We are upgrading one of our AP’s to rb433ah with r52H cards. Right now it’s being bench tested. I need to set the new AP with the exact same parameters as the old unit. I am not able to set the WEP key, that option does not show up any where!! “Security Profiles” show WPA PSK, WPA EAP, WPA2 PSK, WPA2 EAP, as the only options available. We will change to WPA, but need to upgrade several CPE’s before we can implement a higher security level - the AP and several CPE’s are nine years old! I have read through all the posts in MT but can’t find my answer! I know it will be something simple, to someone else!!!

System:
rb433AH
r52H
routerOS v3.30
firmware 2.20

TIA

Hello,
I am having the same problem, I hope somebody helps.

don’t use WEP, it’s security value is zero. of you don’t need security, then simply use it without any encryption. or use WPA2

I understand the implications of WEP, however, I need to replace an AP with the exact same parameters! I’ll change to a higher security level after I replace several CPE’s.

another one of those ‘this should have made it into the changelog’ discussions coming up : )

no, changeip, it’s one of those RT*M threads

WEP is configured elsewhere, just like the manual explains:
http://wiki.mikrotik.com/wiki/Wireless#WEP_properties

So … look at the pictures:

Normis,
On Base station, I use WPA PSK and WPA2 PSK, unicast ciphers=tkip, group ciphers=tkip
and CPE doesnt use security profile…
BUT… base station and CPE are still connected? I wonder why ??


If base station security profile set to (let’s say) profile1 and CPE set to (let’s say) default profile (base station and CPE are using different profile), connection is still able to connected.
In my opinion, if security profile on CPE is configured different, it must be not connected to base station. But in my case, CPE and Base station still connected each other even they are using different security profile.
Could you pls help on this?
many thx b4

F0B

show me the configuration on CPE and on the AP

normis,
sorry i’m late to reply.
The configuration on CPE and the AP is same, likes in the picture below.
If pre-shared key is different between CPE and the AP, CPE and the AP are still connected.
Where is the mistake configuration?

rgds,
F0B

is wlan card assigned profile1, or default?

wlan is assigned by profile1.

My problem is : even the AP is assigned by profile1 and CPE is assigned by default, they are still connected… they should not be connected, right?
Profile1 on the AP in this case is not working.

any idea?

can you post:

/int wireless export

[admin@RB] > /interface wireless export

jan/01/2002 01:00:25 by RouterOS 4.9

software id = 05RX-71I2

/interface wireless security-profiles
set default authentication-types="" eap-methods=passthrough group-ciphers=""
group-key-update=5m interim-update=0s management-protection=disabled
management-protection-key="" mode=none name=default
radius-eap-accounting=no radius-mac-accounting=no
radius-mac-authentication=no radius-mac-caching=disabled
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=
none static-key-0="" static-key-1="" static-key-2="" static-key-3=""
static-sta-private-algo=none static-sta-private-key=""
static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=
none tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key=""
wpa2-pre-shared-key=""
add authentication-types=wpa-psk,wpa2-psk group-ciphers=tkip
group-key-update=5m interim-update=0s management-protection=allowed
management-protection-key="" mode=dynamic-keys name=profile1
radius-eap-accounting=no radius-mac-accounting=no
radius-mac-authentication=no radius-mac-caching=disabled
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=
none static-key-0="" static-key-1="" static-key-2="" static-key-3=""
static-sta-private-algo=none static-sta-private-key=""
static-transmit-key=key-0 supplicant-identity="" tls-certificate=none
tls-mode=no-certificates unicast-ciphers=tkip wpa-pre-shared-key=
Welcome10 wpa2-pre-shared-key=Welcome10
add authentication-types=wpa-psk,wpa2-psk group-ciphers=tkip
group-key-update=5m interim-update=0s management-protection=allowed
management-protection-key="" mode=dynamic-keys name=profile2
radius-eap-accounting=no radius-mac-accounting=yes
radius-mac-authentication=yes radius-mac-caching=disabled
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=
none static-key-0="" static-key-1="" static-key-2="" static-key-3=""
static-sta-private-algo=none static-sta-private-key=""
static-transmit-key=key-0 supplicant-identity="" tls-certificate=none
tls-mode=no-certificates unicast-ciphers=tkip wpa-pre-shared-key=
Welcome10 wpa2-pre-shared-key=Welcome10
/interface wireless
set 0 ack-timeout=dynamic adaptive-noise-immunity=none allow-sharedkey=no
antenna-gain=0 antenna-mode=ant-a area="" arp=enabled band=2ghz-10mhz
basic-rates-a/g=6Mbps basic-rates-b=1Mbps burst-time=disabled comment=""
compression=no country=no_country_set default-ap-tx-limit=0
default-authentication=no default-client-tx-limit=0 default-forwarding=no
dfs-mode=none disable-running-check=no disabled=no disconnect-timeout=3s
frame-lifetime=0 frequency=2462 frequency-mode=superchannel
frequency-offset=0 hide-ssid=yes hw-fragmentation-threshold=disabled
hw-protection-mode=none hw-protection-threshold=0 hw-retries=4 l2mtu=2290
mac-address=00:15:6D:65:F7:DE max-station-count=2007 mode=bridge mtu=1500
name=wlan1 noise-floor-threshold=default on-fail-retry-time=100ms
periodic-calibration=default periodic-calibration-interval=60
preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=
"Office" rate-set=default scan-list=2300-2500 security-profile=
profile2 ssid=backbone1 station-bridge-clone-mac=00:00:00:00:00:00
supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps tx-power=17 tx-power-mode=
all-rates-fixed update-stats-interval=disabled wds-cost-range=50-150
wds-default-bridge=bridge1 wds-default-cost=100 wds-ignore-ssid=no
wds-mode=static wmm-support=disabled
/interface wireless manual-tx-power-table
set wlan1 comment="" manual-tx-powers="1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,
6Mbps:17,9Mbps:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps
:17,HT20-0:0,HT20-1:0,HT20-2:0,HT20-3:0,HT20-4:0,HT20-5:0,HT20-6:0,HT20-7:
0,HT40-0:0,HT40-1:0,HT40-2:0,HT40-3:0,HT40-4:0,HT40-5:0,HT40-6:0,HT40-7:0"
/interface wireless nstreme
set wlan1 comment="" disable-csma=no enable-nstreme=no enable-polling=yes
framer-limit=3200 framer-policy=none
/interface wireless wds
add arp=enabled comment="" disabled=no master-interface=wlan1 mtu=1500 name=
wds1 wds-address=00:15:6D:65:F8:4A
/interface wireless access-list
add ap-tx-limit=0 authentication=yes client-tx-limit=0 comment="Office2"
disabled=no forwarding=yes interface=wlan1 mac-address=00:15:6D:65:F8:4A
management-protection-key="" private-algo=none private-key=""
private-pre-shared-key=Welcome10 signal-range=-120.120
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless connect-list
add area-prefix="" comment="" connect=yes disabled=no interface=wlan1
mac-address=00:15:6D:65:F8:4A security-profile=default signal-range=
-120.120 ssid=""
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=
no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
[admin@RB] >

disable that access list entry and see what happens.

Changeip, I will try ur advise n come here again soon