Reduce the time Mikrotik takes to reauth

timprepscius · July 16, 2020, 2:06pm

The Mikrotik takes nearly 7 seconds to reconnect and reauth, is there anyway to shorten this time?
Ideally, after a deauth, it should try to reconnect immediately to the same BSSID (the only MAC allowed by my connect list)
Is there some flag I can set?

Jul/16/2020 09:55:47
74:3E:2B:B0:4D:BC@wlan1: lost connection, received deauth: authentication not valid (2)

Jul/16/2020 09:55:53
wlan1: must select network

Jul/16/2020 09:55:54
74:3E:2B:B0:4D:BC@wlan1 established connection on 5560000, SSID LinkNYC Private

[admin@MikroTik] /interface wireless> print
Flags: X - disabled, R - running
0 R name=“wlan1” mtu=1500 l2mtu=1600 mac-address=C4:AD:34:55:8A:1C
arp=enabled interface-type=IPQ4019 mode=station ssid=“LinkNYC Private”
frequency=auto band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee
secondary-channel=“” scan-list=default wireless-protocol=802.11
vlan-mode=no-tag vlan-id=1 wds-mode=disabled wds-default-bridge=none
wds-ignore-ssid=no bridge-mode=enabled default-authentication=no
default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0
hide-ssid=no security-profile=linknyc compression=no

[admin@MikroTik] /interface wireless connect-list> print
Flags: X - disabled
0 interface=wlan1 connect=yes mac-address=74:3E:2B:B0:4D:BC ssid=“LinkNYC Private”
signal-range=-120..120 allow-signal-out-of-range=10s area-prefix=“” security-profile=linknyc
wireless-protocol=802.11 interworking=any iw-network-type=wildcard iw-venue=any
iw-hessid=00:00:00:00:00:00 iw-internet=any iw-asra=any iw-esr=any iw-uesa=any iw-hotspot20=any
iw-hotspot20-dgaf=any iw-roaming-ois=“” iw-authentication-types=“” iw-ipv4-availability=any
iw-ipv6-availability=any iw-realms=“” 3gpp=“” iw-connection-capabilities=“”

timprepscius · July 18, 2020, 2:32am

I haven’t been able to find anything on this.

Things I’ve tried.

If I disable and renable the interface, it has the same 8 second delay.
If I renew the DHCP it doesn’t have an effect on the reauthorization problem.

Is there any possibility to requesting a reauthorization before it expires?
I know how long the authrorization lasts for in advance (1 hr exactly).

bpwl · July 18, 2020, 10:43am

It takes indeed a very long time before the client retries authentication.

Maybe the reason for the disconnect has to do something with it: " lost connection, received deauth: authentication not valid " If the authentication is not valid, an immediate retry might just bring another ‘not valid’ answer. So it is wise not to overload the AP with retries that would not succeed anyway. Has this been implemented? I don’t know, but would not be surprised.

As far as I know authentication is not limited in time. I have clients connected for several days.even months.
Somebody walking around with a smartphone and therefor disconnects sometimes, reconnects within the same second.
I’m using WPA2-Enterprise (Radius/802.1x) for authentication.

timprepscius · August 1, 2020, 2:27pm

I found an adequate solution, but not a “correct” one.

The 7 second time, is the time it takes for the Mikrotik to scan all of the available channels.
To bring this time down to 1 second, you can configure your wireless interface to only scan (scan-list) the exact known channel of the AP.

While I am writing this most unintriguing informational post, and while a pandemic ranges outside killing hundreds of thousands, and while, across the street from me two fifty year olds dry hump in plain view, the crosswalk counter blinks down, 15, 14, 13, 12. This is the world. I don’t understand it.