[EDIT] After posting the question below, I was doing more research, and as it turns out Management Frame Protection is not supported when the OTA Protocol is set to NV2.
Please disregard the below question.
Hi there...
A client we had had an issue one day with a hacker doing DEAUTH attacks on an AP/clients.
I had been reading about the 'Management Frame Protect' setup in Mikrotik manual, but I'm not sure if I have a complete understanding.
If an AP has MFP 'required', and a 'secret' entered, and a CL, does not have it enabled, and no secret entered, is the CL still supposed to be able to associate and authenticate with the AP? That's what I see here.
Specifically, I'm working with RB912's, using 6.48.6. Even ROS back to 6.11 had these settings, so it seems like something that should work.
Or is it possible the MFP only protects after the CL is associated? Or, only a few MF types, like a DEAUTH?
If anyone can advise, that would be great. Thanks in advance.