Community discussions

MikroTik App
 
shrek777
Member Candidate
Member Candidate
Topic Author
Posts: 264
Joined: Wed Jan 21, 2009 9:44 am

Security For Wisp and the best configuration

Wed Dec 23, 2009 10:17 am

I see that most of forum users have their own wisp or are working in wisp.

Please lets make the best configuration for wisp.

For security i have suggestion. please help me to make network secure.

I will make example:

We have one radius server (Mikrotik Radius v4), one ap rb600 + 4 card + 4 sector antenna.

Security
Is it correct to use WPA-PSK + PPPOE, or it will reduce traffic.
or is it possible to use different encription for all user? like when user connects to ap, ap will ask key, then client will give enc key, ap will check it to radius if ok it will authenticate user.

Cleint Configuration

when cleints are connected to ap, which type of connection is correct, i think it will be correct to lock client to mac address not on SSID, becouse if you have concurents they can turn on AP give him your SSID name and all client will connect to his AP.
if you will connect client to ap by mac address they will need at first to reach APs mac address, then they will need to clone mac address and after that clients will reconect to there AP.
to prevent this, is it correct to use Virtual AP and give to interface random MAC address. also we need to prevent access to our mac address for everyone.
I have public ip-is for all users, is it correct to use pppoe on bridge interface?
Also i have hotspots in different locations, in one location i will have about 300 users, is it correct to use one radius server or i need to put radius servers in each place?

And also if some one have answers for this question and also some suggestion please add them, this will be very good lessons for littlee wisp or for them who are biggining there bussines.

After i will get all information i will collect this information and i will post new post with name suggestion for wisp.
 
gmidia
Member Candidate
Member Candidate
Posts: 223
Joined: Sun Sep 02, 2007 3:28 pm

Re: Security For Wisp and the best configuration

Wed Dec 23, 2009 12:39 pm

make one radius server with maybe a secondary one .
In hotspot senario you don't require wep encryption as it should be open for any body who wants to connect to do so for revenue collection otherwise it will not be a hotspot. once you put an encryption it is a closed system.
authentication should be through a login page
 
shrek777
Member Candidate
Member Candidate
Topic Author
Posts: 264
Joined: Wed Jan 21, 2009 9:44 am

Re: Security For Wisp and the best configuration

Wed Dec 23, 2009 5:15 pm

Hello
Thank you for your replay.
Yes i know that hotspot must be opened but for clients who have their access points, i meen i have some clients with ubiquiti loco5,

Who is online

Users browsing this forum: Amazon [Bot], Cr4shOnPc, own3r1138 and 75 guests