Community discussions

MikroTik App
 
User avatar
admin1606
just joined
Topic Author
Posts: 3
Joined: Mon Jan 02, 2023 3:29 am
Location: surabaya,indonesia

management frame protection

Mon Jan 02, 2023 3:37 am

i have rb951ui-2hnd and i wanted to configure management protection on security profiles , the problem is when i choose ruqired and set the key , my windows laptop or my android device can't connect to the network , my android devices and my windows already support protected management frames

can any body help me ??
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: management frame protection

Tue Jan 03, 2023 1:03 am

Sorry never heard of management protection frames........... Is that some setting?
Why is it required,,,,,, no reasons provided.

Typically All smart devices are on a management subnet and usually in conjuction with vlans.
Vlans make sense when dealing with multiple wifi networks required even just two home and guest.
 
User avatar
admin1606
just joined
Topic Author
Posts: 3
Joined: Mon Jan 02, 2023 3:29 am
Location: surabaya,indonesia

Re: management frame protection

Tue Jan 03, 2023 1:10 am

i attach an image
You do not have the required permissions to view the files attached to this post.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2984
Joined: Mon Apr 08, 2019 1:16 am

Re: management frame protection  [SOLVED]

Tue Jan 03, 2023 1:39 am

RouterOS wifi implementation has many features that are not fully documented.
In most cases reading the RFC's (IEEE 802.11w-2009) or the big-player (eg Cisco) documentation has more information. Like: https://www.cisco.com/c/en/us/support/d ... -acce.html

Management frame protection is to protect the AP-client connection from disassociation by some (malicious) other device. https://en.wikipedia.org/wiki/Wi-Fi_dea ... ion_attack
That forced disassociation gives denial of service and is sometimes used to have more associations that can then be sniffed and analysed.

On MT setting frame protection to allow works fine with all connections.
With frame protection set to required, some connections fail, if the secret is not set, but even if the shared secret is correct.
Just tested shortly between MT devices in PtP, and now the setting stays on 'allowed' until further need.

MT docs say ....
Klembord-2.jpg
You do not have the required permissions to view the files attached to this post.
 
RicSan
just joined
Posts: 3
Joined: Tue Jul 05, 2022 9:47 am

Re: management frame protection

Tue Aug 15, 2023 10:01 am

I would also like to use the frame protection on a CAPsMAN environment.

Some devices are beeing attacked via a deauth device I guess and I want to use the frame protection on the HAPac devices beeing managed via CAPsMAN.

As the setting is not present in the capsman security profiles, I'd like to know how I can protect from this kind of attacks.

Who is online

Users browsing this forum: phascogale, Scoox and 25 guests