Community discussions

MikroTik App
 
User avatar
carl0s
Member Candidate
Member Candidate
Topic Author
Posts: 179
Joined: Thu Jun 25, 2009 7:18 pm

capsman WPS accept

Wed Nov 24, 2021 1:43 pm

Please implement "WPS Accept" on capsman.

It's a royal pain in the arse connecting wifi printers at the moment. especially remotely when the only option is to remove a wifi interface from capsman, set up manually, do wps accept, then put back under capsman control. This is difficult when you are remotely working on a computer at the site which is on the wifi already.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5321
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: capsman WPS accept

Wed Nov 24, 2021 2:39 pm

Personally I never connect a printer using Wifi if wired is possible. It's not reliable, whatever supplier the AP comes from.
Almost default I disable everything related to Wifi on printers for another reason: the amount of traffic which get enabled nowadays standard on a printer using wifi is incredible... I don't need that garbage.

I do not understand why you would set devices under capsman control (hence security centrally managed) but would like to allow WPS ?
ANYONE able to hit that button, will gain access to your network.
Short or long, I don't know what other countermeasures you have in place.
You do keep the backdoor of the building closed, don't you ? Why not do the same on your network ?

Apart from home situation, I don't see any benefit from WPS in business environments.
Probably that's the reason why it got disabled for a device under capsman control and that makes perfect sense.

My view. Feel free to disagree.

PS your procedure of removing cap from capsman, use wps, register printer and then re-enable capsman is the only alternative way I can think of.
 
User avatar
carl0s
Member Candidate
Member Candidate
Topic Author
Posts: 179
Joined: Thu Jun 25, 2009 7:18 pm

Re: capsman WPS accept

Wed Nov 24, 2021 5:55 pm

There is no "button that somebody could press to gain access to the network".

I simply want to click "WPS Accept" in Winbox when I configure the printer, simple as that.

Also I do not want to debate the merits/lac of merits of WPS. This is a simple feature request for something that is available in Mikrotik WiFi but missing from cAPSMan.
I would be temporarily enableing WPS & clicking the 'WPS Accept' button, until the printer is set up, and then disabling WPS anyway.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5321
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: capsman WPS accept

Wed Nov 24, 2021 6:10 pm

I understand the practical requirement.

WPS was first invented by Cisco in 2006, I believe ?
Nowadays it's considered one of the FIRST things you need to disable to protect your network.
There is a reason it has been left out of CAPSMAN.
I highly doubt it will ever get in (or back in if it ever was).
 
GiovanniG
Member
Member
Posts: 338
Joined: Sun Nov 15, 2015 4:12 pm

Re: capsman WPS accept

Thu Jan 12, 2023 11:35 am

Hi, a Winbox WPS button that works for some seconds would be lovely, it's enough safe (nobody else will press it), unfortunately there are many devices that suggest clients this way as the easier, what we have to do.. the world goes on..
This can save our time, remotely we can easy solve the problem, instead on go to the client, install the brand app on our phone, understand how it works, etc. I've solved it by bluetooth, the printer has that function to get the WiFi parameters, but I should go to the client for that.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5321
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: capsman WPS accept

Thu Jan 12, 2023 1:11 pm

A printer over Wifi ?
That's a big no-no for me...

The client I work for has 132 printers. Only 1 over Wifi.
Guess which one brings me the most problems ?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26290
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: capsman WPS accept

Thu Jan 12, 2023 1:14 pm

I understand the practical requirement.

WPS was first invented by Cisco in 2006, I believe ?
Nowadays it's considered one of the FIRST things you need to disable to protect your network.
There is a reason it has been left out of CAPSMAN.
I highly doubt it will ever get in (or back in if it ever was).
That is not correct. There is no problem with WPS button. You are mixing it up with WPS PIN, which is insecure and is getting discontinued.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5321
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: capsman WPS accept

Thu Jan 12, 2023 1:22 pm

WPS button (as a physical button) is equally insecure in my view (ok, I admit, less insecure since you need to have physical access to the AP to press it).
The end-result is however the same. Someone able to press that button can gain access to the wireless network without a problem.

But it is a fact (virtual) WPS button is not possible using CAPSMAN, right ?
 
gotsprings
Forum Guru
Forum Guru
Posts: 2087
Joined: Mon May 14, 2012 9:30 pm

Re: capsman WPS accept

Thu Jan 12, 2023 2:03 pm

WPS button (as a physical button) is equally insecure in my view (ok, I admit, less insecure since you need to have physical access to the AP to press it).
The end-result is however the same. Someone able to press that button can gain access to the wireless network without a problem.

But it is a fact (virtual) WPS button is not possible using CAPSMAN, right ?
Its been more than a decade but I remember reading an article... probably by Ruckus... about howyou can trick a WPS network into accepting a client without hitting the button.

It was pretty long and involved...

And Ruckus didn't support WPS. So, anytime I see a wireless only printer. I would make an unencrypted network. Connect the printer to that. Then log into the printer's GUI and set up the connection for an encrypted network. Select connect. Delete the unencrypted network.

But Also, I always take the attitude.
"If it has wired power and doesn't move, hardwire it."
 
User avatar
Milkthief
just joined
Posts: 16
Joined: Wed Jan 18, 2017 3:29 pm

Re: capsman WPS accept

Tue Sep 12, 2023 4:47 pm

I see professors here that give opinions about WPS instead giving answers to the question.
You have to take always in mind that someone (me, in exaple) may pass here years later and read for minutes you useless opinions. This way you steal my time!

0. It may be necessary to install a printer where there is no ethernet. Are all manufacturers who produce enterprise printers with wifi card stupid?
1. wpa buttons may not exist on some MT aps
2. wpa buttons may be disabled when present on MT aps
3. MT aps may be closed inside a wall box (like I use to do at home and at office)
4. MT implemented WPS button (and command) on WifiWave2

The 4th point demonstrate that opinions are useless when you can't see more than 10 cm from your nose ahead.
 
lgraf
just joined
Posts: 1
Joined: Sun Nov 12, 2023 12:26 pm

Re: capsman WPS accept

Sat Nov 18, 2023 12:50 pm

Using the wps-push-button command on a wifiwave2 interface works for me (RouterOS 7.12, cAP ax)

From the mikrotik WifiWave2 https://help.mikrotik.com/docs/pages/vi ... older)-WPS:
An AP can be made to accept WPS authentication by a client device for 2 minutes by running the following command.

/interface/wifiwave2 wps-push-button wifi1
Last edited by lgraf on Sat Nov 18, 2023 1:12 pm, edited 1 time in total.

Who is online

Users browsing this forum: No registered users and 37 guests