From 4f77f2124c67703f82a6d9a04ae8c8f30739a0ee Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 27 Sep 2024 18:27:03 +0000 Subject: [PATCH] chore(release): 1.64.0 --- CHANGELOG.md | 16 ++ docs/resources/capsman_manager_interface.md | 2 +- docs/resources/interface_lte_apn.md | 2 +- docs/resources/interface_wireless.md | 141 ++++++++++++++++++ .../interface_wireless_access_list.md | 46 ++++++ .../interface_wireless_security_profiles.md | 72 +++++++++ docs/resources/ip_hotspot_user.md | 2 +- docs/resources/ip_hotspot_user_profile.md | 2 +- docs/resources/ipv6_neighbor_discovery.md | 2 +- docs/resources/ppp_profile.md | 2 +- docs/resources/routing_bgp_template.md | 2 +- docs/resources/snmp_community.md | 2 +- docs/resources/system_led.md | 2 +- docs/resources/system_logging.md | 2 +- docs/resources/system_logging_action.md | 2 +- docs/resources/tool_sniffer.md | 3 + docs/resources/user_manager_attribute.md | 2 +- docs/resources/user_manager_user_group.md | 2 +- package.json | 2 +- 19 files changed, 292 insertions(+), 14 deletions(-) create mode 100644 docs/resources/interface_wireless.md create mode 100644 docs/resources/interface_wireless_access_list.md create mode 100644 docs/resources/interface_wireless_security_profiles.md diff --git a/CHANGELOG.md b/CHANGELOG.md index c5e025f9..3aa1875b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,19 @@ +## [1.64.0](https://github.com/terraform-routeros/terraform-provider-routeros/compare/v1.63.1...v1.64.0) (2024-09-27) + +### Features + +* **wireless:** Add new resource `routeros_interface_wireless_access_list` ([cd82592](https://github.com/terraform-routeros/terraform-provider-routeros/commit/cd825923390b489e41463b71e6ea253286f28c25)) +* **wireless:** Add new resource `routeros_interface_wireless_security_profiles` ([ef40fd2](https://github.com/terraform-routeros/terraform-provider-routeros/commit/ef40fd25f448c3ae1d92d2c2a60fcdde782f5df4)) +* **wireless:** Add new resource `routeros_interface_wireless` ([15c2650](https://github.com/terraform-routeros/terraform-provider-routeros/commit/15c265088c024a5b770fda1990ea3713c724d253)) + +### Bug Fixes + +* **serialize:** Fix `PropTransformSet` ([8baebae](https://github.com/terraform-routeros/terraform-provider-routeros/commit/8baebae070e047a3dad3f86aa72cf502f053d781)) +* **serialize:** Fix the transformation of attribute names. ([9796820](https://github.com/terraform-routeros/terraform-provider-routeros/commit/9796820aa413ad6f45731b613a1cfa88fc124e0a)) +* **tool_sniffer:** Add resource state control ([eb53e45](https://github.com/terraform-routeros/terraform-provider-routeros/commit/eb53e456ffce679464bb9023df59056663b9c6e9)) +* **wireless_security_profile:** Add `Sensitive` flag to attributes ([909b4c7](https://github.com/terraform-routeros/terraform-provider-routeros/commit/909b4c792e169eec5c60619156be8bd10dfab7df)) +* **wireless:** Add missing field ([c112740](https://github.com/terraform-routeros/terraform-provider-routeros/commit/c112740a660362528f9d53037e97e59c7138441f)) + ## [1.63.1](https://github.com/terraform-routeros/terraform-provider-routeros/compare/v1.63.0...v1.63.1) (2024-09-26) ### Features diff --git a/docs/resources/capsman_manager_interface.md b/docs/resources/capsman_manager_interface.md index 0055d34d..619e179f 100644 --- a/docs/resources/capsman_manager_interface.md +++ b/docs/resources/capsman_manager_interface.md @@ -24,7 +24,7 @@ resource "routeros_capsman_manager_interface" "test_manager_interface" { ### Read-Only -- `default` (Boolean) +- `default` (Boolean) It's the default item. - `dynamic` (Boolean) Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified. - `id` (String) The ID of this resource. diff --git a/docs/resources/interface_lte_apn.md b/docs/resources/interface_lte_apn.md index 8bb2f805..43fba185 100644 --- a/docs/resources/interface_lte_apn.md +++ b/docs/resources/interface_lte_apn.md @@ -37,7 +37,7 @@ resource "routeros_interface_lte_apn" "test" { ### Read-Only -- `default` (Boolean) +- `default` (Boolean) It's the default item. - `id` (String) The ID of this resource. ## Import diff --git a/docs/resources/interface_wireless.md b/docs/resources/interface_wireless.md new file mode 100644 index 00000000..54cd53ab --- /dev/null +++ b/docs/resources/interface_wireless.md @@ -0,0 +1,141 @@ +# routeros_interface_wireless (Resource) + + +## Example Usage +```terraform +resource "routeros_interface_wireless_security_profiles" "test" { + name = "test-profile" + mode = "dynamic-keys" + authentication_types = ["wpa-psk", "wpa2-psk"] + wpa_pre_shared_key = "wpa_psk_key" + wpa2_pre_shared_key = "wpa2_psk_key" +} + +resource "routeros_interface_wireless" "test" { + depends_on = [resource.routeros_interface_wireless_security_profiles.test] + security_profile = resource.routeros_interface_wireless_security_profiles.test.name + mode = "ap-bridge" + master_interface = "wlan1" + name = "wlan-guest" + ssid = "guests" + basic_rates_ag = ["6Mbps", "9Mbps"] +} +``` + + +## Schema + +### Required + +- `mode` (String) Selection between different station and access point (AP) modes. **Station modes**: `station` - Basic station mode. Find and connect to acceptable AP. `station-wds` - Same as station, but create WDS link with AP, using proprietary extension. AP configuration has to allow WDS links with this device. Note that this mode does not use entries in wds. `station-pseudobridge` - Same as station, but additionally perform MAC address translation of all traffic. Allows interface to be bridged. `station-pseudobridge-clone` - Same as station-pseudobridge, but use station-bridge-clone-mac address to connect to AP. `station-bridge` - Provides support for transparent protocol-independent L2 bridging on the station device. RouterOS AP accepts clients in station-bridge mode when enabled using bridge-mode parameter. In this mode, the AP maintains a forwarding table with information on which MAC addresses are reachable over which station device. Only works with RouterOS APs. With station-bridge mode, it is not possible to connect to CAPsMAN controlled CAP. **AP modes**: `ap-bridge` - Basic access point mode. `bridge` - Same as ap-bridge, but limited to one associated client. `wds-slave` - Same as ap-bridge, but scan for AP with the same ssid and establishes WDS link. If this link is lost or cannot be established, then continue scanning. If dfs-mode is radar-detect, then APs with enabled hide-ssid will not be found during scanning. **Special modes**: `alignment-only` - Put the interface in a continuous transmit mode that is used for aiming the remote antenna. `nstreme-dual-slave` - allow this interface to be used in nstreme-dual setup. MAC address translation in pseudobridge modes works by inspecting packets and building a table of corresponding IP and MAC addresses. All packets are sent to AP with the MAC address used by pseudobridge, and MAC addresses of received packets are restored from the address translation table. There is a single entry in the address translation table for all non-IP packets, hence more than one host in the bridged network cannot reliably use non-IP protocols. Note: Currently IPv6 doesn't work over Pseudobridge. +- `name` (String) Name of the interface. +- `ssid` (String) SSID (service set identifier) is a name that identifies wireless network. + +### Optional + +- `adaptive_noise_immunity` (String) This property is only effective for cards based on Atheros chipset. +- `allow_sharedkey` (Boolean) Allow WEP Shared Key clients to connect. Note that no authentication is done for these clients (WEP Shared keys are not compared to anything) - they are just accepted at once (if access list allows that). +- `ampdu_priorities` (Set of Number) Frame priorities for which AMPDU sending (aggregating frames and sending using block acknowledgment) should get negotiated and used. Using AMPDUs will increase throughput, but may increase latency, therefore, may not be desirable for real-time traffic (voice, video). Due to this, by default AMPDUs are enabled only for best-effort traffic. +- `amsdu_limit` (Number) Max AMSDU that device is allowed to prepare when negotiated. AMSDU aggregation may significantly increase throughput especially for small frames, but may increase latency in case of packet loss due to retransmission of aggregated frame. Sending and receiving AMSDUs will also increase CPU usage. +- `amsdu_threshold` (Number) Max frame size to allow including in AMSDU. +- `antenna_gain` (Number) Antenna gain in dBi, used to calculate maximum transmit power according to country regulations. +- `antenna_mode` (String) Select antenna to use for transmitting and for receiving: `ant-a` - use only 'a'; antenna `ant-b` - use only 'b'; antenna `txa-rxb` - use antenna 'a' for transmitting, antenna 'b' for receiving; `rxa-txb` - use antenna 'b' for transmitting, antenna 'a' for receiving. +- `area` (String) Identifies group of wireless networks. This value is announced by AP, and can be matched in connect-list by area-prefix. This is a proprietary extension. +- `arp` (String) ARP Mode. +- `arp_timeout` (String) ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in `/ip settings`, default is 30s. +- `band` (String) Defines set of used data rates, channel frequencies and widths. +- `basic_rates_ag` (Set of String) Similar to the basic-rates-b property, but used for 5ghz, 5ghz-10mhz, 5ghz-5mhz, 5ghz-turbo, 2.4ghz-b/g, 2.4ghz-onlyg, 2ghz-10mhz, 2ghz-5mhz and 2.4ghz-g-turbo bands. +- `basic_rates_b` (Set of String) List of basic rates, used for 2.4ghz-b, 2.4ghz-b/g and 2.4ghz-onlyg bands.Client will connect to AP only if it supports all basic rates announced by the AP. AP will establish WDS link only if it supports all basic rates of the other AP.This property has effect only in AP modes, and when value of rate-set is configured. +- `bridge_mode` (String) Allows to use station-bridge mode. +- `burst_time` (String) Time in microseconds which will be used to send data without stopping. Note that no other wireless cards in that network will be able to transmit data during burst-time microseconds. This setting is available only for AR5000, AR5001X, and AR5001X+ chipset based cards. +- `channel_width` (String) Use of extension channels (e.g. Ce, eC etc) allows additional 20MHz extension channels and if it should be located below or above the control (main) channel. Extension channel allows 802.11n devices to use up to 40MHz (802.11ac up to 160MHz) of spectrum in total thus increasing max throughput. Channel widths with XX and XXXX extensions automatically scan for a less crowded control channel frequency based on the number of concurrent devices running in every frequency and chooses the `C` - Control channel frequency automatically. +- `comment` (String) +- `compression` (Boolean) Setting this property to yes will allow the use of the hardware compression. Wireless interface must have support for hardware compression. Connections with devices that do not use compression will still work. +- `country` (String) Limits available bands, frequencies and maximum transmit power for each frequency. Also specifies default value of scan-list. Value no_country_set is an FCC compliant set of channels. +- `default_ap_tx_limit` (Number) This is the value of ap-tx-limit for clients that do not match any entry in the access-list. 0 means no limit. +- `default_authentication` (Boolean) For AP mode, this is the value of authentication for clients that do not match any entry in the access-list. For station mode, this is the value of connect for APs that do not match any entry in the connect-list. +- `default_client_tx_limit` (Number) This is the value of client-tx-limit for clients that do not match any entry in the access-list. 0 means no limit. +- `default_forwarding` (Boolean) This is the value of forwarding for clients that do not match any entry in the access-list. +- `disable_running_check` (Boolean) When set to yes interface will always have running flag. If value is set to no', the router determines whether the card is up and running - for AP one or more clients have to be registered to it, for station, it should be connected to an AP. +- `disabled` (Boolean) +- `disconnect_timeout` (String) This interval is measured from third sending failure on the lowest data rate. At this point 3 * (hw-retries + 1) frame transmits on the lowest data rate had failed. During disconnect-timeout packet transmission will be retried with on-fail-retry-time interval. If no frame can be transmitted successfully during disconnect-timeout, the connection is closed, and this event is logged as `extensive data loss`. Successful frame transmission resets this timer. +- `distance` (String) How long to wait for confirmation of unicast frames (ACKs) before considering transmission unsuccessful, or in short ACK-Timeout. Distance value has these behaviors:Dynamic - causes AP to detect and use the smallest timeout that works with all connected clients.Indoor - uses the default ACK timeout value that the hardware chip manufacturer has set.Number - uses the input value in formula: ACK-timeout = ((distance * 1000) + 299) / 300 us;Acknowledgments are not used in Nstreme/NV2 protocols. +- `frame_lifetime` (Number) Discard frames that have been queued for sending longer than frame-lifetime. By default, when value of this property is 0, frames are discarded only after connection is closed. +- `frequency` (String) Channel frequency value in MHz on which AP will operate.Allowed values depend on the selected band, and are restricted by country setting and wireless card capabilities. This setting has no effect if interface is in any of station modes, or in wds-slave mode, or if DFS is active.Note: If using mode `superchannel. +- `frequency_mode` (String) Three frequency modes are available: `regulatory-domain` - Limit available channels and maximum transmit power for each channel according to the value of country `manual-txpower` - Same as above, but do not limit maximum transmit power.`superchannel` - Conformance Testing Mode. Allow all channels supported by the card.List of available channels for each band can be seen in `/interface wireless` info allowed-channels. This mode allows you to test wireless channels outside the default scan-list and/or regulatory domain. This mode should only be used in controlled environments, or if you have special permission to use it in your region. Before v4.3 this was called Custom Frequency Upgrade, or Superchannel. Since RouterOS v4.3 this mode is available without special key upgrades to all installations. +- `frequency_offset` (Number) Allows to specify offset if the used wireless card operates at a different frequency than is shown in RouterOS, in case a frequency converter is used in the card. So if your card works at 4000MHz but RouterOS shows 5000MHz, set offset to 1000MHz and it will be displayed correctly. The value is in MHz and can be positive or negative. +- `guard_interval` (String) Whether to allow use of short guard interval (refer to 802.11n MCS specification to see how this may affect throughput). `any` will use either short or long, depending on data rate, `long` will use long. +- `hide_ssid` (Boolean) Yes - AP does not include SSID in the beacon frames, and does not reply to probe requests that have broadcast SSID.no - AP includes SSID in the beacon frames, and replies to probe requests that have broadcast SSID.This property has an effect only in AP mode. Setting it to yes can remove this network from the list of wireless networks that are shown by some client software. Changing this setting does not improve the security of the wireless network, because SSID is included in other frames sent by the AP. +- `ht_basic_mcs` (Set of String) Modulation and Coding Schemes that every connecting client must support. Refer to 802.11n for MCS specification. +- `ht_supported_mcs` (Set of String) Modulation and Coding Schemes that this device advertises as supported. Refer to 802.11n for MCS specification. +- `hw_fragmentation_threshold` (String) Specifies maximum fragment size in bytes when transmitted over the wireless medium. 802.11 standard packet (MSDU in 802.11 terminologies) fragmentation allows packets to be fragmented before transmitting over a wireless medium to increase the probability of successful transmission (only fragments that did not transmit correctly are retransmitted). Note that transmission of a fragmented packet is less efficient than transmitting unfragmented packet because of protocol overhead and increased resource usage at both - transmitting and receiving party. +- `hw_protection_mode` (String) Frame protection support property. +- `hw_protection_threshold` (Number) Frame protection support property read more >>. +- `hw_retries` (Number) Number of times sending frame is retried without considering it a transmission failure. Data-rate is decreased upon failure and the frame is sent again. Three sequential failures on the lowest supported rate suspend transmission to this destination for the duration of on-fail-retry-time. After that, the frame is sent again. The frame is being retransmitted until transmission success, or until the client is disconnected after disconnect-timeout. The frame can be discarded during this time if frame-lifetime is exceeded. +- `installation` (String) Adjusts scan-list to use indoor, outdoor or all frequencies for the country that is set. +- `interworking_profile` (String) +- `keepalive_frames` (String) Applies only if wireless interface is in mode=ap-bridge. If a client has not communicated for around 20 seconds, AP sends a `keepalive-frame`. Note, disabling the feature can lead to `ghost` clients in registration-table. +- `l2mtu` (Number) Layer2 Maximum transmission unit. [See](https://wiki.mikrotik.com/wiki/Maximum_Transmission_Unit_on_RouterBoards). +- `mac_address` (String) MAC address. +- `master_interface` (String) Name of wireless interface that has virtual-ap capability. Virtual AP interface will only work if master interface is in ap-bridge, bridge, station or wds-slave mode. This property is only for virtual AP interfaces. +- `max_station_count` (Number) Maximum number of associated clients. WDS links also count toward this limit. +- `mtu` (String) Layer3 Maximum transmission unit ('auto', 0 .. 65535) +- `multicast_buffering` (String) For a client that has power saving, buffer multicast packets until next beacon time. A client should wake up to receive a beacon, by receiving beacon it sees that there are multicast packets pending, and it should wait for multicast packets to be sent. +- `multicast_helper` (String) When set to full, multicast packets will be sent with a unicast destination MAC address, resolving multicast problem on the wireless link. This option should be enabled only on the access point, clients should be configured in station-bridge mode. Available starting from v5.15.disabled - disables the helper and sends multicast packets with multicast destination MAC addressesdhcp - dhcp packet mac addresses are changed to unicast mac addresses prior to sending them outfull - all multicast packet mac address are changed to unicast mac addresses prior to sending them outdefault - default choice that currently is set to dhcp. Value can be changed in future releases. +- `noise_floor_threshold` (String) For advanced use only, as it can badly affect the performance of the interface. It is possible to manually set noise floor threshold value. By default, it is dynamically calculated. This property also affects received signal strength. This property is only effective on non-AC chips. +- `nv2_cell_radius` (Number) Setting affects the size of contention time slot that AP allocates for clients to initiate connection and also size of time slots used for estimating distance to client. When setting is too small, clients that are farther away may have trouble connecting and/or disconnect with `ranging timeout` error. Although during normal operation the effect of this setting should be negligible, in order to maintain maximum performance, it is advised to not increase this setting if not necessary, so AP is not reserving time that is actually never used, but instead allocates it for actual data transfer.on AP: distance to farthest client in kmon station: no effect. +- `nv2_noise_floor_offset` (String) +- `nv2_preshared_key` (String, Sensitive) +- `nv2_qos` (String) Sets the packet priority mechanism, firstly data from high priority queue is sent, then lower queue priority data until 0 queue priority is reached. When link is full with high priority queue data, lower priority data is not sent. Use it very carefully, setting works on APframe-priority - manual setting that can be tuned with Mangle rules.default - default setting where small packets receive priority for best latency. +- `nv2_queue_count` (Number) +- `nv2_security` (String) +- `on_fail_retry_time` (String) After third sending failure on the lowest data rate, wait for specified time interval before retrying. +- `periodic_calibration` (String) Setting default enables periodic calibration if info default-periodic-calibration property is enabled. Value of that property depends on the type of wireless card. This property is only effective for cards based on Atheros chipset. +- `periodic_calibration_interval` (Number) This property is only effective for cards based on Atheros chipset. +- `preamble_mode` (String) Short preamble mode is an option of 802.11b standard that reduces per-frame overhead.On AP:long - Do not use short preamble.short - Announce short preamble capability. Do not accept connections from clients that do not have this capability.both - Announce short preamble capability.On station:long - do not use short preamble.short - do not connect to AP if it does not support short preamble.both - Use short preamble if AP supports it. +- `prism_cardtype` (String) Specify type of the installed Prism wireless card. +- `proprietary_extensions` (String) RouterOS includes proprietary information in an information element of management frames. This parameter controls how this information is included. `pre-2.9.25` - This is older method. It can interoperate with newer versions of RouterOS. This method is incompatible with some clients, for example, Centrino based ones. `post-2.9.25` - This uses standardized way of including vendor specific information, that is compatible with newer wireless clients. +- `rate_selection` (String) Starting from v5.9 default value is advanced since legacy mode was inefficient. +- `rate_set` (String) Two options are available: `default` - default basic and supported rate sets are used. Values from basic-rates and supported-rates parameters have no effect. `configured` - use values from basic-rates, supported-rates, basic-mcs, mcs. +- `rx_chains` (Set of Number) Which antennas to use for receive. In current MikroTik routers, both RX and TX chain must be enabled, for the chain to be enabled. +- `scan_list` (String) The default value is all channels from selected band that are supported by card and allowed by the country and frequency-mode settings (this list can be seen in info). For default scan list in 5ghz band channels are taken with 20MHz step, in 5ghz-turbo band - with 40MHz step, for all other bands - with 5MHz step. If scan-list is specified manually, then all matching channels are taken. (Example: scan-list=default,5200-5245,2412-2427 - This will use the default value of scan list for current band, and add to it supported frequencies from 5200-5245 or 2412-2427 range.) Since RouterOS v6.0 with Winbox or Webfig, for inputting of multiple frequencies, add each frequency or range of frequencies into separate multiple scan-lists. Using a comma to separate frequencies is no longer supported in Winbox/Webfig since v6.0.Since RouterOS v6.35 (wireless-rep) scan-list support step feature where it is possible to manually specify the scan step. Example: scan-list=5500-5600:20 will generate such scan-list values 5500,5520,5540,5560,5580,5600. +- `secondary_frequency` (String) Specifies secondary channel, required to enable 80+80MHz transmission. To disable 80+80MHz functionality, set secondary-frequency to `` or unset the value via CLI/GUI. +- `security_profile` (String) Name of profile from security-profiles. +- `skip_dfs_channels` (String) These values are used to skip all DFS channels or specifically skip DFS CAC channels in range 5600-5650MHz which detection could go up to 10min. +- `station_bridge_clone_mac` (String) This property has effect only in the station-pseudobridge-clone mode.Use this MAC address when connection to AP. If this value is 00:00:00:00:00:00, station will initially use MAC address of the wireless interface.As soon as packet with MAC address of another device needs to be transmitted, station will reconnect to AP using that address. +- `station_roaming` (String) Station Roaming feature is available only for 802.11 wireless protocol and only for station modes. +- `supported_rates_ag` (String) List of supported rates, used for all bands except 2ghz-b. +- `supported_rates_b` (String) List of supported rates, used for 2ghz-b, 2ghz-b/g and 2ghz-b/g/n bands. Two devices will communicate only using rates that are supported by both devices. This property has effect only when value of rate-set is configured. +- `tdma_period_size` (Number) Specifies TDMA period in milliseconds. It could help on the longer distance links, it could slightly increase bandwidth, while latency is increased too. +- `tx_chains` (Set of Number) Which antennas to use for transmitting. In current MikroTik routers, both RX and TX chain must be enabled, for the chain to be enabled. +- `tx_power` (Number) For 802.11ac wireless interface it's total power but for 802.11a/b/g/n it's power per chain. +- `tx_power_mode` (String) Sets up tx-power mode for wireless card `default` - use values stored in the card `all-rates-fixed` - use same transmit power for all data rates. Can damage the card if transmit power is set above rated value of the card for used rate. `manual-table` - define transmit power for each rate separately. Can damage the card if transmit power is set above rated value of the card for used rate. `card-rates` - use transmit power calculated for each rate based on value of tx-power parameter. Legacy mode only compatible with currently discontinued products. +- `update_stats_interval` (String) How often to request update of signals strength and ccq values from clients. Access to registration-table also triggers update of these values.This is proprietary extension. +- `vht_basic_mcs` (String) Modulation and Coding Schemes that every connecting client must support. Refer to 802.11ac for MCS specification. You can set MCS interval for each of Spatial Stream `none` - will not use selected; Spatial Stream `mcs0-7` - client must support MCS-0 to MCS-7; `mcs0-8` - client must support MCS-0 to MCS-8; `mcs0-9` - client must support MCS-0 to MCS-9. +- `vht_supported_mcs` (String) Modulation and Coding Schemes that this device advertises as supported. Refer to 802.11ac for MCS specification. You can set MCS interval for each of Spatial Stream `none` - will not use selected; Spatial Stream `mcs0-7` - devices will advertise as supported MCS-0 to MCS-7; `mcs0-8` - devices will advertise as supported MCS-0 to MCS-8; `mcs0-9` - devices will advertise as supported MCS-0 to MCS-9. +- `vlan_id` (Number) VLAN ID to use if doing VLAN tagging. +- `vlan_mode` (String) VLAN tagging mode specifies if traffic coming from client should get tagged (and untagged when going to client). +- `wds_cost_range` (String) Bridge port cost of WDS links are automatically adjusted, depending on measured link throughput. Port cost is recalculated and adjusted every 5 seconds if it has changed by more than 10%, or if more than 20 seconds have passed since the last adjustment.Setting this property to 0 disables automatic cost adjustment.Automatic adjustment does not work for WDS links that are manually configured as a bridge port. +- `wds_default_bridge` (String) When WDS link is established and status of the wds interface becomes running, it will be added as a bridge port to the bridge interface specified by this property. When WDS link is lost, wds interface is removed from the bridge. If wds interface is already included in a bridge setup when WDS link becomes active, it will not be added to bridge specified by , and will (needs editing). +- `wds_default_cost` (Number) Initial bridge port cost of the WDS links. +- `wds_ignore_ssid` (Boolean) By default, WDS link between two APs can be created only when they work on the same frequency and have the same SSID value. If this property is set to yes, then SSID of the remote AP will not be checked. This property has no effect on connections from clients in station-wds mode. It also does not work if wds-mode is static-mesh or dynamic-mesh. +- `wds_mode` (String) Controls how WDS links with other devices (APs and clients in station-wds mode) are established. `disabled` does not allow WDS links. `static` only allows WDS links that are manually configured in WDS. `dynamic` also allows WDS links with devices that are not configured in WDS, by creating required entries dynamically. Such dynamic WDS entries are removed automatically after the connection with the other AP is lost. `-mesh` modes use different (better) method for establishing link between AP, that is not compatible with APs in non-mesh mode. This method avoids one-sided WDS links that are created only by one of the two APs. Such links cannot pass any data.When AP or station is establishing WDS connection with another AP, it uses connect-list to check whether this connection is allowed. If station in station-wds mode is establishing connection with AP, AP uses access-list to check whether this connection is allowed.If mode is station-wds, then this property has no effect. +- `wireless_protocol` (String) Specifies protocol used on wireless interface; `unspecified` - protocol mode used on previous RouterOS versions (v3.x, v4.x). Nstreme is enabled by old enable-nstreme setting, Nv2 configuration is not possible. `any` : on AP - regular 802.11 Access Point or Nstreme Access Point; on station - selects Access Point without specific sequence, it could be changed by connect-list rules. `nstreme` - enables Nstreme protocol (the same as old enable-nstreme setting). `nv2` - enables Nv2 protocol. `nv2 nstreme` : on AP - uses first wireless-protocol setting, always Nv2; on station - searches for Nv2 Access Point, then for Nstreme Access Point. `nv2 nstreme 802.11` - on AP - uses first wireless-protocol setting, always Nv2; on station - searches for Nv2 Access Point, then for Nstreme Access Point, then for regular 802.11 Access Point.Warning! Nv2 doesn't have support for Virtual AP. +- `wmm_support` (String) Specifies whether to enable WMM. Only applies to bands B and G. Other bands will have it enabled regardless of this setting. +- `wps_mode` (String) WPS Server allows to connect wireless clients that support WPS to AP protected with the Pre-Shared Key without specifying that key in the clients configuration. + +### Read-Only + +- `default_name` (String) +- `id` (String) The ID of this resource. +- `interface_type` (String) +- `radio_name` (String) Descriptive name of the device, that is shown in registration table entries on the remote devices. This is a proprietary extension. +- `running` (Boolean) + +## Import +Import is supported using the following syntax: +```shell +#The ID can be found via API or the terminal +#The command for the terminal is -> :put [/interface/wireless get [print show-ids]] +terraform import routeros_interface_wireless.test *3 +``` diff --git a/docs/resources/interface_wireless_access_list.md b/docs/resources/interface_wireless_access_list.md new file mode 100644 index 00000000..cd02c799 --- /dev/null +++ b/docs/resources/interface_wireless_access_list.md @@ -0,0 +1,46 @@ +# routeros_interface_wireless_access_list (Resource) + + +## Example Usage +```terraform +resource "routeros_interface_wireless_access_list" "test" { + signal_range = "-100..100" + time = "3h3m-5h,mon,tue,wed,thu,fri" + mac_address = "00:AA:BB:CC:DD:EE" +} +``` + + +## Schema + +### Optional + +- `allow_signal_out_of_range` (String) Option which permits client's signal to be out of the range always or for some time interval. +- `ap_tx_limit` (Number) Limit rate of data transmission to this client. Value 0 means no limit. Value is in bits per second. +- `authentication` (Boolean) No - Client association will always fail.yes - Use authentication procedure that is specified in the security-profile of the interface. +- `client_tx_limit` (Number) Ask client to limit rate of data transmission. Value 0 means no limit.This is a proprietary extension that is supported by RouterOS clients.Value is in bits per second. +- `comment` (String) +- `disabled` (Boolean) +- `forwarding` (Boolean) `No` - Client cannot send frames to other station that are connected to same access point.yes - Client can send frames to other stations on the same access point. +- `interface` (String) Rules with interface=any are used for any wireless interface and the interface=all defines interface-list `all` name. To make rule that applies only to one wireless interface, specify that interface as a value of this property. +- `mac_address` (String) Rule matches client with the specified MAC address. Value 00:00:00:00:00:00 matches always. +- `management_protection_key` (String) Management protection shared secret. +- `private_algo` (String) Only for `WEP` modes. +- `private_key` (String) Only for `WEP` modes (HEX). +- `private_pre_shared_key` (String) Used in `WPA PSK` mode. +- `signal_range` (String) Rule matches if signal strength of the station is within the range.If signal strength of the station will go out of the range that is specified in the rule, access point will disconnect that station. +- `time` (String) Rule will match only during specified time.Station will be disconnected after specified time ends. Both start and end time is expressed as time since midnight, 00:00. Rule will match only during specified days of the week. Ex: "3h3m-5h,mon,tue,wed,thu,fri" +- `vlan_id` (Number) VLAN ID to use if doing VLAN tagging. +- `vlan_mode` (String) VLAN tagging mode specifies if traffic coming from client should get tagged (and untagged when going to client). + +### Read-Only + +- `id` (String) The ID of this resource. + +## Import +Import is supported using the following syntax: +```shell +#The ID can be found via API or the terminal +#The command for the terminal is -> :put [/interface/wireless/access-list get [print show-ids]] +terraform import routeros_interface_wireless_access_list.test *3 +``` diff --git a/docs/resources/interface_wireless_security_profiles.md b/docs/resources/interface_wireless_security_profiles.md new file mode 100644 index 00000000..cd2cc01a --- /dev/null +++ b/docs/resources/interface_wireless_security_profiles.md @@ -0,0 +1,72 @@ +# routeros_interface_wireless_security_profiles (Resource) + + +## Example Usage +```terraform +resource "routeros_interface_wireless_security_profiles" "test" { + name = "test-profile" + mode = "dynamic-keys" + authentication_types = ["wpa-psk", "wpa2-psk"] + wpa_pre_shared_key = "wpa_psk_key" + wpa2_pre_shared_key = "wpa2_psk_key" +} +``` + + +## Schema + +### Required + +- `name` (String) Name of the security profile. + +### Optional + +- `authentication_types` (Set of String) Set of supported authentication types, multiple values can be selected. Access Point will advertise supported authentication types, and client will connect to Access Point only if it supports any of the advertised authentication types. +- `comment` (String) +- `disable_pmkid` (Boolean) Whether to include `PMKID` into the `EAPOL` frame sent out by the Access Point. Disabling PMKID can cause compatibility issues with devices that use the PMKID to connect to an Access Point. `yes` - removes PMKID from EAPOL frames (improves security, reduces compatibility). `no` - includes PMKID into EAPOL frames (reduces security, improves compatibility).This property only has effect on Access Points. +- `eap_methods` (String) Allowed types of authentication methods, multiple values can be selected. This property only has effect on Access Points. `eap-tls` - Use built-in EAP TLS authentication. Both client and server certificates are supported. See description of tls-mode and tls-certificate properties. `eap-ttls-mschapv2` - Use EAP-TTLS with MS-CHAPv2 authentication. `passthrough` - Access Point will relay authentication process to the RADIUS server. `peap` - Use Protected EAP authentication. +- `group_ciphers` (String) Access Point advertises one of these ciphers, multiple values can be selected. Access Point uses it to encrypt all broadcast and multicast frames. Client attempts connection only to Access Points that use one of the specified group ciphers. `tkip` - Temporal Key Integrity Protocol - encryption protocol, compatible with legacy WEP equipment, but enhanced to correct some of the WEP flaws. `aes-ccm` - more secure WPA encryption protocol, based on the reliable AES (Advanced Encryption Standard). Networks free of WEP legacy should use only this cipher. +- `group_key_update` (String) Controls how often Access Point updates the group key. This key is used to encrypt all broadcast and multicast frames. property only has effect for Access Points. +- `interim_update` (String) When RADIUS accounting is used, Access Point periodically sends accounting information updates to the RADIUS server. This property specifies default update interval that can be overridden by the RADIUS server using Acct-Interim-Interval attribute. +- `management_protection` (String) Management frame protection. Used for: Deauthentication attack prevention, MAC address cloning issue. Possible values are: `disabled` - management protection is disabled (default), `allowed` - use management protection if supported by remote party (for AP - allow both, non-management protection and management protection clients, for client - connect both to APs with and without management protection), `required` - establish association only with remote devices that support management protection (for AP - accept only clients that support management protection, for client - connect only to APs that support management protection). +- `management_protection_key` (String, Sensitive) Management protection shared secret. When interface is in AP mode, default management protection key (configured in security-profile) can be overridden by key specified in access-list or RADIUS attribute. +- `mode` (String) Encryption mode for the security profile. `none` - Encryption is not used. Encrypted frames are not accepted. `static-keys-required` - WEP mode. Do not accept and do not send unencrypted frames. Station in static-keys-required mode will not connect to an Access Point in static-keys-optional mode. `static-keys-optional` - WEP mode. Support encryption and decryption, but allow also to receive and send unencrypted frames. Device will send unencrypted frames if encryption algorithm is specified as none. Station in static-keys-optional mode will not connect to an Access Point in `static-keys-required` mode. See also: static-sta-private-algo, static-transmit-key. `dynamic-keys` - WPA mode. +- `mschapv2_password` (String) Password to use for authentication when `eap-ttls-mschapv2` or `peap` authentication method is being used. This property only has effect on Stations. +- `mschapv2_username` (String) Username to use for authentication when `eap-ttls-mschapv2` or `peap` authentication method is being used. This property only has effect on Stations. +- `radius_called_format` (String) mac | mac:ssid | ssid +- `radius_eap_accounting` (Boolean) +- `radius_mac_accounting` (Boolean) +- `radius_mac_authentication` (Boolean) This property affects the way how Access Point processes clients that are not found in the Access List.no - allow or reject client authentication based on the value of default-authentication property of the Wireless interface.yes - Query RADIUS server using MAC address of client as user name. With this setting the value of default-authentication has no effect. +- `radius_mac_caching` (String) If this value is set to time interval, the Access Point will cache RADIUS MAC authentication responses for specified time, and will not contact RADIUS server if matching cache entry already exists. Value disabled will disable cache, Access Point will always contact RADIUS server. +- `radius_mac_format` (String) Controls how MAC address of the client is encoded by Access Point in the User-Name attribute of the MAC authentication and MAC accounting RADIUS requests. +- `radius_mac_mode` (String) By default Access Point uses an empty password, when sending Access-Request during MAC authentication. When this property is set to `as-username-and-password`, Access Point will use the same value for User-Password attribute as for the User-Name attribute. +- `static_algo_0` (String) Encryption algorithm to use with the corresponding key. +- `static_algo_1` (String) Encryption algorithm to use with the corresponding key. +- `static_algo_2` (String) Encryption algorithm to use with the corresponding key. +- `static_algo_3` (String) Encryption algorithm to use with the corresponding key. +- `static_key_0` (String, Sensitive) Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section. +- `static_key_1` (String, Sensitive) Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section. +- `static_key_2` (String, Sensitive) Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section. +- `static_key_3` (String, Sensitive) Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section. +- `static_sta_private_algo` (String) Encryption algorithm to use with station private key. Value none disables use of the private key. This property is only used on Stations. Access Point has to get corresponding value either from private-algo property, or from Mikrotik-Wireless-Enc-Algo attribute. Station private key replaces key 0 for unicast frames. Station will not use private key to decrypt broadcast frames. +- `static_sta_private_key` (String, Sensitive) Length of key must be appropriate for selected algorithm, see the Statically configured WEP keys section. This property is used only on Stations. Access Point uses corresponding key either from private-key property, or from Mikrotik-Wireless-Enc-Key attribute. +- `static_transmit_key` (String) Access Point will use the specified key to encrypt frames for clients that do not use private key. Access Point will also use this key to encrypt broadcast and multicast frames. Client will use the specified key to encrypt frames if static-sta-private-algo is set to none. If corresponding static-algo-N property has value set to none, then frame will be sent unencrypted (when mode is set to static-keys-optional) or will not be sent at all (when mode is set to static-keys-required). +- `supplicant_identity` (String, Sensitive) EAP identity that is sent by client at the beginning of EAP authentication. This value is used as a value for User-Name attribute in RADIUS messages sent by RADIUS EAP accounting and RADIUS EAP pass-through authentication. +- `tls_certificate` (String) Access Point always needs a certificate when configured when tls-mode is set to verify-certificate, or is set to dont-verify-certificate. Client needs a certificate only if Access Point is configured with tls-mode set to verify-certificate. In this case client needs a valid certificate that is signed by a CA known to the Access Point. This property only has effect when tls-mode is not set to no-certificates and eap-methods contains eap-tls. +- `tls_mode` (String) This property has effect only when eap-methods contains eap-tls. `verify-certificate` - Require remote device to have valid certificate. Check that it is signed by known certificate authority. No additional identity verification is done. Certificate may include information about time period during which it is valid. If router has incorrect time and date, it may reject valid certificate because router's clock is outside that period. See also the Certificates configuration. `dont-verify-certificate` - Do not check certificate of the remote device. Access Point will not require client to provide certificate. `no-certificates` - Do not use certificates. TLS session is established using 2048 bit anonymous Diffie-Hellman key exchange. `verify-certificate-with-crl` - Same as verify-certificate but also checks if the certificate is valid by checking the Certificate Revocation List. +- `unicast_ciphers` (String) Access Point advertises that it supports specified ciphers, multiple values can be selected. Client attempts connection only to Access Points that supports at least one of the specified ciphers. One of the ciphers will be used to encrypt unicast frames that are sent between Access Point and Station. +- `wpa2_pre_shared_key` (String, Sensitive) `WPA2` pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA2 mode. property only has effect when wpa2-psk is added to authentication-types. +- `wpa_pre_shared_key` (String, Sensitive) `WPA` pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA mode. property only has effect when wpa-psk is added to authentication-types. + +### Read-Only + +- `default` (Boolean) It's the default item. +- `id` (String) The ID of this resource. + +## Import +Import is supported using the following syntax: +```shell +#The ID can be found via API or the terminal +#The command for the terminal is -> :put [/interface/wireless/security-profiles get [print show-ids]] +terraform import routeros_interface_wireless_security_profiles.test *3 +``` diff --git a/docs/resources/ip_hotspot_user.md b/docs/resources/ip_hotspot_user.md index 4c7421ca..4c9b37da 100644 --- a/docs/resources/ip_hotspot_user.md +++ b/docs/resources/ip_hotspot_user.md @@ -33,7 +33,7 @@ resource "routeros_ip_hotspot_user" "test" { ### Read-Only -- `default` (Boolean) It's the default rule. +- `default` (Boolean) It's the default item. - `dynamic` (Boolean) Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified. - `id` (String) The ID of this resource. diff --git a/docs/resources/ip_hotspot_user_profile.md b/docs/resources/ip_hotspot_user_profile.md index b0507674..c975f706 100644 --- a/docs/resources/ip_hotspot_user_profile.md +++ b/docs/resources/ip_hotspot_user_profile.md @@ -54,7 +54,7 @@ resource "routeros_ip_hotspot_user_profile" "test" { ### Read-Only -- `default` (Boolean) It's the default rule. +- `default` (Boolean) It's the default item. - `id` (String) The ID of this resource. ## Import diff --git a/docs/resources/ipv6_neighbor_discovery.md b/docs/resources/ipv6_neighbor_discovery.md index ad478e86..81576d67 100644 --- a/docs/resources/ipv6_neighbor_discovery.md +++ b/docs/resources/ipv6_neighbor_discovery.md @@ -52,7 +52,7 @@ resource "routeros_ipv6_neighbor_discovery" "test" { ### Read-Only -- `default` (Boolean) Neighbor discovery entry is the default configuration. +- `default` (Boolean) It's the default item. - `id` (String) The ID of this resource. - `invalid` (Boolean) diff --git a/docs/resources/ppp_profile.md b/docs/resources/ppp_profile.md index dfebb03a..128b6f20 100644 --- a/docs/resources/ppp_profile.md +++ b/docs/resources/ppp_profile.md @@ -54,7 +54,7 @@ resource "routeros_ppp_profile" "test" { ### Read-Only -- `default` (String) Default profile sign. +- `default` (Boolean) It's the default item. - `id` (String) The ID of this resource. ## Import diff --git a/docs/resources/routing_bgp_template.md b/docs/resources/routing_bgp_template.md index 01f1b81c..15b7678c 100644 --- a/docs/resources/routing_bgp_template.md +++ b/docs/resources/routing_bgp_template.md @@ -36,7 +36,7 @@ ### Read-Only -- `default` (Boolean) +- `default` (Boolean) It's the default item. - `id` (String) The ID of this resource. diff --git a/docs/resources/snmp_community.md b/docs/resources/snmp_community.md index 8e66bb5a..ffdc99aa 100644 --- a/docs/resources/snmp_community.md +++ b/docs/resources/snmp_community.md @@ -41,7 +41,7 @@ resource "routeros_snmp_community" "mything" { ### Read-Only -- `default` (Boolean) It's a default community. +- `default` (Boolean) It's the default item. - `id` (String) The ID of this resource. ## Import diff --git a/docs/resources/system_led.md b/docs/resources/system_led.md index ffa91aeb..9a8ed981 100644 --- a/docs/resources/system_led.md +++ b/docs/resources/system_led.md @@ -23,7 +23,7 @@ resource "routeros_system_led" "sfp1" { ### Read-Only -- `default` (Boolean) +- `default` (Boolean) It's the default item. - `id` (String) The ID of this resource. ## Import diff --git a/docs/resources/system_logging.md b/docs/resources/system_logging.md index d412ba19..42a41fcd 100644 --- a/docs/resources/system_logging.md +++ b/docs/resources/system_logging.md @@ -26,7 +26,7 @@ resource "routeros_system_logging" "log_snmp_disk" { ### Read-Only -- `default` (String) +- `default` (Boolean) It's the default item. - `id` (String) The ID of this resource. - `invalid` (Boolean) diff --git a/docs/resources/system_logging_action.md b/docs/resources/system_logging_action.md index 457638da..36aa55dc 100644 --- a/docs/resources/system_logging_action.md +++ b/docs/resources/system_logging_action.md @@ -32,7 +32,7 @@ ### Read-Only -- `default` (Boolean) This is a default action. +- `default` (Boolean) It's the default item. - `id` (String) The ID of this resource. diff --git a/docs/resources/tool_sniffer.md b/docs/resources/tool_sniffer.md index 49bbcb9a..c168299d 100644 --- a/docs/resources/tool_sniffer.md +++ b/docs/resources/tool_sniffer.md @@ -4,6 +4,8 @@ ## Example Usage ```terraform resource "routeros_tool_sniffer" "test" { + enabled = true + streaming_enabled = true streaming_server = "192.168.88.5:37008" filter_stream = true @@ -19,6 +21,7 @@ resource "routeros_tool_sniffer" "test" { ### Optional +- `enabled` (Boolean) Start packet capture. - `file_limit` (Number) File size limit. Sniffer will stop when a limit is reached. - `file_name` (String) Name of the file where sniffed packets will be saved. - `filter_cpu` (String) CPU core used as a filter. diff --git a/docs/resources/user_manager_attribute.md b/docs/resources/user_manager_attribute.md index 1d29393b..53986ab5 100644 --- a/docs/resources/user_manager_attribute.md +++ b/docs/resources/user_manager_attribute.md @@ -27,7 +27,7 @@ resource "routeros_user_manager_attribute" "mikrotik_wireless_comment" { ### Read-Only -- `default` (Boolean) +- `default` (Boolean) It's the default item. - `default_name` (String) The attribute's default name. - `id` (String) The ID of this resource. - `standard_name` (String) diff --git a/docs/resources/user_manager_user_group.md b/docs/resources/user_manager_user_group.md index a3ddd787..37ffe79b 100644 --- a/docs/resources/user_manager_user_group.md +++ b/docs/resources/user_manager_user_group.md @@ -47,7 +47,7 @@ resource "routeros_user_manager_user_group" "test" { ### Read-Only -- `default` (Boolean) +- `default` (Boolean) It's the default item. - `default_name` (String) The default name of the group. - `id` (String) The ID of this resource. diff --git a/package.json b/package.json index ff1dc661..803712c8 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "terraform-provider-routeros", - "version": "1.63.1", + "version": "1.64.0", "repository": { "type": "git", "url": "https://github.com/terraform-routeros/terraform-provider-routeros"