Community discussions

MikroTik App
 
johnb175
just joined
Topic Author
Posts: 16
Joined: Mon Nov 02, 2020 11:57 pm

Force client to specific AP...

Wed Jan 27, 2021 9:53 pm

I have a capsman setup and multiple AP's all running 6.4.8 stable around the house. I have access list created that allow a specific MAC addresses to connect to specific AP's and then I put a deny all right after it. This usually works 95% of the time, but sometimes the IoT devices drop and try and connect to another nearby AP. This results in the log saying over and over forbidden, rejected by access-list. Why does it not jump back to the AP that it's allowed to connect to rather than sit there and repeatedly try and connect to one that it's denied access to. Am I doing something wrong? Any help/advice would be greatly appreciated.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26288
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Force client to specific AP...

Thu Jan 28, 2021 8:53 am

Devices usually try to connect to the strongest AP and don't know they are blocked there.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Force client to specific AP...

Fri Jan 29, 2021 5:54 pm

As @normis wrote, device will try to connect to any AP with same SSID. If you want to constrain certain client devices to certain APs, create SSIDs specifically for each AP (e.g. AP1, AP2, ...) and configure those devices to use appropriate SSID (e.g. configure IoT3 device to connect only to AP #2 by configuring it to use SSID=AP2). Those SSIDs can be virtual (no need for dedicated hardware) and bridged to same LAN, so no need for LAN segmentation (if you don't want to do it, keeping IoT devices contained in separate VLANs is good BTW).

I'm not sure why would you want to keep devices using AP further way though.
 
johnb175
just joined
Topic Author
Posts: 16
Joined: Mon Nov 02, 2020 11:57 pm

Re: Force client to specific AP...

Fri Jan 29, 2021 10:06 pm

Yes, I already have all my IoT devices connected to a separate SSID using a seperate data path with all the necessary iptable rules implemented. They can only access the internet. My issue is I have them connected to the strongest AP and I lock them by access-list to that AP. At some random point they try and connect to the AP that is further away and cannot due to the access-list. Rather than bouncing back to the AP they are allowed to connect to and were connected to before they will just repeatedly try to connect to the one they are forbidden. It's strange.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Force client to specific AP...

Sat Jan 30, 2021 12:31 am

It's strange.

Could be some intermittent interference present on channel used by closest AP. As @Normis already wrote: wifi standard does not have anything about mobility hence AP can not force client to connect to another AP, it can only reject registration. But as many have learned, rejecting clients to make them roam elsewhere doesn't always work. Specially so if there is no margin for client ...
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Force client to specific AP...

Sat Jan 30, 2021 2:06 am

For wireless clients

Take a look at the Mikrotik connect-list and Mikrotik area-prefix

I assume you have multiple APs your clients are connection to and the APs all have the same SSID

Here is what you can do:
On your APs ( all APs have the same SSID ) , configure a unique area-prefix for each AP
On your clients ( all your clients want to connect to the same SSID ) , configure the connect-list unique prefix you want the client to connect to.
If the connect-list fails , the client will try to connect normally as if there was no connect-list or area-prefix setting

https://wiki.mikrotik.com/wiki/Manual:I ... e/Wireless


North Idaho Tom Jones
 
brg3466
Member Candidate
Member Candidate
Posts: 177
Joined: Sat Aug 01, 2015 7:29 am

Re: Force client to specific AP...

Sun Feb 07, 2021 6:10 am

Can't find area-prefix in CAPsMAN configuration and there is no connection-list as well.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Force client to specific AP...

Wed Feb 10, 2021 5:01 am

Can't find area-prefix in CAPsMAN configuration and there is no connection-list as well.
I don't think CAPsMAN supports area-prefix. It is supported in Winbox.
 
Arcee
Member Candidate
Member Candidate
Posts: 272
Joined: Fri Jun 27, 2014 2:33 pm

Re: Force client to specific AP...

Tue Nov 09, 2021 1:13 pm

For wireless clients

Take a look at the Mikrotik connect-list and Mikrotik area-prefix

I assume you have multiple APs your clients are connection to and the APs all have the same SSID

Here is what you can do:
On your APs ( all APs have the same SSID ) , configure a unique area-prefix for each AP
On your clients ( all your clients want to connect to the same SSID ) , configure the connect-list unique prefix you want the client to connect to.
If the connect-list fails , the client will try to connect normally as if there was no connect-list or area-prefix setting

https://wiki.mikrotik.com/wiki/Manual:I ... e/Wireless


North Idaho Tom Jones


Has anyone had success with this?

I have created a connection list entry on both the Wireless Access Point and the Wireless Client. I used the SSID, Area Prefix, Security Profile and even the MAC address (WAP MAC on the Client connection list). No luck... the Client keeps connecting to the Wireless Access Point with no Connection List configuration.

Who is online

Users browsing this forum: No registered users and 21 guests