I am trying to get our office setup to do Radius authentication of WiFi clients. I just want basic MAC authentication so I can deny access to unknown devices. What I have:
A working CAPSMAN setup that handles two CAP ACs (also running RouterOS 7.19).
A working Freeradius server that can, in fact, do MAC authentication (with a Cisco router for testing).
All stations are wired together - no meshes or anything like that.
The problem I am facing is that in the default RouterOS package, the Radius authentication features that are part of the wireless add-on package are missing:
Options (from the wireless package) like the Wireless → Security profile → Radius → MAC authentication are simply not available anywhere in the standard RouterOS 7.19,
At the same time, using the CAPSMAN features in the wireless package simply does not work at all. No CAPs get provisioned, and it just seems broken.
What I want is to be able to do MAC authentication, using just the basic RouterOS package - but pushing the necessary configs via CAPsMAN. It seems to me like this is not really possible, even though I would think this is a very common use case for larger setups.
Googling and ChatGPTing yield recipes that point to the wireless package and probably something like RouterOS 7.13 or earlier.
Is what I want no longer a supported option, or am I completely missing how to do this? Ideally, I would like to see a working example config from a recent RouterOS (i.e., v7.18+).
I think what you mean is that you have previous experience with the “wireless” package and authentication via MAC address, and now you have new WiFi acess points that use the “wifi” package and everythig is different?
No, I haven’t had any previous installations using the wireless add-on package, but the recipes I have found all point to the wireless package, which I have then installed. But it seems like newer RouterOS firmwares are consolidating all the WiFi functionality into the wifi submenu. The problem is that the two approaches have different features and that they do not seem to be interoperable.
Thank you! I am looking at that now, but I am struggling to make this play nice with different configurations (SSIDs). It seems like the access lists are global and not specific to a configuration. I could be wrong though - I will revert once I have tested it some more.
It looks like you need to read up on some docs… it does not work that way.
Wireless and wifi (qcom-*) are two mutually incompatible generations of wireless drivers on MikroTik equipment. You cannot combine them in one CAPsMAN network, and you need to understand what to install where.