\r
\n# Change 48/96 to 64/128 for night\r
\n/ip hotspot user profile set "48/96 Customers" rate-limit="64k/128k 1
00000000k/100000000k 72k/115k 40 8"\r
\n\r
\n\r
\n###\r
\n# Change 64/128 to 128/256 for night\r
\n/ip hotspot user profile set "64/128 Customers" rate-limit="128k/256k
_100000000k/100000000k 115k/230k 40 8"\r
\n\r
\n\r
\n###\r
\n# Change Camp Kenya Office Day Only to 24k/48k for night\r
\n/ip hotspot user profile set "Camp Kenya Office Day Only" rate-limit=
"24k/48k 100000000k/100000000k 18k/36k 40 8"\r
\n\r
\n###\r
\n# Change Camp Kenya Directors for night\r
\n/ip hotspot user profile set "Camp Kenya Directors" rate-limit="64k/1
28k 100000000k/100000000k 48k/96k 40 8"\r
\n\r
\n###\r
\n# Change 24/48 Day - 32/256 Night to 32/256 for night\r
\n/ip hotspot user profile set "24/48 Day - 32/256 Night" rate-limit="3
2k/256k 100000000k/100000000k 24k/230k 40 8"\r
\n\r
\n##\r
\n# Change 32/64 Day - 0/0 Night to 0/0 for night\r
\n/ip hotspot user profile set "32/64 Day - 0/0 Night" rate-limit="1k/1
k"\r
\n\r
\n###\r
\n# Change 32/256 Night Only to ON for night\r
\n/ip hotspot user profile set "32/256 Night Only" rate-limit="32k/256k
_100000000k/100000000k 24k/230k 40 8"\r
\n\r
\n\r
\n\r
\n#End.\r
\n:log info "End: daily bandwidth upgrade complete!"\r
\n:delay 10\r
\n”
add name=“03 - Downgrade_BW” policy=ftp,reboot,read,write,policy,test,winbox
source=“:log info "Begin bandwidth daily downgrade…"\r
\n###\r
\n# Change 24/48 Day - 32/128 Night back to 24/48 for day\r
\n/ip hotspot user profile set "24/48 Day - 32/128 Night" rate-limit="2
4k/48k 100000000k/100000000k 18k/36k 40 8"\r
\n\r
\n###\r
\n# Change 24/48 back to 24/48 for day\r
\n/ip hotspot user profile set "24/48 Customers" rate-limit="24k/48k 10
0000000k/100000000k 18k/36k 40 8"\r
\n\r
\n###\r
\n# Change 24k/48k Night to 1k/1k for day\r
\n/ip hotspot user profile set "24k/48k Night" rate-limit="1k/1k"\r
\n\r
\n###\r
\n# Change 24/48 Day - 32/96 Night back to 24/48 for day\r
\n/ip hotspot user profile set "24/48 Day - 32/96 Night" rate-limit="24
k/48k 100000000k/100000000k 18k/36k 40 8"\r
\n\r
\n###\r
\n# Change 32/64 back to 32/64 for day\r
\n/ip hotspot user profile set "32/64 Customers" rate-limit="32k/64k 10
0000000k/100000000k 24k/48k 40 8"\r
\n\r
\n###\r
\n# Change 48/64 back to 48/64 for day\r
\n/ip hotspot user profile set "48/64 Customers" rate-limit="48k/64k 10
0000000k/100000000k 24k/48k 40 8"\r
\n\r
\n###\r
\n# Change 48/96 back to 48/96 for day\r
\n/ip hotspot user profile set "48/96 Customers" rate-limit="48k/96k 10
0000000k/100000000k 24k/72k 40 8"\r
\n\r
\n###\r
\n# Change 64/128 back to 64/128 for day\r
\n/ip hotspot user profile set "64/128 Customers" rate-limit="64k/128k
100000000k/100000000k 48k/96k 40 8"\r
\n\r
\n###\r
\n# Change Camp Kenya Office Day Only to 128/256 for day\r
\n/ip hotspot user profile set "Camp Kenya Office Day Only" rate-limit=
"128k/256k 100000000k/100000000k 115k/230k 40 8"\r
\n\r
\n###\r
\n# Change Camp Kenya Directors to 1k/1k for day\r
\n/ip hotspot user profile set "Camp Kenya Directors" rate-limit="1k/1k
"\r
\n\r
\n###\r
\n# Change 24/48 Day - 32/256 Night back to 24/48 for day\r
\n/ip hotspot user profile set "24/48 Day - 32/256 Night" rate-limit="2
4k/48k 100000000k/100000000k 24k/48k 40 8"\r
\n\r
\n###\r
\n# Change 32/64 Day - 32/256 Night back to 32/64 for day\r
\n/ip hotspot user profile set "32/64 Day - 0/0 Night" rate-limit="32/6
4k 100000000k/100000000k 24k/48k 40 8"\r
\n\r
\n###\r
\n# Change 32/256 Night Only to ON for night\r
\n/ip hotspot user profile set "32/256 Night Only" rate-limit="6k/6k"
\r
\n\r
\n#End.\r
\n:log info "End: daily bandwidth downgrade complete!"\r
\n:delay 10\r
\n\r
\n”
add name=“06 - enable_night_users” policy=
ftp,reboot,read,write,policy,test,winbox,password source=“###\r
\n# Enable Night Only Customers\r
\n/ip hotspot user profile set "16k/32k Night" shared-users=1”
add name=“05 - disable_night_users” policy=
ftp,reboot,read,write,policy,test,winbox,password source=“###\r
\n# Disable Night Only Customers\r
\n/ip hotspot user profile set "24k/48k Night" shared-users=0”
add name=“00 - mv-static” policy=
ftp,reboot,read,write,policy,test,winbox,password,sniff source=“:foreach n
_in=[/queue simple find priority=7] do={ /queue simple move $n [:pick [/
queue simple find] 0] }\r
\n:foreach n in=[/queue simple find priority=5] do={ /queue simple move $
n [:pick [/queue simple find] 0] }\r
\n:foreach n in=[/queue simple find priority=4] do={ /queue simple move $
n [:pick [/queue simple find] 0] }”
add name=“02 - Throttle p2p during the day” policy=
ftp,reboot,read,write,policy,test,winbox,password,sniff source=“/ip firewa
ll filter enable [/ip firewall filter find comment="Drop P2p Marked Packe
ts"]\r
\n/ip firewall filter enable [/ip firewall filter find comment="Drop P2p
Protocol"]”
add name=“01 - Allow p2p during the Night” policy=
ftp,reboot,read,write,policy,test,winbox,password,sniff source=“/ip firewa
ll filter disable [/ip firewall filter find comment="Drop P2p Marked Pack
ets"]\r
\n/ip firewall filter disable [/ip firewall filter find comment="Drop P2p
_Protocol"]”
add name=“07 - Remove busy status” policy=
ftp,reboot,read,write,policy,test,winbox,password,sniff source=“:foreach i
_in=[/ip dhcp-server lease find status="busy"]\\r
\n do={\r
\n :log error ("Busy status detected: " . [/ip dhcp-server lease get $i
_address]);\r
\n /ip dhcp-server lease remove $i;\r
\n }\r
\n”
add name=“08 - Busy status remove” policy=
ftp,reboot,read,write,policy,test,winbox,password,sniff source=“:foreach i
_in=[/ip dhcp-server lease find mac-address=00:00:00:00:00:00]\\r
\ndo={\r
\n:log error ("Mac address zero detected: " . [/ip dhcp-server lease get
_$i address]);\r
\n/ip dhcp-server lease remove $i;\r
\n}”
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=
0.0.0.0 user=“”
/system watchdog
set auto-send-supout=no automatic-supout=no no-ping-delay=5m watch-address=
none watchdog-timer=no
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=10
/tool e-mail
set from= password=“” server=.../ username=“”
/tool graphing
set store-every=5min
/tool graphing interface
add allow-address=192.168.101.0/24 disabled=no interface=all store-on-disk=
yes
add allow-address=.../ disabled=no interface=all store-on-disk=yes
add allow-address=10.1.10.253/32 disabled=no interface=all store-on-disk=yes
add allow-address=10.1.10.251/32 disabled=no interface=all store-on-disk=yes
add allow-address=10.1.10.250/32 disabled=no interface=all store-on-disk=yes
add allow-address=10.1.10.0/24 disabled=no interface=all store-on-disk=yes
add allow-address=172.16.2.0/24 disabled=no interface=all store-on-disk=yes
add allow-address=.../ disabled=no interface=all store-on-disk=
yes
/tool graphing queue
add allow-address=192.168.1.0/24 allow-target=yes disabled=no simple-queue=
“Simon Home” store-on-disk=yes
add allow-address=192.168.101.0/24 allow-target=yes disabled=no simple-queue=
all store-on-disk=yes
add allow-address=.../* allow-target=yes disabled=no simple-queue=
all store-on-disk=yes
add allow-address=10.1.10.253/32 allow-target=yes disabled=no simple-queue=
all store-on-disk=yes
add allow-address=10.1.10.251/32 allow-target=yes disabled=no simple-queue=
all store-on-disk=yes
add allow-address=10.1.10.250/32 allow-target=yes disabled=no simple-queue=
all store-on-disk=yes
add allow-address=10.1.10.0/24 allow-target=yes disabled=no simple-queue=all
store-on-disk=yes
add allow-address=172.16.2.0/24 allow-target=yes disabled=no simple-queue=all
store-on-disk=yes
add allow-address=.../** allow-target=yes disabled=no simple-queue=
all store-on-disk=yes
/tool graphing resource
add allow-address=192.168.101.0/24 disabled=no store-on-disk=yes
add allow-address=.../** disabled=no store-on-disk=yes
add allow-address=10.1.10.253/32 disabled=no store-on-disk=yes
add allow-address=10.1.10.251/32 disabled=no store-on-disk=yes
add allow-address=10.1.10.250/32 disabled=no store-on-disk=yes
add allow-address=10.1.10.0/24 disabled=no store-on-disk=yes
add allow-address=172.16.2.0/24 disabled=no store-on-disk=yes
/tool mac-server
add disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool netwatch
add comment=“Check if Idirect modem is pingable and log it” disabled=no
down-script=”/tool e-mail send to=".../" from="sup
port@hotgossip.co.ke" server="192.168.101.11" subject=("Idirect Modem
Down: " . "-" . [/system clock get time] . "-" . [/system clock get
date]) body=" The Simbanet Idirect Modem has gone down."\r
\n:log info "Idirect VSAT Modem gone DOWN! Boo!"" host=.../
interval=5m timeout=800ms up-script=“/tool e-mail send to=".../" from=".../" server="192.168.101.11" s
ubject=("Idirect Modem Up: " . "-" . [/system clock get time] . "-"
_. [/system clock get date]) body=" The Simbanet Idirect Modem has gone
back up!."\r
\n:log info "Idirect VSAT Modem gone UP! Yay!!"”
add comment=“Check if KDN Link is pingable and log it” disabled=no
down-script=“/tool e-mail send to=".../" from="sup
.../" server="192.168.101.11" subject=("KDN Link Down:
_" . "-" . [/system clock get time] . "-" . [/system clock get date
]) body=" The KDN Link has gone down."\r
\n:log info "KDN Link gone DOWN! Boo!"” host=.../** interval=1m
timeout=400ms up-script=“/tool e-mail send to=".../
" from=".../" server="192.168.101.11" subject=("K
DN Link Up: " . "-" . [/system clock get time] . "-" . [/system cloc
k get date]) body=" The KDN Link has gone back up!."\r
\n:log info "KDN Link gone UP! Yay!!"”
/tool sniffer
set file-limit=10 file-name=“” filter-address1=0.0.0.0/0:0-65535
filter-address2=0.0.0.0/0:0-65535 filter-protocol=ip-only filter-stream=
yes interface=all memory-limit=10 only-headers=no streaming-enabled=no
streaming-server=0.0.0.0
/user aaa
set accounting=yes default-group=read interim-update=0s use-radius=no
FWIW, I never have any issues because I used an Apple Extreme with a Mikrotik RB450G in front of it. So, I get the robustness of the Mikrotik RouterOS and the seamlessness of the Apple devices connectivity with the Apple Extreme either wired or wirelessly.
I would recommend the route if it’s important to you to use Apple devices.
FOR ALL: WIRELESS PROTOCOL MUST BE SET TO 802.11, NOT TO ANY: ONLY MIKROTIK DEVICES USE NSTREME OR NV2!!!
UNDERSTAND???
USE ONLY 802.11 ON WIRELESS PROTOCOL IF YOU WANT MAKE ONE ACCESS POINT!!!
IF YOU LEAVE WIRELESS PROTOCOL TO “ALL” AND FORGET TO SET NV2 SECURITY, ANYONE WITH MIKROTIK DEVICES CAN CONNECT WITHOUT PASSWORD TO YOUR NETWORK!!! NOT ONLY TO HOME AP, BUT ALSO ON AP FOR CPE!..
- USE ONLY UPPERCASE LETTERS A-Z, NUMBERS 0-9 AND “-” FOR SSID IF YOU USE APPLE DEVICES, THE MAJORITY OF THE DRIVER HAVE BUG ON LOWERCASE AND SPECIAL SYMBOLS FOR SSID.
example working: AP-THISWORKONMAC
example not working: MyApNotWork_With_allMAC
-
use default data rates, some devices do not support forced data rates (some Ralink drivers, for example)
and also not force to long preamble. -
do not use rts/cts or “access point and client mode”, not all devices support that.
-
do not activate wmm support, incredibly sometime disconnect every 1/2 min some devices
-
set management protection on security profile disabled, not all devices support that…
@Nollitik and rextended, thanks for your replies.
Rextended,
I am not using the wireless modes from the router board, I have setup hotspot and am using http chap so as much as you can connect to our 80 access points you will still be queried with a password to access the internet by the login page.
I’m having this same problem with apple products and the hotspot. I have to create a bypass also. If you build a simple queue targeting the users ip, it at least throttles them. Would be nice to know a walk around. I use Mac authentication for my login.
Guys, I use a RB2011 with wireless on OS 6.17 and had same issue with no connectivity from any MAC device while from other brands was ok.
I simply added AES encryption along with the TKIP that I had before and now all work fine. I hope it works for you as well.
A I also changed the SSID to capital letters (not quite sure if it changed anything).
I just spent a LOT of time trying all your suggestions and nothing would work, still. My iPad, as well as my Kindle would not connect no matter what. But guess what. Turns out you can’t have any special characters in your WiFi password. I had an exclamation mark (!) and that was the thing that was killing it. 