Community discussions

MUM Europe 2020
 
User avatar
mistiq
newbie
Topic Author
Posts: 37
Joined: Wed Oct 19, 2011 3:13 am
Location: Outside

hide ssid and access list does not working

Wed Aug 17, 2016 3:02 pm

Hello,

I have rb751 and nanostation m2 in bridge mode:
NSM does not support any encryption except WEP in ap-repeater mode.
I try to restrict connection to SSID on wlan1
 /interface wireless print
 name="wlan1" mtu=1500 l2mtu=1600 mac-address=00:0C:42:D5:05:3C arp=enabled 
      interface-type=Atheros AR92xx mode=bridge ssid="br" frequency=2412 
      band=2ghz-b/g channel-width=20mhz scan-list=default wireless-protocol=any 
      antenna-mode=rxa-txb vlan-mode=no-tag vlan-id=1 wds-mode=dynamic 
      wds-default-bridge=bridge-wds wds-ignore-ssid=no bridge-mode=enabled 
      default-authentication=no default-forwarding=no default-ap-tx-limit=0 
      default-client-tx-limit=0 hide-ssid=yes security-profile=default 
      compression=no 
/interface wireless wds print 
 name="wds1" mtu=1500 l2mtu=1600 mac-address=00:0C:42:D5:05:3C arp=enabled 
       arp-timeout=auto master-interface=wlan1 wds-address=DC:9F:DB:06:87:32
 
 /interface wireless access-list print
 mac-address=DC:9F:DB:06:87:32 (NSM2 MAC) interface=wlan1 signal-range=-120..120 
     authentication=no forwarding=no ap-tx-limit=0 client-tx-limit=0 
     private-algo=none private-key="" private-pre-shared-key="" 
     management-protection-key="" vlan-mode=no-tag vlan-id=1 

In this case HIDE SSID and ACCESS LIST does not working. I can see ssid "br" and can connect to it.
What can i do to prohibit any connection to "br" except NSM2?
K.i.s.S.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: hide ssid and access list does not working

Wed Aug 17, 2016 4:31 pm

Don't use AP repeater.... ESPECIALLY if it requires that you use WEP.
Even if you hide the SSID, this only stops the absolutely clueless people from finding and abusing your network.
In fact, if I were a hacker, I would specifically choose the hidden one to hack into.

Repeaters cut your bandwidth in half, too.

Install two radios - one to connect to the Mikrotik, and one to be the AP.
Why not get a dual radio Mikrotik and install that instead of the NSM?
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
User avatar
mistiq
newbie
Topic Author
Posts: 37
Joined: Wed Oct 19, 2011 3:13 am
Location: Outside

Re: hide ssid and access list does not working

Wed Aug 17, 2016 4:49 pm

Why not get a dual radio Mikrotik and install that instead of the NSM?
Because i`m already have NSM and mikrotik.
Radio chip in rb is so poor compared Nanostation.
Install two radios - one to connect to the Mikrotik, and one to be the AP.
How i can do this?
When i enable WDS on wlan1 interface, wds1 automatically appears as slave to wlan1.
/interface wireless print detail 
Flags: X - disabled, R - running 
 0  R name="wlan1" mtu=1500 l2mtu=1600 mac-address=00:0C:42:D5:05:3C arp=enabled 
      interface-type=Atheros AR92xx mode=bridge ssid="br" frequency=2412 
      band=2ghz-b/g channel-width=20mhz scan-list=default wireless-protocol=any 
      antenna-mode=rxa-txb vlan-mode=no-tag vlan-id=1 wds-mode=dynamic 
      wds-default-bridge=bridge-wds wds-ignore-ssid=no bridge-mode=enabled 
      default-authentication=no default-forwarding=no default-ap-tx-limit=0 
      default-client-tx-limit=0 hide-ssid=yes security-profile=default 
      compression=no 

 1  R name="wlan_private" mtu=1500 l2mtu=1600 mac-address=02:0C:42:D5:05:3C 
      arp=enabled interface-type=virtual-AP master-interface=wlan1 
      ssid="area51" vlan-mode=no-tag vlan-id=1 wds-mode=disabled 
      wds-default-bridge=bridge_private wds-ignore-ssid=no bridge-mode=enabled 
      default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 
      default-client-tx-limit=0 hide-ssid=no security-profile=WPA 

/interface wireless wds print 
Flags: X - disabled, R - running, D - dynamic 
 0  DR  name="wds1" mtu=1500 l2mtu=1600 mac-address=00:0C:42:D5:05:3C arp=enabled 
       arp-timeout=auto master-interface=wlan1 wds-address=DC:9F:DB:06:87:32 
K.i.s.S.

Who is online

Users browsing this forum: No registered users and 26 guests