roml
March 28, 2019, 7:25am
1
I’m new with Mikrotik routers. Let me describe what I setup first:- android tying to authorize and show me an error: сan not connect the Wi-Fi, check password and try again.
Can anyone help me?
I’m using “Mikrotik hAP ac lite”, RouterOS v6.44.1 (stable)
/interface wireless> print
Flags: X - disabled, R - running
0 name="wlan1" mtu=1500 l2mtu=1600 mac-address=B8:69:F4:D8:52:04 arp=enabled interface-type=Atheros AR9300 mode=ap-bridge ssid="MikroTik-D85204" frequency=auto band=2ghz-b/g/n
channel-width=20/40mhz-XX secondary-channel="" scan-list=default wireless-protocol=802.11 vlan-mode=no-tag vlan-id=1 wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no
bridge-mode=enabled default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no security-profile=default compression=no
1 R name="wlan2" mtu=1500 l2mtu=1600 mac-address=B8:69:F4:D8:52:03 arp=enabled interface-type=Atheros AR9888 mode=ap-bridge ssid="MikroTik-D85203" frequency=auto band=5ghz-a/n/ac
channel-width=20/40/80mhz-XXXX secondary-channel="" scan-list=default wireless-protocol=802.11 vlan-mode=no-tag vlan-id=1 wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no
bridge-mode=enabled default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no security-profile=default compression=no
2 name="wlan3" mtu=1500 l2mtu=1600 mac-address=BA:69:F4:D8:52:03 arp=enabled interface-type=virtual master-interface=wlan2 mode=ap-bridge ssid="ChaikovskyiHub1" vlan-mode=no-tag vlan-id=1
wds-mode=dynamic wds-default-bridge=bridge wds-ignore-ssid=yes bridge-mode=enabled default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0
hide-ssid=no security-profile=default
3 name="wlan4" mtu=1500 l2mtu=1600 mac-address=BA:69:F4:D8:52:04 arp=enabled interface-type=virtual master-interface=wlan2 mode=ap-bridge ssid="ChaikovskyiHub1" vlan-mode=no-tag vlan-id=1
wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no bridge-mode=enabled default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no
security-profile=default
/interface wireless security-profiles> print
Flags: * - default
0 * name="default" mode=dynamic-keys authentication-types=wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa-pre-shared-key="30032019" wpa2-pre-shared-key="password"
supplicant-identity="MikroTik" eap-methods=passthrough tls-mode=no-certificates tls-certificate=none mschapv2-username="" mschapv2-password="" disable-pmkid=no static-algo-0=none
static-key-0="" static-algo-1=none static-key-1="" static-algo-2=none static-key-2="" static-algo-3=none static-key-3="" static-transmit-key=key-0 static-sta-private-algo=none
static-sta-private-key="" radius-mac-authentication=no radius-mac-accounting=no radius-eap-accounting=no interim-update=0s radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username
radius-called-format=mac:ssid radius-mac-caching=disabled group-key-update=5m management-protection=disabled management-protection-key=""
mkx
March 28, 2019, 9:22am
2
If you want to set-up guest access, then it’d be normal to define additional security profile … with different pre-shared key.
Other than that, I suggest to set same pre-shared key to both wap-pre-shared-key and wpa2-pre-shared-key . Even though you have only wpa2-psk enabled, it can still mislead you into using “30032019” as password instead of “password”. If both authentication types were enabled, it would create a major mess … because you never know which auth type will be chosen by a device while typically none will remember a password per auth type.
roml
March 28, 2019, 2:47pm
3
Thank you mkx , I start from different profiles and passwords, and tried to understand why I can connect with real (wlan1, wlan2), but can not with virtual. Steps by step make them close to each other.
I’ve checked ones more, but still can not connect to Mikrotik-guest1 or Mikrotik-guest2.
0 R name="wlan1" mtu=1500 l2mtu=1600 mac-address=B8:69:F4:D8:52:04 arp=enabled interface-type=Atheros AR9300 mode=ap-bridge ssid="Mikrotik1" frequency=auto band=2ghz-b/g/n channel-width=20/40mhz-XX secondary-channel="" scan-list=default
wireless-protocol=802.11 vlan-mode=no-tag vlan-id=1 wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no bridge-mode=enabled default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no
security-profile=default compression=no
1 name="wlan2" mtu=1500 l2mtu=1600 mac-address=B8:69:F4:D8:52:03 arp=enabled interface-type=Atheros AR9888 mode=ap-bridge ssid="Mikrotik2" frequency=auto band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX secondary-channel="" scan-list=default
wireless-protocol=802.11 vlan-mode=no-tag vlan-id=1 wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no bridge-mode=enabled default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no
security-profile=default compression=no
2 name="wlan3" mtu=1500 l2mtu=1600 mac-address=BA:69:F4:D8:52:03 arp=enabled interface-type=virtual master-interface=wlan2 mode=ap-bridge ssid="Mikrotik-guest1" vlan-mode=no-tag vlan-id=1 wds-mode=dynamic wds-default-bridge=bridge wds-ignore-ssid=yes
bridge-mode=enabled default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no security-profile=profile-guest
3 name="wlan4" mtu=1500 l2mtu=1600 mac-address=BA:69:F4:D8:52:04 arp=enabled interface-type=virtual master-interface=wlan2 mode=ap-bridge ssid="Mikrotik-guest2" vlan-mode=no-tag vlan-id=1 wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no
bridge-mode=enabled default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no security-profile=profile-guest
Security-profiles:
0 * name="default" mode=dynamic-keys authentication-types=wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa-pre-shared-key="30032019" wpa2-pre-shared-key="30032019" supplicant-identity="MikroTik" eap-methods=passthrough tls-mode=no-certificates
tls-certificate=none mschapv2-username="" mschapv2-password="" disable-pmkid=no static-algo-0=none static-key-0="" static-algo-1=none static-key-1="" static-algo-2=none static-key-2="" static-algo-3=none static-key-3="" static-transmit-key=key-0
static-sta-private-algo=none static-sta-private-key="" radius-mac-authentication=no radius-mac-accounting=no radius-eap-accounting=no interim-update=0s radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username radius-called-format=mac:ssid
radius-mac-caching=disabled group-key-update=5m management-protection=disabled management-protection-key=""
1 name="profile-guest" mode=dynamic-keys authentication-types=wpa-psk,wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa-pre-shared-key="300320191" wpa2-pre-shared-key="300320191" supplicant-identity="MikroTik" eap-methods=passthrough
tls-mode=no-certificates tls-certificate=none mschapv2-username="" mschapv2-password="" disable-pmkid=no static-algo-0=none static-key-0="" static-algo-1=none static-key-1="" static-algo-2=none static-key-2="" static-algo-3=none static-key-3=""
static-transmit-key=key-0 static-sta-private-algo=none static-sta-private-key="" radius-mac-authentication=no radius-mac-accounting=no radius-eap-accounting=no interim-update=0s radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username
radius-called-format=mac:ssid radius-mac-caching=disabled group-key-update=1h5m management-protection=disabled management-protection-key=""
