I’m using a mobile Mikrotik (new WIFI drivers) which shall be able to connect to multiple ssid. The Mikrotik would then ‘phone home’ via WireGuard working as a versatile roadwarrior.
As I recall this is possible with the old ‘Wireless’ driver by leaving ssid and security empty and configure a list of entries with known passphrases under security.
RouterOS would then probe all of them with all found networks until one works.
Only issue when on the road. When an ssid without encryption is connected, the Mikrotik happily connects to it and usually is unable to connect because what ever shop close-by which provides ‘unencrypted’ wifi of course operates a capture portal.
So I added an Access List entry:
Interface: The Wifi Station Interface
SSID: The SSID of that shop I do not want to connect to
Action: REJECT
The Microtik still happily connects to that SSID.
Interface: The Wifi Station Interface
MAC Address of the AP I do not want to connect to
Action: REJECT
The Microtik still happy connects to that AP MAC Address
I guess Access List only works if the Interface is in AP mode?
How can I prevent the interface in station mode to connect to a specific mac address. Or better, how could I achieve that connecting to an AP with a known key from the security settings would be preferred than connecting to an unencrypted AP?
Thank you. I found old postings refering to the contact list for the ‘wireless’ interface. But I can’t find this functionality for the new ‘wifi’ interface via RouterOS 7.18.2, not even via cli. There are forum posts which suggest that this was unified with the access list for the new ‘wifi’ driver.
I might have found a way to script a solution. If this script is run all 5 minutes or so I guess this could work. I have not yet tested as I am not on premises and I don’t want to shoot myself in the foot
You have to create a security config with the same name as the SSID for this script to work. My station interface is called sta2-2g, replace with whatever you like. The list of known ssid can be extended, it is a simple OR list.
It takes the first ‘known’ ssid returned by the scan command and connects to it.
:if ([/interface/get sta2-2g running] = false) do={
:do {
foreach i in=([/interface/wifi/scan sta2-2g duration=5 as-value]) do={
if (($i->"ssid")="Home" || ($i->"ssid")="Office") do={
:log info ("Connecting to: " . ($i->"ssid"))
:put ("Connecting to: " . ($i->"ssid"))
/interface/wifi/set sta2-2g configuration.ssid=($i->"ssid")
/interface/wifi/set sta2-2g security=($i->"ssid")
/interface/wifi/set sta2-2g comment="Autoconnected"
# Invalid Command to trigger on-error
/break
}
}
:log info "No known SSID found"
} on-error={ :put "Loop aborted" }
} else={
:log info "Station running"
}
If you want to make script more flexible for dynamically handling connect SSIDs depending by ROS configuration without need to edit script - you could create wifi configuration (/interface/wifi/configuration) for each SSID with certain comment for finding in script (eg. “[connect config]”). In script you can find all configurations with this comment (/interface/wifi/configuration/find comment=“[connect config]” disabled=no) and in loop for scan result then compare scanned SSID with SSID set in configuration from configurations list and assign found configuration to wifi interface. Wifi configuration can contain any other settings for wifi interface, like security, so there is no need to assign to interface any other settings when SSID matched.
In this way you can easily add new wifi station connect configuration or delete/disable some current when not needed, no harcoded SSIDs in script.
Some comments on script:
:if ([/interface/get sta2-2g running] = false) - no need to compare boolean, boolean result is enough for condition check and with ! can be negated: :if (![/interface/get sta2-2g running])
check for missing : before some statments like foreach and if
breaking loops with error seems like practical workaround for missing actual break command in RSC (there is also :error command that will also do the trick), but in this way you are ignoring potential actual error from some command that can happen in error handling block which sometimes can be useful to know, so this is why IMO not right way to do it like that - loop break can be achieved with :while loop that contains some boolean variable in condition for break check which can be set when some condition inside loop block is met, iterating item list with :while complicates a bit, because additional index variable needs to be created, incremented on each iteration and checked against count in while condition but at least you can have correct way to break loop to avoid unnecessary iterations when item in list is found
adding some script config variables is also recommended to avoid finding values that needs to be replaced through whole script when proposing script to others for reuse, for eg. wifi interface name and connect SSIDs array (if you don’t want to go with above proposal), so sta2-2g can be set in some variable on top, like :local statWifiName “sta2-2g” and later in script use $statWifiName instead sta2-2g, also to you can be useful if you decide to rename interface or add script to some other ROS configuration, generally for repeating or config dependent values are better to be set in variables for easier editing if needed later
