Community discussions

MikroTik App
 
john231
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Wed Aug 08, 2018 12:11 pm

ACL causes weird association behavior

Fri Jan 27, 2023 11:26 am

So i have 2 access points in the house one is on the first floor and the other one is on the second floor.

Now for the first floor access point i have set up an ACL (only wlan1 is enabled) (SECOND AP)

/interface wireless access-list
add interface=wlan1 signal-range=-60..120 vlan-mode=no-tag
add authentication=no interface=wlan1 forwarding=no signal-range=-120..-61 vlan-mode=no-tag

Second floor access point has wlan1 and wlan2 enabled with ACL configuration as follows (MAIN AP)
/interface wireless access-list
add interface=wlan1 signal-range=-89..120 vlan-mode=no-tag
add authentication=no forwarding=no interface=wlan1 signal-range=-120..-90 vlan-mode=no-tag
add interface=wlan2 signal-range=-89..120 vlan-mode=no-tag
add authentication=no forwarding=no interface=wlan2 signal-range=-120..-90 vlan-mode=no-tag

Now i have this one lenovo laptop that has connection issues so i started logging. I got information that yesterday around 20:20 there was a disconnection issue so i looked at the AP's logs.
Side note: the laptop was not moving it was on a table.

MAIN AP jan/26 19:18:03 wireless,debug wlan1: F8:A2:D6:E7:AE:4B attempts to associate
MAIN AP jan/26 19:18:03 wireless,debug wlan1: F8:A2:D6:E7:AE:4B in local ACL, accept
MAIN AP jan/26 19:18:03 wireless,info F8:A2:D6:E7:AE:4B@wlan1: connected, signal strength -58
SECOND AP: jan/26 20:20:48 wireless,debug wlan1: F8:A2:D6:E7:AE:4B attempts to associate
SECOND AP: jan/26 20:20:48 wireless,debug wlan1: F8:A2:D6:E7:AE:4B in local ACL, reject
MAIN AP: jan/26 20:20:59 wireless,info F8:A2:D6:E7:AE:4B@wlan1: disconnected, registered to other device in network
MAIN AP: jan/26 20:21:25 wireless,debug wlan1: F8:A2:D6:E7:AE:4B attempts to associate
MAIN AP: jan/26 20:21:25 wireless,debug wlan1: F8:A2:D6:E7:AE:4B in local ACL, accept
MAIN AP: jan/26 20:21:25 wireless,info F8:A2:D6:E7:AE:4B@wlan1: connected, signal strength -55
MAIN AP: jan/26 20:21:32 wireless,info F8:A2:D6:E7:AE:4B@wlan1: disconnected, received disassoc: sending station leaving (8)
MAIN AP: jan/26 20:21:46 wireless,debug wlan1: F8:A2:D6:E7:AE:4B attempts to associate
MAIN AP: jan/26 20:21:46 wireless,debug wlan1: F8:A2:D6:E7:AE:4B in local ACL, accept
SECOND AP: jan/26 20:21:52 wireless,debug wlan1: F8:A2:D6:E7:AE:4B attempts to associate
SECOND AP: jan/26 20:21:52 wireless,debug wlan1: F8:A2:D6:E7:AE:4B in local ACL, reject

From the logs it looks like the laptop wanted to randomly connect to the other AP (group key update is 1h so maybe that was the trigger).
Now as it is too far and the signal strength is too weak it gets rejected. However the AP that it is connected to now says that it is connected to antoher device on the network and disconnects it from that interface as well.
The end result is that something goes haywire in the wifi chip on the laptop and it now has no network access at all for a while.

Any ideas here?
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: ACL causes weird association behavior

Fri Jan 27, 2023 1:09 pm

Nothing unexpected here.

Remember that dialing the connection AP is only the client device's job. The AP can disconnect a client and then just wait and see what happens.

ACL lists are sometimes used to disconnect the client like you do. Be aware of the default 30 sec "allowed out of range" in the ACL.
The client decides when to challenge the current connection. For the current ROS releases the "station-roaming", when used as station, is disabled by default. (It was by default enabled before).
Station-roaming timing in a client depends on things like signal strength. It is OS dependent.

@wlan1: connected, signal strength -58: OK good signal
@wlan1: disconnected, registered to other device in network : client found other AP in network (same or different SSID)
@wlan1: connected, signal strength -55: station is back, good signal
@wlan1: disconnected, received disassoc: sending station leaving (8) : station informs AP it has disconnected and gone
debug wlan1: F8:A2:D6:E7:AE:4B in local ACL, reject: no reason given, ACL signal strength is too low now.



Not moving the laptop is not enough to have a steady wifi signal. People, your hands, and pets move around and might disturb the signal.
There are other wifi sources that can interfere.
I see WLAN1 , this could be 2.4GHz, then a microwave oven can interfere. (People say the microwave is well sealed. Just do the Spectral Scan test with MT, the stray signal is still very strong!
Shielding has to go from +60dBm to -90dBm, that's 150dB reduction needed.)

Who is online

Users browsing this forum: 4l4R1, maigonis and 8 guests