Just a question:

I have copied all registered MAC addresses to the Access list. I now wish to un-tick Default Authenticate and Default Forward.

As I am connecting to the Mikrotik OS remotely, will I still be able to connect to the AP remotely to manage it? I have copied my MAC address to the Access list.

Also, once I've unticked default authentication, is there still a way to connect to the router, should all else fail?

I'd really appreciate feedback on this.

Greetings!

If all is set correctly, you should NOT be able to connect from your MAC before you change the default authenticate to no. The default-authenticate is a flip-flop as I recall. If default authenticate is set to yes, the access list blocks. If set to no, then it allows.

And there is always the serial port if you get blocked.

Default Authenticate is not a flip flop! You can set the default behaviour under the wireless menu and then override the default behaviour using access/connect lists.

default-forwarding (on AP) – gives ability to disable the communication between the wireless clients
default-authentication – enables AP to register a client even if it is not in access list. In turn for client it allows to associate with AP not listed in client's connect list

Individual settings for each client in access list will override the interface default settings

Access list entries can be made from the registration table entries by using action 'Copy to Access List'

Hope that helps!

Thanks for the replies!

Savagedavid: I understand the concept; however, I want to be sure that I can still access the AP once I've disabled default forwarding and authentication (as I connect as a client via winbox to the AP). Will I still be able to do this once I've disabled the default authentication and forwarding options?

Also, what is a rule of thumb for Tx / Rx rates for clients? Although we intend to implement a proxy server, I want to try and throttle some of the clients who abuse the network.

Surfertim:
At present, I AM able to connect to the AP, despite MAC addresses being in the Access list and defaults still activated.

Furthermore; the AP is located ontop of a mountain. I'd rather not have to use the serial port if I dont REALLY have to.

Heinb: Listen to savagedavid. He is correct. I misunderstood the docs on the setup. What I interpreted during my setups as a flip-flop was, in fact, a default setting of authenticate=yes in the access-list. The default-authenticate will not affect anything in the access-list. That will override the default-authenticate setting.

savagedavid: Thanks. I knew there was something odd about that. I use CLI and just used
add mac-address=xx:xx:xx:xx:xx:xx
and the AP with that MAC connected. I see now the list just added the authenticate=yes by default, and the AP connected.
My bad. I confused the authenticate variable with default-authenticate when I first read the docs.

Hein

Send me that email
operations[at]radioactivewifi.co.za and I'll call you...

T

Hi so tou mean that if i disable default forward then im isolating the wireless users from each other? And when i enable it then they are able to ping each other and share stuff and so in?

yes

even i disable the default forward , i can able to ping my neighbour cpe.
i disabled in Default forward & also in access list

even i disable the default forward , i can able to ping my neighbour cpe.
i disabled in Default forward & also in access list

when you unchecked the default forward your wireless clients unable to have layer 2 connectivity together...but you can connect to all of them...be careful when you unchecked the default forward then your clients can not have any layer 2 connectivity together but they can have layer 3 communication.

even i disable the default forward , i can able to ping my neighbour cpe.
i disabled in Default forward & also in access list

when you unchecked the default forward your wireless clients unable to have layer 2 connectivity together...but you can connect to all of them...be careful when you unchecked the default forward then your clients can not have any layer 2 connectivity together but they can have layer 3 communication.

so i can able ping or not...???