Help with config from "Router-Switch-AP (all in one)"

Panda01 · April 19, 2023, 1:13pm

Hi,

I have a HAP AX Lite to play with and learn from it. I am following this guide: Using RouterOS to VLAN your network → http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1
And I want to test the example config “Router-Switch-AP (all in one)”.

Router OS Details:
MikroTik RouterOS 7.7

I connected with WINBOX and opened a terminal followed by:

/system reset-configuration

Waited some time and closed and reconnected with WINBOX.

[admin@RouterSwitchAP] > /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys wpa2-pre-shared-key="TestWifi123"
expected end of command (line 1 column 57)

So the first command already fails. Should this work with “RouterOS 7.7” ? What did I do wrong that the first command already fails?
This makes me wonder if the rest of the commands will work? Or is this mentioned guide not for my device/routeros version?

Thanks for any help.

erlinden · April 19, 2023, 1:15pm

My first (and best) guess would be that you are using wave2 package (hence you have to translate the statements).

Panda01 · April 19, 2023, 1:20pm

What does this even mean? Anything I can do to verify this? and How should I translate the statements?

rextended · April 19, 2023, 1:30pm

Simply with “ax” products, you do not have “wireless”, but “wifiwave2”, and pratically the commands for wireless do not work for wifiwave2.

Open winbox or webfig, and use the GUI interface, do not copy & paste blindly on terminal.

Panda01 · April 19, 2023, 1:45pm

Ok, that is good to know.

Open winbox or webfig, and use the GUI interface, do not copy & paste blindly on terminal.

Not doing this, trying to learn in the CLI and not the GUI. But know I understand that this guide does not work for my device.

Ill try to figure out how to configure the wifi wave2 in the GUI and the rest via CLI.

anav · April 19, 2023, 1:48pm

Use the GUI, learn CLI on the side, otherwise you will take 5 years to config your router from what is NOT a purpose built guide to install a complete config on a router but a concept for how to use VLANS. No one here is going to answer your every question as every input line you attempt may or may not work as desired…

Panda01 · April 19, 2023, 2:01pm

Ok, Thanks for the feedback. Ill start to use the GUI.

rextended · April 19, 2023, 2:04pm

And using “/export show-sensitive” on terminal/cli, you can see what you have config on GUI, for see relative commands

Panda01 · April 19, 2023, 2:58pm

Very good point. I will use that to see what I have done. Thank you.

holvoetn · April 19, 2023, 3:23pm

A full export (minus serial, WANIP, yada yada ...) might be needed here to see what has been done.

OP is using a stable version but there are stable/beta/rc versions where some settings are only available via CLI.
Just saying.

While that guide from pcunite is still GOLDEN as base material, it might be useful to make a ROS7/Wifiwave2 version of it.
Especially since more and more AX devices are going to come out moving forward.
Not everyone is going to be able to translate easily from legacy wifi to wifiwave2.

Panda01 · April 20, 2023, 5:45am

This worked for me:

RouterOS 7.8

model = L41G-2axD | hAP ax Lite

set [ find default-name=wifi1 ] configuration.country=Germany .mode=ap .ssid=Blue disabled=no security.authentication-types=wpa2-psk .passphrase=secretpw
add configuration.mode=ap .ssid=Green disabled=no mac-address=4A:A9:8A:7A:8C:40 master-interface=wifi1 name=wifi2 security.authentication-types=wpa2-psk .passphrase=secretpw

mkx · April 20, 2023, 5:55am

This is a “quick and dirty” way of doing it. A more proper way of doing it would be using the various profiles (e.g. create a profile under /interface/wifiwave2/security) and then use those profiles where ever they apply. This makes possible to use exactly the same settings (e.g. same set of SSID,PSK,authentication types,…) on multiple wireless radios, be it local radios on different band (2.4GHz, 5GHz) or on CAPsMAN managed radios or a mix of the two.

The above examaple translated to a more proper config example:

/interface/wifiwave2/security
add name=my_sec_profile authentication-types=wpa2-psk passphrase=secretpw ft=yes
/interface/wifiwave2/configuration
add name=conf_profile_blue country=Germany mode=ap rrm=yes ssid=Blue
add name=conf_profile_green country=Germany mode=ap rrm=yes ssid=Green
/interface/wifiwave2
set [ find default-name=wifi1 ] configuration=conf_profile_blue disabled=no security=my_sec_profile
add configuration=conf_profile_green disabled=no mac-address=4A:A9:8A:7A:8C:40 master-interface=wifi1 name=wifi2 security=my_sec_profile

So I full heartedly agree that a proper guide to configuration of wifiwave2 would be very welcome.

holvoetn · April 20, 2023, 6:15am

OK, we found our Chinese volunteer

Panda01 · April 20, 2023, 6:47am

Question to not using the mentioned “profiles”. If I understand it right, they help with quickly reusing the settings as you explained.
But it is not a security risk or wrong config if someone is not using them, right?

holvoetn · April 20, 2023, 6:52am

No, not a problem per se.
But it will make your life a bit easier when being used consistently and when using something like capsman (it uses more or less the same settings).
It’s more “clean” if you want.

The thing to really avoid is to mix both styles. Then you can be chasing your own tail when looking why a certain setting does not work as you intended (since direct config has preference over profiles).

So yes, you can config everything directly on the interface if you want.

Panda01 · April 20, 2023, 9:14am

/interface/wifiwave2/security
add name=my_sec_profile authentication-types=wpa2-psk passphrase=secretpw ft=yes
/interface/wifiwave2/configuration
add name=conf_profile_blue country=Germany mode=ap rrm=yes ssid=Blue
add name=conf_profile_green country=Germany mode=ap rrm=yes ssid=Green
/interface/wifiwave2
set [ find default-name=wifi1 ] configuration=conf_profile_blue disabled=no security=my_sec_profile
add configuration=conf_profile_green disabled=no mac-address=4A:A9:8A:7A:8C:40 master-interface=wifi1 name=wifi2 security=my_sec_profile

I just tested this and did a fresh export. Can confirm that this works.

/interface wifiwave2 configuration
add country=Germany mode=ap name=conf_profile_blue rrm=yes ssid=Blue
add country=Germany mode=ap name=conf_profile_green rrm=yes ssid=Green
/interface wifiwave2 security
add authentication-types=wpa2-psk ft=yes name=my_sec_profile1 passphrase=secretpw
/interface wifiwave2
set [ find default-name=wifi1 ] configuration=conf_profile_blue disabled=no security=my_sec_profile1
add configuration=conf_profile_green disabled=no mac-address=4A:A9:8A:7A:8C:40 master-interface=wifi1 name=wifi2 security=my_sec_profile1

EDIT: Changed the export code. In the first post I copy pasted the wrong one.

anav · April 20, 2023, 3:58pm

Disgree with MKX,
WiFIWAVE2 has nothing to do with setting up vlans.
That is the beauty of NOT corrupting wifi profiles with vlans and handling it all cleanly through /interface bridge port and /interface bridge setting.

In otherwords article does not need an update…
Suggesting, Holvoe help MKX with a Wifi Wave 2 Setup User Article…
I suspect only the best quality too!!

mkx · April 20, 2023, 7:33pm

I beg to differ …
I never said that a guide to wifiwave2 configuration should be part of excelent tutorial on VLANs by @pcunite … I only agreed that a guide to wifiwave2 is needed.

anav · April 20, 2023, 9:41pm

Ah okay, but where is it… I thought you had the day off to do the work

mkx · April 21, 2023, 3:57am

It seems you have difficulties with understanding the world around you. Like: the white stuff falling off the skies during the winter … that’s not ice cream.

I never said I would write the guide to wifiwave2 configuration … I only agreed that a guide to wifiwave2 is needed.