I’ve configured MAC authentication for Wireless Mikrotik CPE’s (clients) against FreeRadius with WPA2-PSK/AES for encryption on a MT 2.9 AP.
On the MT CPE - Security profiles:
Mode = Dynamic Keys
Authentication Types = WPA2 PSK
Unicast and Group Ciphers are both set for aes ccm
WPA2 Pre-Shared Key = “ThisIsATestKEY”
Radius MAC Authentication is NOT enabled
On the MT AP - Security profile >
The configuration is the same except that Radius MAC Authentication is Enabled.
IP Address Allocation is done on the AP with DHCP.
On the FreeRadius Server the User Name is the MAC Address of the Client.
This configuration works - I just want to know if it’s the right way to do Radius MAC Auth and AES encryption with MT ?
I’m rather surprised that it was so easy to get going (I gave up doing the same thing with Tranzeo - it just wouldn’t work) - so I’m concerned that I missed something 
Thx
S