hide ssid and access list does not working

mistiq · August 17, 2016, 12:02pm

Hello,

I have rb751 and nanostation m2 in bridge mode:
NSM does not support any encryption except WEP in ap-repeater mode.
I try to restrict connection to SSID on wlan1

 /interface wireless print
 name="wlan1" mtu=1500 l2mtu=1600 mac-address=00:0C:42:D5:05:3C arp=enabled 
      interface-type=Atheros AR92xx mode=bridge ssid="br" frequency=2412 
      band=2ghz-b/g channel-width=20mhz scan-list=default wireless-protocol=any 
      antenna-mode=rxa-txb vlan-mode=no-tag vlan-id=1 wds-mode=dynamic 
      wds-default-bridge=bridge-wds wds-ignore-ssid=no bridge-mode=enabled 
      default-authentication=no default-forwarding=no default-ap-tx-limit=0 
      default-client-tx-limit=0 hide-ssid=yes security-profile=default 
      compression=no

/interface wireless wds print 
 name="wds1" mtu=1500 l2mtu=1600 mac-address=00:0C:42:D5:05:3C arp=enabled 
       arp-timeout=auto master-interface=wlan1 wds-address=DC:9F:DB:06:87:32

 
 /interface wireless access-list print
 mac-address=DC:9F:DB:06:87:32 (NSM2 MAC) interface=wlan1 signal-range=-120..120 
     authentication=no forwarding=no ap-tx-limit=0 client-tx-limit=0 
     private-algo=none private-key="" private-pre-shared-key="" 
     management-protection-key="" vlan-mode=no-tag vlan-id=1

In this case HIDE SSID and ACCESS LIST does not working. I can see ssid “br” and can connect to it.
What can i do to prohibit any connection to “br” except NSM2?

ZeroByte · August 17, 2016, 1:31pm

Don’t use AP repeater… ESPECIALLY if it requires that you use WEP.
Even if you hide the SSID, this only stops the absolutely clueless people from finding and abusing your network.
In fact, if I were a hacker, I would specifically choose the hidden one to hack into.

Repeaters cut your bandwidth in half, too.

Install two radios - one to connect to the Mikrotik, and one to be the AP.
Why not get a dual radio Mikrotik and install that instead of the NSM?

mistiq · August 17, 2016, 1:49pm

Why not get a dual radio Mikrotik and install that instead of the NSM?

Because i`m already have NSM and mikrotik.
Radio chip in rb is so poor compared Nanostation.

Install two radios - one to connect to the Mikrotik, and one to be the AP.

How i can do this?
When i enable WDS on wlan1 interface, wds1 automatically appears as slave to wlan1.

/interface wireless print detail 
Flags: X - disabled, R - running 
 0  R name="wlan1" mtu=1500 l2mtu=1600 mac-address=00:0C:42:D5:05:3C arp=enabled 
      interface-type=Atheros AR92xx mode=bridge ssid="br" frequency=2412 
      band=2ghz-b/g channel-width=20mhz scan-list=default wireless-protocol=any 
      antenna-mode=rxa-txb vlan-mode=no-tag vlan-id=1 wds-mode=dynamic 
      wds-default-bridge=bridge-wds wds-ignore-ssid=no bridge-mode=enabled 
      default-authentication=no default-forwarding=no default-ap-tx-limit=0 
      default-client-tx-limit=0 hide-ssid=yes security-profile=default 
      compression=no 

 1  R name="wlan_private" mtu=1500 l2mtu=1600 mac-address=02:0C:42:D5:05:3C 
      arp=enabled interface-type=virtual-AP master-interface=wlan1 
      ssid="area51" vlan-mode=no-tag vlan-id=1 wds-mode=disabled 
      wds-default-bridge=bridge_private wds-ignore-ssid=no bridge-mode=enabled 
      default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 
      default-client-tx-limit=0 hide-ssid=no security-profile=WPA

/interface wireless wds print 
Flags: X - disabled, R - running, D - dynamic 
 0  DR  name="wds1" mtu=1500 l2mtu=1600 mac-address=00:0C:42:D5:05:3C arp=enabled 
       arp-timeout=auto master-interface=wlan1 wds-address=DC:9F:DB:06:87:32