Two PWR-Line AP (EU) units with default configuration (no WiFi password). APs used with Huawei LTE router.
To set the WiFi password I log in control panel (WinBox), then → Wireless → Security Profiles. Authentification Types: WPA2 PSK; Unicast Ciphers check for aes ccm; Group Ciphers check for aes ccm. → filling the WPA2 Pre-Shared Key input field. With this done the password is set only for second AP(MikroTik-E13F90). The first AP, which is connected to router is still without password.
Under Quick Set menu only second AP Network Name is visible. I can see both AP under IP menu → Neighbors. Both with same IP, only last letter for MAC Address is different.
Need help to add the same password for first AP.
[admin@MikroTik] > /export
# aug/19/2021 15:10:56 by RouterOS 6.48.1
# software id = MD01-6DIM
#
# model = PL7411-2nD
# serial number = BBC70AD0693E
/interface bridge
add admin-mac=MACADDRESS auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country=latvia disabled=no frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik-E13F90 \
wireless-protocol=802.11
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=P4SSWORD wpa2-pre-shared-key=\
P4SSWORD
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=pwr-line1
add bridge=bridge comment=defconf interface=wlan1
/interface list member
add interface=ether1 list=WAN
add interface=wlan1 list=LAN
/ip dhcp-client
add comment=defconf disabled=no interface=bridge
You will have to change settings on each of PWR-LINE APs separately. Make sure you change both wpa-pre-shared-key and wpa2-pre-shared-key, in theory they can be different but in practice it’s better to have them both set to same value. Even though other settings don’t allow using wpa …
Regarding IP addresses: the exported config shows that units are running DHCP clients. So if you reset them (while they have connection towards router) they should be able to receive diferent IP addresses from DHCP server avaialble on your network (probably it’s main router).
When using WinBox to connect, click on MAC address … this way it doesn’t matter that both PWR-LINE APs are using same IP address (for now), it will select the correct unit to connect to.
On the device called “MikroTik-E13F90” paste this inside a terminal, and DO NOT OMIT the { } !!!
{
/interface bridge
set bridge protocol-mode=none admin-mac=[/int ethernet get ether1 mac-address]
/interface wireless security-profiles
set [find default=yes] authentication-types="" eap-methods=passthrough mode=none supplicant-identity=MikroTik wpa-pre-shared-key="" \
wpa2-pre-shared-key=""
remove [find where name=password]
add authentication-types=wpa2-psk disable-pmkid=yes mode=dynamic-keys name=password supplicant-identity=MikroTik \
wpa2-pre-shared-key=P4SSWORD
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20mhz country=debug disabled=no distance=indoors frequency=2412 \
frequency-mode=superchannel installation=indoor max-station-count=62 mode=ap-bridge radio-name="MikroTik-E13F90" \
security-profile=password ssid="MikroTik-E13F90" wireless-protocol=802.11 wps-mode=disabled
/interface list member
remove [find]
/interface list
remove [find where builtin=no]
/ip dhcp-client
set [find] dhcp-options=hostname,clientid
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system identity
set name="MikroTik-E13F90"
/system package update
set channel=long-term
/system routerboard settings
set auto-upgrade=yes
}
After do that, export the config also of the other device.
This is my first experience with MikroTik. Now I know both units have separate admin access. Thanks @mkx I did get it working!
@rextended that is some serious knowledge! Thanks for coming forward! Saw your message after setting the password via GUI. Since use of terminal is the proper way of doing things I tried your supported code (piece of art?). Unfortunately, received message:
failure: cannot remove builtin
Also, now devices can’t connect to AP. From macOS “Connection Failed”, Windows “Unable to connect to this network”. Log via winbox shows “disconnected, extensive data loss”.
AP (not working for devices) that is not connected (was named MikroTik-E13F90) to router:
On interface list the command are wrong, is [find where builtin=no] instead I write [find where dynamics=no]
I fix previous script, if you want retry.
But you modify the export cutting some parts?
Except for censoring ssid and password, anything you omit can cause trouble, like firewall…
Do a complete export without cut anyting inside, except censoring (censoring is not deleting) the password with ***
Received “failure: profile with the same name already exists”. I changed MikroTik-E13F90 to custom name. Then went back to MikroTik-E13F90, but again same message.
No cutting. Now replaced all censored bits with ***.
No errors or messages after inputing code. But AP does not show up… Checked with Android, Apple iOS, macOS… Then rebooted from WinBox → System → Reboot, but that did not help. In log:
wlan1: must select channel
wlan1: selected channel 23120000
Edit: Pasted your code in console without editing. The same result: AP does not show up.
Upgrade also the 2nd device from 6.45.9 to 6.48.3
You can now use the same script on the other device, doing the same for country at the end.
For syncronize the password you need to open winbox on both devices and change password on security profile,
but if your main router is a MikroTik, can be used the CAPsMAN service to syncronize all on one place,
but, for me, for your the CAPsMAN for 2 devices is excessive.
