I use the following script to initially set up my RB411AR router:


/ip address
add address=192.168.1.201/24 disabled=no interface=ether1
add address=192.168.0.1/24 disabled=no interface=wlan1
/ip pool
add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.254
add name=dhcp_pool2 ranges=192.168.0.2-192.168.0.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether1 lease-time=3d name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=wlan1 lease-time=3d name=dhcp2
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
#add address=192.168.1.0/24 dns-server=4.2.2.2 gateway=192.168.1.1
#add address=192.168.0.0/24 dns-server=4.2.2.2 gateway=192.168.0.1

#add address=192.168.1.0/24 dns-server=4.2.2.2 gateway=192.168.1.1
add address=192.168.0.0/24 dns-server=4.2.2.2 gateway=192.168.0.1

/system ntp client
set enabled=yes mode=unicast primary-ntp=50.19.122.125
/interface wireless
set wlan1 band=2ghz-b/g default-authentication=yes disabled=no mode=ap-bridge
#/ip dhcp-client
#add interface=ether1 disabled=no
/ip firewall nat
add chain=srcnat out-interface=ether1 action=masquerade src-address=192.168.0.0/24 to-addresses=0.0.0.0
/ip neighbor discovery
set wlan1 discover=yes
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10
#/interface wireless security-profiles
#set [ find default=yes ] mode=static-keys-required static-algo-0=40bit-wep static-key-0=abcdeabcde
#/ip dns
#set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \

max-udp-packet-size=4096 servers=192.168.1.1

#/ip dns static

add address=208.180.42.68 disabled=no name=ns1 ttl=1d

add address=208.180.42.100 disabled=no name=ns2 ttl=1d

#add address=208.67.222.222 disabled=no name=ns1 ttl=1d
#add address=208.67.220.220 disabled=no name=ns2 ttl=1d
/ip address
#add address=192.168.1.201/24 disabled=no interface=ether1
#add address=192.168.0.1/24 disabled=no interface=wlan1
/ip pool
#add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.254
#add name=dhcp_pool2 ranges=192.168.0.2-192.168.0.254
/ip dhcp-server
#add address-pool=dhcp_pool1 disabled=no interface=ether1 lease-time=3d name=dhcp1
#add address-pool=dhcp_pool2 disabled=no interface=wlan1 lease-time=3d name=dhcp2
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
#add address=192.168.1.0/24 dns-server=4.2.2.2 gateway=192.168.1.1
#add address=192.168.0.0/24 dns-server=4.2.2.2 gateway=192.168.0.1

#add address=192.168.1.0/24 dns-server=4.2.2.2 gateway=192.168.1.1
#add address=192.168.0.0/24 dns-server=4.2.2.2 gateway=192.168.0.1
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods=“” group-ciphers=
aes-ccm group-key-update=5m interim-update=0s management-protection=allowed
management-protection-key=“” mode=dynamic-keys name=default radius-eap-accounting=no
radius-mac-accounting=no radius-mac-authentication=no radius-mac-caching=disabled
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username static-algo-0=none
static-algo-1=none static-algo-2=none static-algo-3=none static-key-0=“” static-key-1=“”
static-key-2=“” static-key-3=“” static-sta-private-algo=none static-sta-private-key=“”
static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=none tls-mode=
no-certificates unicast-ciphers=aes-ccm wpa-pre-shared-key=xxxxxxxxxxxxxx
wpa2-pre-shared-key=xxxxxxxxxxxxxxxxxx
add authentication-types=wpa-psk,wpa2-psk eap-methods=“” group-ciphers=aes-ccm group-key-update=
5m interim-update=0s management-protection=allowed management-protection-key=“” mode=
static-keys-required name=profile1 radius-eap-accounting=no radius-mac-accounting=no
radius-mac-authentication=no radius-mac-caching=disabled radius-mac-format=XX:XX:XX:XX:XX:XX
radius-mac-mode=as-username static-algo-0=40bit-wep static-algo-1=none static-algo-2=none
static-algo-3=none static-key-0=aaaaaaaaaa static-key-1=“” static-key-2=“” static-key-3=“”
static-sta-private-algo=none static-sta-private-key=“” static-transmit-key=key-0
supplicant-identity=“” tls-certificate=none tls-mode=no-certificates unicast-ciphers=aes-ccm
wpa-pre-shared-key=“” wpa2-pre-shared-key=“”

/
password old-password=“” new-password=xxxxxxxxxx confirm-new-password=xxxxxxxxxx

######################################


I would like to know what command to use to set the wlan1 security profile to “profile1”

It comes up set to “default”.

Thanks,

Don James

first you have to have security-profile set up in /interface wireless security-profiles

and then it should be possible to add it as active profile.

I do have profile1 set up:

/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods=“” group-ciphers=aes-ccm group-key-update=
5m interim-update=0s management-protection=allowed management-protection-key=“” mode=\

static-keys-required name=profile1 radius-eap-accounting=no radius-mac-accounting=no \

radius-mac-authentication=no radius-mac-caching=disabled radius-mac-format=XX:XX:XX:XX:XX:XX
radius-mac-mode=as-username static-algo-0=40bit-wep static-algo-1=none static-algo-2=none
static-algo-3=none static-key-0=aaaaaaaaaa static-key-1=“” static-key-2=“” static-key-3=“”
static-sta-private-algo=none static-sta-private-key=“” static-transmit-key=key-0
supplicant-identity=“” tls-certificate=none tls-mode=no-certificates unicast-ciphers=aes-ccm
wpa-pre-shared-key=“” wpa2-pre-shared-key=“”
####################################

When the system runs the script, it is automatically set to the “default” profile, not the “profile1” profile.

What command do I add to the script to change from “default” to “profile1”?

Thanks,

Don James

Shouldn’t this have the security profile set?

/interface wireless
set wlan1 band=2ghz-b/g default-authentication=yes disabled=no mode=ap-bridge

Like this maybe?

set wlan1 security-profile=profile1

Hi
check this

/interface wireless set 0 security-profile=profile1

Hello:

I checked:

/interface wireless set 0 security-profile=profile1

and it worked!

Thanks a bunch,

Don James