Hey guys,
I am currently using the above setup as a back-up ap because of the virtual ap capabilities. However we just started using Deliberant radios as a cpe and cannot get them to recognize Wep encryption on the mikrotik. The can see each other but will not associate. I have checked this with 5 different dbl1300's with the same result. Without Wep they talk just fine. Is there some work around that you guys know about. The deliberants use a zenwell(?) card.
Thanks in advance
Chuck
Why are you using WEP and not MAC filtering? I tried WEP, but it does slow down the connection and sometimes causes problems. MAC filtering is nice, but you have to manuelly type in the MAC before setting up a client, unless you have a global profile which allows any MAC, but I never got it to work. MAC filtering is more than enough!
G
G
Just so you know, it takes about 3 seconds to find out the MAC address of a given wireless device, and then another 10 seconds to use that MAC address to log into an AP that only has MAC filtering enabled. IF the AP only allows one login per MAC address, then add another two or three minutes to perform a DoS attack on the client device that you want to take the place of....MAC filtering is more than enough!
G
Hitek
BTW, I could never get the Deliberant 1300 CPEs to work with the RB532/CM9 combination when using WEP, either, but I only tried it for a few hours, as WEP is a lost cause anyhow..... Anyone want to buy 10 unused Delberant 1300s cheap?
Hey man! Thanks for the interesting info about MAC! I only use MAC on my backbone links, and because they are allways online, I never have any timeouts etc, and it is point to point links. Noone ever managed to get threw my MT's, I must congratulate MT on their secure software!
How much would you like to sell those AP's for? Please give in US$ if poss. What strenght are they? 250mw?
Giepie
How much would you like to sell those AP's for? Please give in US$ if poss. What strenght are they? 250mw?
Giepie
I modified an ssh/cron that looks for duplicates. Right now it just reports as its only an IDS, but was looking at authenticating our wireless into a real radius database (not just using the access-list) and only allowing one login at a time.
There are times when I have left our access-list off for maintenance, and have never seen (in the 4+ years of running a wireless ap) unknown MAC addresses.
There was one case a few years ago where a few Amateur Radio (HAM) guys were forced to locate a non licensed HAM transmitting over the airwaves. They did eventually locate him by tracking his radio purchase at Radio Shack.
There are times when I have left our access-list off for maintenance, and have never seen (in the 4+ years of running a wireless ap) unknown MAC addresses.
There was one case a few years ago where a few Amateur Radio (HAM) guys were forced to locate a non licensed HAM transmitting over the airwaves. They did eventually locate him by tracking his radio purchase at Radio Shack.
It is rare that a person tries to break into a backhaul link, when compared to a standard local access point, but it should still be a concern, never the less. It only takes one intruder to compromise and take down your network. Once an intruder has gotten in, they know all of your network topology, and instantly become even more dangerous and unstoppable.....
My mistake, these are DLB1500s that I have, with WDS and built-in NAT routing... So we are not Off Topic, please email me at clint*xtsonline.net....How much would you like to sell those AP's for? Please give in US$ if poss. What strenght are they? 250mw?
Giepie
And it takes not so long time to brake wep. I think wep is not a good solution for an ISP system. Use mac filter and static dhcp if you do not care much aout security, or use mac filter, and pppoe if you want to do it hard. Wep is a quality and speed dropper way of security - IMHO.Just so you know, it takes about 3 seconds to find out the MAC address of a given wireless device, and then another 10 seconds to use that MAC address to log into an AP that only has MAC filtering enabled. IF the AP only allows one login per MAC address, then add another two or three minutes to perform a DoS attack on the client device that you want to take the place of....MAC filtering is more than enough!
G
Hitek
...