mikrotik access point / controlling on the time of wireless authentication

laithmikrotik · October 17, 2016, 7:58am

hi every one …
i would like from support of the mikrotik factory to read my post and resolve this error in access point rule policy which i found out that when i try to give an limited time to registration with the mikrotik access point
lets us explain the proplem/
suppose you have rb951.you make it as an internet access point .suppose that rb951 is placed in camp , school , college ..Et cetera .the persons in this places have an limited time to connect with the rb951 access point .lets say from 8a.m to 8 p.m evey day .after 8 p.m the persons above have no permissin to connect with rb951 access point unless they must wait to 8 a.m of the next day .
i hope you understood me
lets see the image down

you see tow times/
time 1 = the start time to connect ( the user with mac address listed in access point policy )with the mikrotik access point every day
time 2 = the end time of connecting with the mikrotik access point every day

logically any mac address listed in the policy above can not connect after the time 2
in fact no!!! .
the user with the mac address listed in our example can connect with th rb951 access point even he have no permission to connect .!!

finally .what do you suggest to me another method to carry out my example.please
my greetings

janisk · October 17, 2016, 9:03am

write to support@mikrotik.com if you want to contact MikroTik support. There are a bit too little information to think about something conclusive.

laithmikrotik · October 17, 2016, 9:50am

thank you very much for your replay .
i will do that .but at the same time .i hope anyone can help me to do my post idea ( connecting to any mikrotik access point from time1 to time 2 ) as explained in my post
please help me
thanks for all

janisk · October 17, 2016, 11:44am

what you write, should be doable, however, check timezone settings and check if your router has the time set up properly. Also, check for other entries in that table.

laithmikrotik · October 17, 2016, 2:49pm

doable
all i want .some one here ( from you and other experts of mikrotik ) to help me to carry out my idea post
by the way idont have any mistake in time setting and others

jarda · October 17, 2016, 3:16pm

“all I want is you to do everything for me”. This is not how the things can work in real life.

laithmikrotik · October 17, 2016, 3:35pm

all i want is the help .No more, no less
anyway thank you

Sob · October 17, 2016, 3:58pm

That’s pretty strong statement. I can believe you about time, that’s easy to check. But some settings may be tricky and you didn’t tell us much, only about this one rule.

laithmikrotik · October 17, 2016, 4:29pm

here is all my settings

[admin@MikroTik] > export
# oct/17/2016 19:26:49 by RouterOS 6.37.1
# software id = H3GM-P0GM
#
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] name=POE
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=2462 mode=ap-bridge \
    ssid=Z----H-----S-----R
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk eap-methods="" mode=dynamic-keys \
    wpa-pre-shared-key=00550055
/ip pool
add name=dhcp_pool1 ranges=25.25.25.2-25.25.25.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge1 name=dhcp1
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/interface wireless access-list
add interface=wlan1 mac-address=00:23:4D:76:8F:F5 time=8h-20h,sun,mon,tue,wed,thu,fri,sat \
    vlan-mode=no-tag
/ip address
add address=25.25.25.1/24 interface=bridge1 network=25.25.25.0
/ip arp
add address=25.25.25.4 interface=bridge1 mac-address=00:23:4D:76:8F:F5
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=POE
/ip dhcp-server lease
add address=25.25.25.4 address-lists="" client-id=1:0:23:4d:76:8f:f5 mac-address=\
    00:23:4D:76:8F:F5 server=dhcp1 use-src-mac=yes
/ip dhcp-server network
add address=25.25.25.0/24 gateway=25.25.25.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat
add action=masquerade chain=srcnat out-interface=POE protocol=tcp
/system clock
set time-zone-name=Asia/Baghdad
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set bridge1 disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set POE disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
/tool user-manager database
set db-path=user-manager
[admin@MikroTik] >

andlil · October 17, 2016, 7:16pm

On a completely unrelated matter, stop using 25.25.25.0/24 and go for an address in designated space https://en.wikipedia.org/wiki/Private_network

Sob · October 17, 2016, 8:29pm

I did quick test here, and when I added access rule for one MAC address, set time limit and connected when it was not allowed, I was still allowed to connect, because of interface’s implicit default-authentication=yes. It looks like when the time condition does not match, the whole rule gets skipped, as if it wasn’t there at all, and then defaults from interface apply. But that’s just my first impression, I’d have to test it some more, plus try current RouterOS version, because this AP doesn’t have it. Unfortunately, I don’t have much time for it right now.

So make sure your RouterOS is up to date, and if it still happens, document it and ask support if it’s a bug or feature.

laithmikrotik · October 18, 2016, 5:55am

thank you very much for your interaction with my post
so .when we set any mikrotik access point rule list with the same policy of my post above .we discover , that the time setting for limitation the users time of connecting with any mikrotik access point is like no effecitive ( no found )

laithmikrotik · October 18, 2016, 6:17am

i do the same scenario on other router board ( rb912 ).
the same proplem

laithmikrotik · October 18, 2016, 6:33am

here is another router board (hAP lite classic RB941 ) …the same proplem

karlisi · October 18, 2016, 7:57am

Try this

/interface wireless access-list
add interface=wlan1 mac-address=00:23:4D:76:8F:F5
add interface=wlan1 mac-address=00:23:4D:76:8F:F5 time=8h-20h,sun,mon,tue,wed,thu,fri,sat \
    vlan-mode=no-tag

kristaps · October 18, 2016, 8:05am

@laithmikrotik please send supout.rif form your router to support@mikrotik.com

laithmikrotik · October 18, 2016, 8:08am

karlisi:

Try this

/interface wireless access-list
add interface=wlan1 mac-address=00:23:4D:76:8F:F5
add interface=wlan1 mac-address=00:23:4D:76:8F:F5 time=8h-20h,sun,mon,tue,wed,thu,fri,sat \
    vlan-mode=no-tag

FAILED

laithmikrotik · October 18, 2016, 8:11am

OK…done

laithmikrotik · October 20, 2016, 7:58pm

i hope this video will Obtain your satisfaction
its from my personal effort
grettings

https://www.youtube.com/watch?v=8ZOh4NkBayA

econst · October 21, 2016, 5:11pm

Maybe the problem is platform dependent. I have the exact same scenario working on a X86 system(Alix Board) without a Scheduler. Running ROS v6.30.2. Works great.