Community discussions

MikroTik App
 
DitchRat95
newbie
Topic Author
Posts: 29
Joined: Tue Jul 19, 2022 5:43 pm

Limit clients by signal range.

Wed May 31, 2023 8:40 pm

I am installing a WiFi system in a business that is below a boarding home. I have two access points setup in capsman, I would like to stop them from being able to connect to the WiFi from the boarding home but customers to be able to use the guest WiFi. I was thinking the best way to to this would be by signal levels but I'm having trouble getting that to work through the access rules in capsman. I would like to cut them off at a rx signal of say -.68 how would i do that? Or if someone knows of a better solution I am all ears! Thank you in advance!
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Limit clients by signal range.

Wed May 31, 2023 10:45 pm

I don't know if there is a way to do that via signal strength, but even if you could, it would likely be HIGHLY unreliable. RF does not work well that way - especially inside buildings. Theoretically you could install grounded metal screening (something like 1/4 inch hardware cloth) on the underside of the floor for the second floor, but that would be a lot of work and expense to do it well, and not doing it well would almost guarantee failure. Even done right, it may not help much.

Is the business something where the public will be able to come into, or is it more restricted access? If the latter, change the guest WiFi password daily. If it's something like a eating establishment where the public can come in and see the daily password sign, that would not work well.

Not much ese you can do with that one.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Limit clients by signal range.

Wed May 31, 2023 10:52 pm

If you want to try the signal level, it needs to be entered as a range (e.g. signal-range=-68..0 ).
viewtopic.php?t=194738&hilit=wireless+signal#p991736
 
holvoetn
Forum Guru
Forum Guru
Posts: 5321
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Limit clients by signal range.

Wed May 31, 2023 11:12 pm

If you want to try the signal level, it needs to be entered as a range (e.g. signal-range=-68..0 ).
viewtopic.php?t=194738&hilit=wireless+signal#p991736
First accept:
-68..120

Then reject:
-120..-67

What happens in between -67 and -68, that's a good question.

How about simply hiding SSID for other network ?
What they can't see, they will most likely not connect to.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Limit clients by signal range.

Wed May 31, 2023 11:54 pm

What happens in between -67 and -68, that's a good question.
Can't happen...there is no float data type. So the measured signal should be an integer. Now if the end is inclusive or exclusive, I dunno...
 
DitchRat95
newbie
Topic Author
Posts: 29
Joined: Tue Jul 19, 2022 5:43 pm

Re: Limit clients by signal range.

Sun Jun 04, 2023 3:58 am

I don't know if there is a way to do that via signal strength, but even if you could, it would likely be HIGHLY unreliable. RF does not work well that way - especially inside buildings. Theoretically you could install grounded metal screening (something like 1/4 inch hardware cloth) on the underside of the floor for the second floor, but that would be a lot of work and expense to do it well, and not doing it well would almost guarantee failure. Even done right, it may not help much.

Is the business something where the public will be able to come into, or is it more restricted access? If the latter, change the guest WiFi password daily. If it's something like a eating establishment where the public can come in and see the daily password sign, that would not work well.

Not much ese you can do with that one.
I apologize about the delayed response. This is a side job and so I work on it around my regular job.

I'm realizing your correct about the highly unreliable, as I've watched the clients and signals their is a device that sits at a signal level on the guest network from the moment it comes on to the minuet the guest network shuts off, that matches my signal from my phone sitting directly under my capsman ap in the building. It's a local bar changing the password would irritate alot of the regulars. I have employees that I would rather not give access to the main network as some of them are college kids ECT that need it for various reasons. I was thinking possibly physically moving the router but but would really have to consider as to where I could it wouldn't be exposed to damage or vandalism. I thought the two brick walls and slight air space would deteriorate signals so this would be more viable of an option. I considered maybe a black listing script and/or acl rules?
 
DitchRat95
newbie
Topic Author
Posts: 29
Joined: Tue Jul 19, 2022 5:43 pm

Re: Limit clients by signal range.

Sun Jun 04, 2023 3:58 am

If you want to try the signal level, it needs to be entered as a range (e.g. signal-range=-68..0 ).
viewtopic.php?t=194738&hilit=wireless+signal#p991736
First accept:
-68..120

Then reject:
-120..-67

What happens in between -67 and -68, that's a good question.

How about simply hiding SSID for other network ?
What they can't see, they will most likely not connect to.
Will try this next available chance! Thank you
 
DitchRat95
newbie
Topic Author
Posts: 29
Joined: Tue Jul 19, 2022 5:43 pm

Re: Limit clients by signal range.

Sun Jun 04, 2023 3:59 am

What happens in between -67 and -68, that's a good question.
Can't happen...there is no float data type. So the measured signal should be an integer. Now if the end is inclusive or exclusive, I dunno...
Could I get you to elaborate?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5321
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Limit clients by signal range.

Sun Jun 04, 2023 11:19 am

I think what Amm0 is aiming at is that the signal value is an integer. No digits after the comma.
The question is however if the value specified in such a range is INCLUDED or not.
Because giving this case:
accept: -68..120
reject:-120..-67

If it is included: all is well. A device can only have -67 or -68 (for those 2 values) so it will fall into one of the specified rules.
But if it is excluded, a device with -68 or -67 will have no rule applied.

Thinking of it... it might be better to use -120..68 as reject rule since accept rule will come first.
And then we can completely circumvent this theoretical problem.
Accept will then be certainly for -67, perhaps -68. But there will be a reject following.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Limit clients by signal range.

Sun Jun 04, 2023 11:59 am

Since ACL rules are evaluated in certain order (top to bottom), and default action is to accept client, it should be enough to set single reject rule (with signal range -120..-68). For readability of ACL ruleset it could be followed by complementary accept rule (signal range -68..120), where (again for readability reasons) the signal range should "touch" the one in reject rule. The consideration is slightly different if ACL rules are in "accept-reject" order (because of additional implicit accept rule after explicit pair of rules).

But IMO it doesn't matter much if the range limit value is part of range or not. E.g. if the limit value is -68 (and it's already rounded from range of -68.50..-67.51), we are potentially considering the difference between -68.50dBm and -66.51dBm which is not really instrumental (the value of -68 is arbitrary to start with), wireless stations will perform differently at any given signal strength due to differences in their Tx power capabilities and in their Rx sensitivity (any communication is two-way after all). So the whole discussion of whether range limits are included or not is just "splitting the hair" ...
 
holvoetn
Forum Guru
Forum Guru
Posts: 5321
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Limit clients by signal range.

Sun Jun 04, 2023 12:04 pm

Fully agree with last statement but it is a fun exploration for a Sunday, no ? :lol:
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Limit clients by signal range.

Sun Jun 04, 2023 12:18 pm

Somebody less nerdy than we are would probably say that "fun exploration for a Sunday" would be e.g. a bike trip out to coutry side :wink:
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Limit clients by signal range.

Sun Jun 04, 2023 4:17 pm

LOL. I blame TV: YouTube steered me to video about APL/J/BQN last weekend.

But correct, I should have added this...
Thinking of it... it might be better to use -120..-68 as reject rule since accept rule will come first.
...since that cover -67dB in either case (in this example)

Now how well this works at the problem of controlling traffic between the floors...IDK
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Limit clients by signal range.

Sun Jun 04, 2023 7:40 pm

Now that you have explained the situation a little better, I can see that changing passwords would not work well for this situation, and the password essentially is publicly posted. That only leaves signal. Best suggestion would be using access points that have external antennas so that you can place APs and use highly directional antenna patterns to reduce the signal radiating up to the second floor. It's still not going to be perfect, but should be able to make it work better for your situation. That may let you use the signal strength limits discussed earlier more effectively.
 
DitchRat95
newbie
Topic Author
Posts: 29
Joined: Tue Jul 19, 2022 5:43 pm

Re: Limit clients by signal range.

Thu Jun 08, 2023 3:24 am

Would it be possible to build a script that once it saw a device on the guest network for a set amount of time it would create a acl reject rule per said device?
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Limit clients by signal range.

Thu Jun 08, 2023 4:47 am

Would it be possible to build a script that once it saw a device on the guest network for a set amount of time it would create a acl reject rule per said device?
Sure, at lot is possible with scripting.

But setting up hotspot on the guest vlan might be easier. Hotspot has a few option... but a time limited session is one, and even be more "friendly" than script since it tell someone "time is up". https://help.mikrotik.com/docs/pages/vi ... d=56459266
 
DitchRat95
newbie
Topic Author
Posts: 29
Joined: Tue Jul 19, 2022 5:43 pm

Re: Limit clients by signal range.

Thu Jun 08, 2023 10:02 am

Because some days my customers are their for a hour, sometimes ten. The cell reception is horrible inside the building, as WiFi calling is becoming more of a thing and most of them have their phone in their pocket... Calling the cops is sometimes a thing in this line of business ;) I come from a tourist town. Plus the safety the employees is of up most importance anytime they are stocking or after hours. We are having theft issues and vandalism problems. We're looking to clean the place up a bit. Where also about to purchase a video surveillance system looking a few but any one has a good recommendations I'm open to suggestions! Haven't sat down and done a for real map but we walked through the other day and rough figured 15 upstairs and he said and down stairs so I'm not sure but possibly 20? Thanks in advanced.... Sorry for the rant lol.

So I did make some signal rules in the acl that started with my caps that are for the main network are-120..120, next were dynamic -120..-67,-68..-120 and it worked really well but their where some signals the actually their signals were stronger than mine on my phone siting right under it (with idk maybe the lights might degrade the signal a bit more?) I cut the rest of the signals that were lower than that and I watched it for last while to watch for reoccurring number on the network for over twenty four hours off by signal level and figured I mess around with those ones for a bit of entertainment making the customer experience experience better. But something scripted would be awesome, would really like to understand the cli and scripting better.
Is that book Learn RouterOS by Dennis Burgess worth it's weight?

I thought I'd mention, I have been on a lot of forums for cars, computers but up till I started posting on here have i ever asked questions and you guy's have been very responsive and helpful and, so I'd like to say thank you again.
 
DitchRat95
newbie
Topic Author
Posts: 29
Joined: Tue Jul 19, 2022 5:43 pm

Re: Limit clients by signal range.

Fri Jun 09, 2023 12:40 am

So I had a thought of how I would create a said script I would like to know how hard it would be to teach myself (w/ some guiedence obviously) to write a script or two to accomplish said goals.

1. Query guest network every half hour.
2. Compile list of how many times each Mac is on the network to active connections list.
3. Set maximum times allowed to connect in a row before it sends Mac to black list.
4. Setup acl rules per blacklist

I have a background of understanding but it isn't something I've really done since like ten years ago. Plus moving to mikrotik has been a curve. I appreciate any help, as I've got back into this I have missed small details that have caused delay but I thoroughly enjoy catching up. I appreciate all of the advice.
 
gabrielporto
just joined
Posts: 1
Joined: Thu Jun 22, 2023 12:16 am

Re: Limit clients by signal range.

Fri Sep 29, 2023 5:54 am

Sorry for the late response. But have you tried to decrease de TX power on CAPsMAN? It is set on the Channel configuration. If not set, it will use it's full power.

Who is online

Users browsing this forum: No registered users and 36 guests