Community discussions

MikroTik App
 
billybons2006
just joined
Topic Author
Posts: 21
Joined: Fri Jun 27, 2014 11:43 am

iPad vs Mikrotik

Tue Sep 23, 2014 12:52 am

As I can see, problem with using Apple devices is VERY big (VERY - because SSID for Apple must be capitalized ;).
For several ears device for network hackers could not solve clean problem. I bought Mikrotik (and had proud of it) and recomend it to my non IT friend. 802.11n only, ssid MYLAN111 (not Mylan111), WMM enable, AES, several MTU (1400, 1450, 1494, 1500), several channels and countries - and very professional device can not provide internet to iPad...

So, if there is clear way to setup Mikrotik router (6.11, 6.19) for working with iPad? Or just "it may work, but..."?
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: iPad vs Mikrotik

Tue Sep 23, 2014 8:23 am

Maybe stop using I-things made by advertisement only if they are not compatible with standards? Or buy also i-home-router for insane price. That is what apple wants from you. You can decide which option to choose.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: iPad vs Mikrotik

Tue Sep 23, 2014 9:27 am

we have no other reports regarding Idevices and any connectivity problems with APs running RouterOS. Please give more details regarding the issue you have.
 
User avatar
Bergante
Member Candidate
Member Candidate
Posts: 144
Joined: Tue Feb 28, 2012 12:27 pm
Location: Bilbao, Spain

Re: iPad vs Mikrotik

Tue Sep 23, 2014 10:12 am

I use iThings connected to a Mikrotik access point as a matter of routine. I don't know what type of iThings are "advertising based, non-standard" but certainly not mine.

That said, what's the problem? Begin with a straightforward configuration.
 
billybons2006
just joined
Topic Author
Posts: 21
Joined: Fri Jun 27, 2014 11:43 am

Re: iPad vs Mikrotik

Tue Sep 23, 2014 11:00 am

Maybe stop using I-things made by advertisement only if they are not compatible with standards?
This adv things very secure, widely used and very stable. Apple WiFi devices are more expensive.

Mikrotik RB951G-2HND vs iPad 2 (Broadcom) :)

I have tried:
20 or 20/40 MHz width;
WPA2 or/and WPA, AES or/and TKIP;
1, 6 or 11 channel;
Different regions: russia, usa, germany and gb;
802.11n only or 802.11 b/g/n;
much more thin items;
reset iPad network settings and comlete reset of iPad;
two differ well working Mikrotik;

I believe, that there is a solution. Stable. But I cannot find it.
 
billybons2006
just joined
Topic Author
Posts: 21
Joined: Fri Jun 27, 2014 11:43 am

Re: iPad vs Mikrotik

Tue Sep 23, 2014 11:42 am

Begin with a straightforward configuration.
I changed lan from 192.168.88.0/24 to 192.168.1.0/24 in order to be sure, that iPad correctly forget previous settings.
It would be very useful for me, if you tell me as much as possible stupid items in config. I prefer to study instead of using Asus ;)
# jan/02/1970 03:56:58 by RouterOS 6.19
# software id = HGB2-7AYP
#
/interface bridge
add admin-mac=D4:CA:6D:F5:17:14 auto-mac=no l2mtu=1598 name=bridge-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyn country=russia disabled=no \
    distance=indoors frequency=2437 l2mtu=2290 mode=ap-bridge mtu=1450 \
    preamble-mode=long ssid=SHKAFCHIK09 wireless-protocol=802.11 wmm-support=\
    enabled
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
    ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
    ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
    ether5-slave-local
/interface wireless nstreme
set wlan1 enable-polling=no
/ip neighbor discovery
set wlan1 discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    wpa-pre-shared-key=555STDdhh8223 wpa2-pre-shared-key=555STDdhh8223
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=\
    ether2-master-local network=192.168.1.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
    no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.1.0/24 comment="default configuration" dns-server=\
    192.168.1.1 gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.248.21,192.168.251.21
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=drop chain=input comment="drop invalid connections" \
    connection-state=invalid
add chain=input comment="allow related connections" connection-state=related
add chain=input comment="allow established connections" connection-state=\
    established
add chain=input in-interface=!ether1-gateway src-address=192.168.88.0/24
add chain=input in-interface=!ether1-gateway src-address=192.168.1.0/24
add action=drop chain=input comment="drop everything else"
add chain=output comment="accept everything to internet" out-interface=\
    ether1-gateway
add chain=output comment="accept everything to non internet" out-interface=\
    !ether1-gateway
add chain=output comment="accept everything"
add action=drop chain=forward comment="drop invalid connections" \
    connection-state=invalid
add chain=forward comment="allow already established connections" \
    connection-state=established
add chain=forward comment="allow related connections" connection-state=\
    related
add action=drop chain=forward src-address=0.0.0.0/8
add action=drop chain=forward dst-address=0.0.0.0/8
add action=drop chain=forward src-address=127.0.0.0/8
add action=drop chain=forward dst-address=127.0.0.0/8
add action=drop chain=forward src-address=224.0.0.0/3
add action=drop chain=forward dst-address=224.0.0.0/3
add action=jump chain=forward jump-target=tcp protocol=tcp
add action=jump chain=forward jump-target=udp protocol=udp
add action=jump chain=forward jump-target=icmp protocol=icmp
add chain=forward comment="accept from local to internet" in-interface=\
    !ether1-gateway out-interface=ether1-gateway
add action=drop chain=forward comment="drop everything else"
add action=drop chain=tcp comment="deny TFTP" dst-port=69 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" dst-port=111 \
    protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" dst-port=135 \
    protocol=tcp
add action=drop chain=tcp comment="deny NBT" dst-port=137-139 protocol=tcp
add action=drop chain=tcp comment="deny cifs" dst-port=445 protocol=tcp
add action=drop chain=tcp comment="deny NFS" dst-port=2049 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=12345-12346 \
    protocol=tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=20034 protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" dst-port=3133 protocol=\
    tcp
add action=drop chain=tcp comment="deny DHCP" dst-port=67-68 protocol=tcp
add action=drop chain=udp comment="deny TFTP" dst-port=69 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=111 \
    protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=135 \
    protocol=udp
add action=drop chain=udp comment="deny NBT" dst-port=137-139 protocol=udp
add action=drop chain=udp comment="deny NFS" dst-port=2049 protocol=udp
add action=drop chain=udp comment="deny BackOriffice" dst-port=3133 protocol=\
    udp
add chain=icmp comment="echo reply" icmp-options=0:0 protocol=icmp
add chain=icmp comment="net unreachable" icmp-options=3:0 protocol=icmp
add chain=icmp comment="host unreachable" icmp-options=3:1 protocol=icmp
add chain=icmp comment="host unreachable fragmentation required" \
    icmp-options=3:4 protocol=icmp
add chain=icmp comment="allow source quench" icmp-options=4:0 protocol=icmp
add chain=icmp comment="allow echo request" icmp-options=8:0 protocol=icmp
add chain=icmp comment="allow time exceed" icmp-options=11:0 protocol=icmp
add chain=icmp comment="allow parameter bad" icmp-options=12:0 protocol=icmp
add action=drop chain=icmp comment="deny all other types"
add action=drop chain=forward comment="drop (2) everything else"
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ether1-gateway to-addresses=0.0.0.0
/ip route
add disabled=yes distance=1 gateway=10.176.32.1
/ip service
set api disabled=yes
/ip upnp
set allow-disable-external-interface=no
/system leds
set 0 interface=wlan1
/system script
add name=firewall policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive source="/ip fir\
    ewall filter\r\
    \n\r\
    \n# INPUT\r\
    \nadd chain=input connection-state=invalid action=drop comment=\"drop inva\
    lid connections\"  \r\
    \nadd chain=input connection-state=related action=accept comment=\"allow r\
    elated connections\"\r\
    \nadd chain=input connection-state=established action=accept comment=\"all\
    ow established connections\"\r\
    \n\r\
    \n# ext input\r\
    \n\r\
    \n# local input\r\
    \nadd chain=input src-address=192.168.88.0/24 action=accept in-interface=!\
    ether1-gateway\r\
    \n\r\
    \n# drop all other input\r\
    \nadd chain=input action=drop comment=\"drop everything else\"\r\
    \n\r\
    \n# OUTPUT\r\
    \nadd chain=output action=accept out-interface=ether1-gateway comment=\"ac\
    cept everything to internet\"\r\
    \nadd chain=output action=accept out-interface=!ether1-gateway comment=\"a\
    ccept everything to non internet\"\r\
    \nadd chain=output action=accept comment=\"accept everything\"\r\
    \n\r\
    \n# FORWARD\r\
    \nadd chain=forward connection-state=invalid action=drop comment=\"drop in\
    valid connections\"  \r\
    \nadd chain=forward connection-state=established action=accept comment=\"a\
    llow already established connections\"  \r\
    \nadd chain=forward connection-state=related action=accept comment=\"allow\
    \_related connections\"\r\
    \n\t\r\
    \nadd chain=forward src-address=0.0.0.0/8 action=drop  \r\
    \nadd chain=forward dst-address=0.0.0.0/8 action=drop  \r\
    \nadd chain=forward src-address=127.0.0.0/8 action=drop \r\
    \nadd chain=forward dst-address=127.0.0.0/8 action=drop \r\
    \nadd chain=forward src-address=224.0.0.0/3 action=drop \r\
    \nadd chain=forward dst-address=224.0.0.0/3 action=drop\r\
    \n\r\
    \n# (1) jumping\r\
    \nadd chain=forward protocol=tcp action=jump jump-target=tcp  \r\
    \nadd chain=forward protocol=udp action=jump jump-target=udp  \r\
    \nadd chain=forward protocol=icmp action=jump jump-target=icmp\r\
    \n\r\
    \n# (3) accept forward from local to internet\r\
    \nadd chain=forward action=accept in-interface=!ether1-gateway out-interfa\
    ce=ether1-gateway \\\r\
    \n   comment=\"accept from local to internet\"\r\
    \n\r\
    \n# (4) drop all other forward\r\
    \nadd chain=forward action=drop comment=\"drop everything else\"\r\
    \n\r\
    \n# (2) deny some types common types\r\
    \nadd chain=tcp protocol=tcp dst-port=69 action=drop comment=\"deny TFTP\"\
    \r\
    \nadd chain=tcp protocol=tcp dst-port=111 action=drop comment=\"deny RPC p\
    ortmapper\"\r\
    \nadd chain=tcp protocol=tcp dst-port=135 action=drop comment=\"deny RPC p\
    ortmapper\"\r\
    \nadd chain=tcp protocol=tcp dst-port=137-139 action=drop comment=\"deny N\
    BT\"\r\
    \nadd chain=tcp protocol=tcp dst-port=445 action=drop comment=\"deny cifs\
    \"\r\
    \nadd chain=tcp protocol=tcp dst-port=2049 action=drop comment=\"deny NFS\
    \"\r\
    \nadd chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment=\"de\
    ny NetBus\"\r\
    \nadd chain=tcp protocol=tcp dst-port=20034 action=drop comment=\"deny Net\
    Bus\"\r\
    \nadd chain=tcp protocol=tcp dst-port=3133 action=drop comment=\"deny Back\
    Oriffice\"\r\
    \nadd chain=tcp protocol=tcp dst-port=67-68 action=drop comment=\"deny DHC\
    P\"\r\
    \n\r\
    \nadd chain=udp protocol=udp dst-port=69 action=drop comment=\"deny TFTP\"\
    \r\
    \nadd chain=udp protocol=udp dst-port=111 action=drop comment=\"deny PRC p\
    ortmapper\"\r\
    \nadd chain=udp protocol=udp dst-port=135 action=drop comment=\"deny PRC p\
    ortmapper\"\r\
    \nadd chain=udp protocol=udp dst-port=137-139 action=drop comment=\"deny N\
    BT\"\r\
    \nadd chain=udp protocol=udp dst-port=2049 action=drop comment=\"deny NFS\
    \"\r\
    \nadd chain=udp protocol=udp dst-port=3133 action=drop comment=\"deny Back\
    Oriffice\"\r\
    \n\r\
    \nadd chain=icmp protocol=icmp icmp-options=0:0 action=accept comment=\"ec\
    ho reply\"\r\
    \nadd chain=icmp protocol=icmp icmp-options=3:0 action=accept comment=\"ne\
    t unreachable\"\r\
    \nadd chain=icmp protocol=icmp icmp-options=3:1 action=accept comment=\"ho\
    st unreachable\"\r\
    \nadd chain=icmp protocol=icmp icmp-options=3:4 action=accept comment=\"ho\
    st unreachable fragmentation required\"\r\
    \nadd chain=icmp protocol=icmp icmp-options=4:0 action=accept comment=\"al\
    low source quench\"\r\
    \nadd chain=icmp protocol=icmp icmp-options=8:0 action=accept comment=\"al\
    low echo request\"\r\
    \nadd chain=icmp protocol=icmp icmp-options=11:0 action=accept comment=\"a\
    llow time exceed\"\r\
    \nadd chain=icmp protocol=icmp icmp-options=12:0 action=accept comment=\"a\
    llow parameter bad\"\r\
    \nadd chain=icmp action=drop comment=\"deny all other types\"\r\
    \n\r\
    \n# (5) drop all other forward\r\
    \nadd chain=forward action=drop comment=\"drop (2) everything else\""
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
 
User avatar
Bergante
Member Candidate
Member Candidate
Posts: 144
Joined: Tue Feb 28, 2012 12:27 pm
Location: Bilbao, Spain

Re: iPad vs Mikrotik

Tue Sep 23, 2014 1:41 pm

Try preamble-mode both? I think there was some trouble with selecting either long or short.

And you don't need to capitalize SSIDs. The test network I am using has a lower case SSID.

export verbose posted so that you can compare. I didn't do anything special, just set a channel, SSID, security profile and, voila!

Now that I see it, I disabled WMM by mistake (or forgot to enable it, I don't remember). Anyway it works I think. As you can see, almost everything is set by default.
set [ find default-name=wlan1 ] adaptive-noise-immunity=none allow-sharedkey=\
    no ampdu-priorities=0,1 amsdu-limit=8192 amsdu-threshold=8192 \
    antenna-gain=0 area="" arp=enabled band=2ghz-b/g/n basic-rates-a/g=6Mbps \
    basic-rates-b=1Mbps bridge-mode=enabled channel-width=20mhz compression=\
    no country=no_country_set default-ap-tx-limit=0 default-authentication=\
    yes default-client-tx-limit=0 default-forwarding=yes dfs-mode=none \
    disable-running-check=no disabled=yes disconnect-timeout=3s distance=\
    dynamic frame-lifetime=0 frequency=2412 frequency-mode=superchannel \
    frequency-offset=0 guard-interval=any hide-ssid=no ht-basic-mcs=\
    mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 ht-supported-mcs="mcs-0,mc\
    s-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,m\
    cs-13,mcs-14,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-2\
    3" hw-fragmentation-threshold=disabled hw-protection-mode=none \
    hw-protection-threshold=0 hw-retries=7 interworking-profile=disabled \
    l2mtu=1600 mac-address=D4:CA:6D:71:8B:F0 max-station-count=2007 mode=\
    ap-bridge mtu=1500 multicast-buffering=enabled multicast-helper=default \
    name=guirele noise-floor-threshold=default nv2-cell-radius=30 \
    nv2-noise-floor-offset=default nv2-preshared-key="" nv2-qos=default \
    nv2-queue-count=2 nv2-security=disabled on-fail-retry-time=100ms \
    preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=\
    D4CA6D718BF0 rate-selection=advanced rate-set=default rx-chains=0,1 \
    scan-list=default security-profile=segurolas ssid=rb2011-despa \
    station-bridge-clone-mac=00:00:00:00:00:00 supported-rates-a/g=\
    6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\
    1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-chains=0,1 \
    tx-power-mode=default update-stats-interval=disabled vlan-id=1 vlan-mode=\
    no-tag wds-cost-range=50-150 wds-default-bridge=none wds-default-cost=100 \
    wds-ignore-ssid=no wds-mode=disabled wireless-protocol=802.11 \
    wmm-support=disabled
The security profile follows:
add authentication-types=wpa2-psk eap-methods=passthrough group-ciphers=\
    aes-ccm group-key-update=5m interim-update=0s management-protection=\
    disabled management-protection-key="" mode=dynamic-keys \
    mschapv2-password="" mschapv2-username="" name=segurolas \
    radius-eap-accounting=no radius-mac-accounting=no \
    radius-mac-authentication=no radius-mac-caching=disabled \
    radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
    static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
    none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
    static-sta-private-algo=none static-sta-private-key="" \
    static-transmit-key=key-0 supplicant-identity=rb2011-despa \
    tls-certificate=none tls-mode=no-certificates unicast-ciphers=aes-ccm \
    wpa-pre-shared-key="" wpa2-pre-shared-key=XXXXXXXXXXXXXX
 
KillerOPS
Member Candidate
Member Candidate
Posts: 150
Joined: Sat Oct 31, 2009 9:27 pm

Re: iPad vs Mikrotik

Wed Sep 24, 2014 2:58 am

I can confirm that my ipad2 works every day with an rb711 in 5ghz and also with an sxt in 2ghz.
 
billybons2006
just joined
Topic Author
Posts: 21
Joined: Fri Jun 27, 2014 11:43 am

Re: iPad vs Mikrotik

Wed Sep 24, 2014 1:31 pm

Thank you very much! So few free time... I'll make some experiments. If there is success, I'll write here what it was!

Who is online

Users browsing this forum: ips, toffline and 30 guests