Community discussions

MikroTik App
  4. RouterOS
  5. Wireless Networking

mikrotik access point / controlling on the time of wireless authentication

Post Reply
 
User avatar
laithmikrotik
Member
Member
Topic Author
Posts: 435
Joined: Wed Apr 13, 2011 3:18 pm

mikrotik access point / controlling on the time of wireless authentication

Mon Oct 17, 2016 10:58 am

hi every one ...
i would like from support of the mikrotik factory to read my post and resolve this error in access point rule policy which i found out that when i try to give an limited time to registration with the mikrotik access point
lets us explain the proplem/
suppose you have rb951.you make it as an internet access point .suppose that rb951 is placed in camp , school , college ..Et cetera .the persons in this places have an limited time to connect with the rb951 access point .lets say from 8a.m to 8 p.m evey day .after 8 p.m the persons above have no permissin to connect with rb951 access point unless they must wait to 8 a.m of the next day .
i hope you understood me
lets see the image down
Image

you see tow times/
time 1 = the start time to connect ( the user with mac address listed in access point policy )with the mikrotik access point every day
time 2 = the end time of connecting with the mikrotik access point every day

logically any mac address listed in the policy above can not connect after the time 2
in fact no!!!!!! .
the user with the mac address listed in our example can connect with th rb951 access point even he have no permission to connect .!!

finally .what do you suggest to me another method to carry out my example.please
my greetings
Last edited by laithmikrotik on Wed Oct 19, 2016 10:10 am, edited 2 times in total.
Top
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: post to the support of the mikrotik

Mon Oct 17, 2016 12:03 pm

write to support@mikrotik.com if you want to contact MikroTik support. There are a bit too little information to think about something conclusive.
Top
 
User avatar
laithmikrotik
Member
Member
Topic Author
Posts: 435
Joined: Wed Apr 13, 2011 3:18 pm

Re: post to the support of the mikrotik

Mon Oct 17, 2016 12:50 pm

write to support@mikrotik.com if you want to contact MikroTik support. There are a bit too little information to think about something conclusive.
thank you very much for your replay . :D
i will do that .but at the same time .i hope anyone can help me to do my post idea ( connecting to any mikrotik access point from time1 to time 2 ) as explained in my post
please help me :(
thanks for all
Top
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: post to the support of the mikrotik

Mon Oct 17, 2016 2:44 pm

what you write, should be doable, however, check timezone settings and check if your router has the time set up properly. Also, check for other entries in that table.
Top
 
User avatar
laithmikrotik
Member
Member
Topic Author
Posts: 435
Joined: Wed Apr 13, 2011 3:18 pm

Re: post to the support of the mikrotik

Mon Oct 17, 2016 5:49 pm

what you write, should be doable, however, check timezone settings and check if your router has the time set up properly. Also, check for other entries in that table.
doable :(
all i want .some one here ( from you and other experts of mikrotik ) to help me to carry out my idea post
by the way idont have any mistake in time setting and others
Top
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: post to the support of the mikrotik

Mon Oct 17, 2016 6:16 pm

"all I want is you to do everything for me". This is not how the things can work in real life.
Top
 
User avatar
laithmikrotik
Member
Member
Topic Author
Posts: 435
Joined: Wed Apr 13, 2011 3:18 pm

Re: post to the support of the mikrotik

Mon Oct 17, 2016 6:35 pm

"all I want is you to do everything for me". This is not how the things can work in real life.
all i want is the help .No more, no less
anyway thank you
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: post to the support of the mikrotik

Mon Oct 17, 2016 6:58 pm

by the way idont have any mistake in time setting and others
That's pretty strong statement. I can believe you about time, that's easy to check. But some settings may be tricky and you didn't tell us much, only about this one rule.
Top
 
User avatar
laithmikrotik
Member
Member
Topic Author
Posts: 435
Joined: Wed Apr 13, 2011 3:18 pm

Re: post to the support of the mikrotik

Mon Oct 17, 2016 7:29 pm

by the way idont have any mistake in time setting and others
That's pretty strong statement. I can believe you about time, that's easy to check. But some settings may be tricky and you didn't tell us much, only about this one rule.
here is all my settings

Code: Select all
[admin@MikroTik] > export
# oct/17/2016 19:26:49 by RouterOS 6.37.1
# software id = H3GM-P0GM
#
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] name=POE
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=2462 mode=ap-bridge \
    ssid=Z----H-----S-----R
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk eap-methods="" mode=dynamic-keys \
    wpa-pre-shared-key=00550055
/ip pool
add name=dhcp_pool1 ranges=25.25.25.2-25.25.25.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge1 name=dhcp1
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/interface wireless access-list
add interface=wlan1 mac-address=00:23:4D:76:8F:F5 time=8h-20h,sun,mon,tue,wed,thu,fri,sat \
    vlan-mode=no-tag
/ip address
add address=25.25.25.1/24 interface=bridge1 network=25.25.25.0
/ip arp
add address=25.25.25.4 interface=bridge1 mac-address=00:23:4D:76:8F:F5
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=POE
/ip dhcp-server lease
add address=25.25.25.4 address-lists="" client-id=1:0:23:4d:76:8f:f5 mac-address=\
    00:23:4D:76:8F:F5 server=dhcp1 use-src-mac=yes
/ip dhcp-server network
add address=25.25.25.0/24 gateway=25.25.25.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat
add action=masquerade chain=srcnat out-interface=POE protocol=tcp
/system clock
set time-zone-name=Asia/Baghdad
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set bridge1 disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set POE disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
/tool user-manager database
set db-path=user-manager
[admin@MikroTik] >
Top
 
andlil
just joined
Posts: 13
Joined: Sat Oct 08, 2016 7:38 pm
Location: Sweden

Re: post to the support of the mikrotik

Mon Oct 17, 2016 10:16 pm

On a completely unrelated matter, stop using 25.25.25.0/24 and go for an address in designated space https://en.wikipedia.org/wiki/Private_network
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: post to the support of the mikrotik

Mon Oct 17, 2016 11:29 pm

I did quick test here, and when I added access rule for one MAC address, set time limit and connected when it was not allowed, I was still allowed to connect, because of interface's implicit default-authentication=yes. It looks like when the time condition does not match, the whole rule gets skipped, as if it wasn't there at all, and then defaults from interface apply. But that's just my first impression, I'd have to test it some more, plus try current RouterOS version, because this AP doesn't have it. Unfortunately, I don't have much time for it right now.

So make sure your RouterOS is up to date, and if it still happens, document it and ask support if it's a bug or feature.
Top
 
User avatar
laithmikrotik
Member
Member
Topic Author
Posts: 435
Joined: Wed Apr 13, 2011 3:18 pm

Re: post to the support of the mikrotik

Tue Oct 18, 2016 8:55 am

I did quick test here, and when I added access rule for one MAC address, set time limit and connected when it was not allowed, I was still allowed to connect, because of interface's implicit default-authentication=yes. It looks like when the time condition does not match, the whole rule gets skipped, as if it wasn't there at all, and then defaults from interface apply. But that's just my first impression, I'd have to test it some more, plus try current RouterOS version, because this AP doesn't have it. Unfortunately, I don't have much time for it right now.

So make sure your RouterOS is up to date, and if it still happens, document it and ask support if it's a bug or feature.
thank you very much for your interaction with my post :D :D
so .when we set any mikrotik access point rule list with the same policy of my post above .we discover , that the time setting for limitation the users time of connecting with any mikrotik access point is like no effecitive ( no found )
Top
 
User avatar
laithmikrotik
Member
Member
Topic Author
Posts: 435
Joined: Wed Apr 13, 2011 3:18 pm

Re: post to the support of the mikrotik

Tue Oct 18, 2016 9:17 am

i do the same scenario on other router board ( rb912 ).
the same proplem
Image
Top
 
User avatar
laithmikrotik
Member
Member
Topic Author
Posts: 435
Joined: Wed Apr 13, 2011 3:18 pm

Re: post to the support of the mikrotik

Tue Oct 18, 2016 9:33 am

here is another router board (hAP lite classic RB941 ) .....the same proplem
Image
Top
 
User avatar
karlisi
Member
Member
Posts: 469
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: post to the support of the mikrotik

Tue Oct 18, 2016 10:57 am

Try this
Code: Select all
/interface wireless access-list
add interface=wlan1 mac-address=00:23:4D:76:8F:F5
add interface=wlan1 mac-address=00:23:4D:76:8F:F5 time=8h-20h,sun,mon,tue,wed,thu,fri,sat \
    vlan-mode=no-tag
Top
 
kristaps
Member Candidate
Member Candidate
Posts: 272
Joined: Mon Jan 27, 2014 1:37 pm

Re: post to the support of the mikrotik

Tue Oct 18, 2016 11:05 am

@laithmikrotik please send supout.rif form your router to support@mikrotik.com
Top
 
User avatar
laithmikrotik
Member
Member
Topic Author
Posts: 435
Joined: Wed Apr 13, 2011 3:18 pm

Re: post to the support of the mikrotik

Tue Oct 18, 2016 11:08 am

Try this
Code: Select all
/interface wireless access-list
add interface=wlan1 mac-address=00:23:4D:76:8F:F5
add interface=wlan1 mac-address=00:23:4D:76:8F:F5 time=8h-20h,sun,mon,tue,wed,thu,fri,sat \
    vlan-mode=no-tag
FAILED
Last edited by laithmikrotik on Tue Oct 18, 2016 11:30 am, edited 1 time in total.
Top
 
User avatar
laithmikrotik
Member
Member
Topic Author
Posts: 435
Joined: Wed Apr 13, 2011 3:18 pm

Re: post to the support of the mikrotik

Tue Oct 18, 2016 11:11 am

@laithmikrotik please send supout.rif form your router to support@mikrotik.com
OK....done
Top
 
User avatar
laithmikrotik
Member
Member
Topic Author
Posts: 435
Joined: Wed Apr 13, 2011 3:18 pm

Re: mikrotik access point / controlling on the time of wireless authentication

Thu Oct 20, 2016 10:58 pm

i hope this video will Obtain your satisfaction
its from my personal effort
grettings

https://www.youtube.com/watch?v=8ZOh4NkBayA
Last edited by laithmikrotik on Sat Oct 22, 2016 6:08 am, edited 1 time in total.
Top
 
econst
Member Candidate
Member Candidate
Posts: 159
Joined: Thu Jan 24, 2008 10:33 pm

Re: mikrotik access point / controlling on the time of wireless authentication

Fri Oct 21, 2016 8:11 pm

Maybe the problem is platform dependent. I have the exact same scenario working on a X86 system(Alix Board) without a Scheduler. Running ROS v6.30.2. Works great.
Top
 
lambert
Long time Member
Long time Member
Posts: 548
Joined: Fri Jul 23, 2010 1:09 am

Re: mikrotik access point / controlling on the time of wireless authentication

Fri Oct 21, 2016 9:59 pm

As a workaround, you could setup a script which enables and disables "/interface wireless access-list" rules to allow or reject users. Then run the appropriate script at the appropriate time.

The key parts would look something like:
Code: Select all
/interface wireless access-list enable [find comment~"daytimeuser"]

/interface wireless access-list disable [find comment~"daytimeuser"]
I have not tested or even syntax checked the above. The below wiki pages should help you put it together if you are interested in doing the work.

http://wiki.mikrotik.com/wiki/Manual:System/Scheduler

http://wiki.mikrotik.com/wiki/Manual:Scripting
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 12 guests
  4. RouterOS
  5. Wireless Networking