January 22nd 2018 / RouterOS
Sub-menu: /interface wireless access-list
Access list is used by access point to restrict allowed connections from other devices, and to control connection parameters.
- Access list rules are checked sequentially.
- Disabled rules are always ignored.
- Only the first matching rule is applied.
- If there are no matching rules for the remote connection, then the default values from the wireless interface configuration are used.
- If remote device is matched by rule that has authentication=no value, the connection from that remote device is rejected.
Warning: If there is no entry in ACL about client which connects to AP (wireless,debug wlan2: A0:0B:BA:D7:4D:B2 not in local ACL, by default accept), then ACL for this client is ignored during all connection time.
For example, if client's signal during connection is -41 and we have ACL rule
/interface wireless access-list add authentication=yes forwarding=yes interface=wlan2 signal-range=-55..0
Then connection is not matched to any ACL rule and if signal drops to -70..-80, client will not be disconnected.
To make it work correctly it is required that client is matched by any of ACL rules.
If we modify ACL rules in previous example to:
/interface wireless access-list add interface=wlan2 signal-range=-55 add authentication=no forwarding=no interface=wlan2 signal-range=-120..-56
Then if signal drops to -56, client will be disconnected.