josu
August 29, 2016, 9:16am
1
Hello,
I have a point-to-point link between 2 SXT 5HPnD devices. I leave the default security profile to test and I can ping between both devices.
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n channel-width=20/40mhz-Ce disabled=no frequency=5805 ht-supported-mcs=\
mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15 mode=bridge ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
I want to secure the link, which option I could configure? IPSec? WPA2?
I need 100mbps, so maybe IPSec is not a good choice.
I will appreciate your experience.
Kind regards.
josu
August 31, 2016, 10:40am
3
jarda:
Wpa2.
Thanks!
I configure same security profiles in both sites:
I have some questions:
PSK or EAP? Which is better? Or both?
MAC Authentication? Could I configure it?
I want to configure a secure link with a good bandwidth, do you recommend other change in the configuration?
Thanks for your great help.
Kind regards.
jarda
September 1, 2016, 2:28pm
4
PSK, no need for EAP.
I would use access list for explicit enabling mac addresses, if necessary.
josu
September 5, 2016, 6:46am
5
Thanks!
And what about “Unicast Ciphers” and “Group Ciphers” options? I have “aes ccm” and “tkip”. I selected default option (aes ccm).
Kind regards.
p3rad0x
September 6, 2016, 10:04am
6
If you add the client to the access list and enable hide ssid and disable default forwarding and authentication then no other device can connect to it.
Also set the mode to bridge if it is ap bridge.
Whay are you using webfig if you there is winbox?
