Community discussions

MikroTik App
 
wavespan
newbie
Topic Author
Posts: 37
Joined: Sat Mar 21, 2009 9:05 am
Location: Springfield, MA - USA

Capsman WPA2 key for each device

Thu Sep 23, 2021 10:20 pm

I've got an issue using Mikrotik HotSpot service with Square terminals and Ipad registers adding there MAC address's in to HotSpot they authenticate and work for a few hours or a few days then there MAC changes. On the Ipads its rectified by turning off private address feature under the WIFI network. Squares cannot disable MAC randomization from what I have researched.

I'm in the process of deploying all Mikrotik hardware for this venue and switching from UniFi to CapsMan. I tested using access list under CapsMan adding a few entries without any MAC address just changing the Private Passphrase option and tested connecting and it seems to work. This would allow me to generate a PSK for each device connecting to the secure ssid but it does not look like there is any way to limit how many devices can use the key? Is there a better way of doing this ? I'm trying to keep it simple and not deploy a RADIUS option and have to deal with certificates.
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: Capsman WPA2 key for each device

Thu Sep 23, 2021 11:23 pm

Do they randomize the full mac address or just the last three octets (or something similar)? If part of the mac address is consistent between devices you could use the mac mask option to only have the rule to apply to certain mac address ranges.

There is no way that I can see where you can limit the number of devices, but you could create a script that queries the registration table on a regular basis and emails you if you exceed a certain threshold of active clients.
 
wavespan
newbie
Topic Author
Posts: 37
Joined: Sat Mar 21, 2009 9:05 am
Location: Springfield, MA - USA

Re: Capsman WPA2 key for each device

Thu Sep 23, 2021 11:31 pm

The Full MAC is randomized. A script is a possibility but from what I can see there is no way to see how many devices are on based on the access list used to let them on. I would like to create a unique PSK for each device and limit it to one device then I can give them the WPA2 key over the phone and they can only use it on one device.

I'm confused is there an official place to submit feature requests to Mikrotik?

Who is online

Users browsing this forum: Amazon [Bot], Scoox, Vojta and 31 guests