Community discussions

MikroTik App
  4. RouterOS
  5. Wireless Networking

Security profile for a point-to-point link

Post Reply
 
josu
Member Candidate
Member Candidate
Topic Author
Posts: 152
Joined: Wed May 27, 2015 6:20 pm

Security profile for a point-to-point link

Mon Aug 29, 2016 12:16 pm

Hello,

I have a point-to-point link between 2 SXT 5HPnD devices. I leave the default security profile to test and I can ping between both devices.
Code: Select all
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n channel-width=20/40mhz-Ce disabled=no frequency=5805 ht-supported-mcs=\
    mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15 mode=bridge ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
I want to secure the link, which option I could configure? IPSec? WPA2?

I need 100mbps, so maybe IPSec is not a good choice.

I will appreciate your experience.

Kind regards.
Top
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: Security profile for a point-to-point link

Tue Aug 30, 2016 2:15 am

Wpa2.
Top
 
josu
Member Candidate
Member Candidate
Topic Author
Posts: 152
Joined: Wed May 27, 2015 6:20 pm

Re: Security profile for a point-to-point link

Wed Aug 31, 2016 1:40 pm

Wpa2.
Thanks!

I configure same security profiles in both sites:

Image

I have some questions:

1. PSK or EAP? Which is better? Or both?
2. MAC Authentication? Could I configure it?

I want to configure a secure link with a good bandwidth, do you recommend other change in the configuration?

Thanks for your great help.

Kind regards.
Top
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: Security profile for a point-to-point link

Thu Sep 01, 2016 5:28 pm

PSK, no need for EAP.

I would use access list for explicit enabling mac addresses, if necessary.
Top
 
josu
Member Candidate
Member Candidate
Topic Author
Posts: 152
Joined: Wed May 27, 2015 6:20 pm

Re: Security profile for a point-to-point link

Mon Sep 05, 2016 9:46 am

PSK, no need for EAP.

I would use access list for explicit enabling mac addresses, if necessary.
Thanks!

And what about "Unicast Ciphers" and "Group Ciphers" options? I have "aes ccm" and "tkip". I selected default option (aes ccm).

Kind regards.
Top
 
p3rad0x
Long time Member
Long time Member
Posts: 637
Joined: Fri Sep 18, 2015 5:42 pm
Location: South Africa
Contact:
Contact p3rad0x

Re: Security profile for a point-to-point link

Tue Sep 06, 2016 1:04 pm

If you add the client to the access list and enable hide ssid and disable default forwarding and authentication then no other device can connect to it.

Also set the mode to bridge if it is ap bridge.

Whay are you using webfig if you there is winbox?
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 51 guests
  4. RouterOS
  5. Wireless Networking