Hi guys, I must admit I don’t understand how does “Wireless” tab “Default Authenticate” and “Default Forward” options work along with “Access list” entry and WPA2 PSK password work along.
What I would like to achieve is:
- WPA2 PSK password is required and
- Being on a Access list is simultaneously required
Any client with wrong password OR not on access list will not allowed to connect.
Will that be achieved with:
- Wireless → “Default Authenticate” = False
- Client added to “Access List” with “Authentication” = “True”
I don’t understand the connection between “Default Authenticate” in wireless settings and “Authentication” in Access list.
EDIT:
This answer a part of my question: http://forum.mikrotik.com/t/the-mystery-of-default-forward/5388/1
So basically “Default authenticate” name (which seem stupid in this context) does actually mean “Allow clients not on Access list” right?
But If I uncheck the above (to force checking “access list”) will it still require WPA2 password? I’d like that.
WPA2 is the encryption of your Wifi network and its traffic.
You need to have that if you do not want your traffic “visible” to anyone else.
At the same time this means one need to have your WPA2 pass phrase if he wants to have any chance to connect.
The AccessList means you have one more level of control. MAC address based.
One who has WPA2 pass phrase is only allowed (Default Authenticat = off) if he has been added to the Access List
(And the conditions apply, like signal strength, time of the day etc…)
So basically Access list allows to better control, when, who, how Wifi client can access the Wifi network.
Imagine you don;t want to have your kids access to Wifi after 20h. In theory you could change the
WPA2 password. But this means EVERYBODY would need to change it.
With Access List you can define that certain MAC addresses can;t access after 20h for instance…
Does this make it clearer for you?
Default Forward is more a firewall function: One client will not be able to communicate with other clients if this is set
(this can be set on interface level , as well on individual access list entries.).
Like on Guests you don’t want them to see each other phones etc. so here you can use Default Forward = off.