hi all
can a firewall rule be implemented on hidden SSID so that even with any advanced program that can not be shown so that firewall will block such an attempt and be hidden

You could possibly use Wireless ACL's to control the attempted devices.

You could possibly use Wireless ACL's to control the attempted devices.

thx sir for reply

can u explain more in simple Englishl an amateur in advanced network stuff

While you cant completely hide an SSID from someone that really wants to find it, you can write a wireless ACL to either only allow certain wireless clients to connect based on their MAC. Something like this:

/interface wireless access-list
add interface=wlan1 mac-address=00:00:00:00:00:01 vlan-mode=no-tag
add authentication=no forwarding=no interface=wlan1 vlan-mode=no-tag

This basically says only allow a wireless client with MAC address 00:00:00:00:00:01 to connect and forward traffic. Any other client would not be able to connect.

Does that make more sense?

Hello
When you set your wireless access-point in hidden mode(no body can see your SSID commonly),and for increasing the security you can add your station mac addresses to your Access-Point(as my friend said earlier in this post) that just the mac address in your access-list table can connect to your wireless ap. But the important fact about the wireless network is that when you hidden your ssid it does'nt mean that you provide the security at all, you just use one method to secure your wireless network, Beacause when the attacker with the wireless card with promiscous ability scan sniff the wireless packets can see your Access-point mac address(BSSID),the channel that your ap working in and many information about your ap except your SSID(cause you set it to hidden) but the attacker need to send just three or more deathenticate message to your ap BSSID(your ap mac address) and your ssid will be visible in the attacker screen(BOOOOM!). You need to provide a security with all of the features like hidden ssid,mac filtering,Firewall and etc.

Sorry, but a hidden SSID adds no extra security and MAC address can easily be spoofed as pointed out earlier. Use WPA2/AES and choose a password with at least 10 long and mixed characters.

In case you need even stronger secure you can utilize WPA2-Enterprise with certificates using PEAP/TTLS, (i.e. TLS over EAP over 802.1X), though I'm not sure this can be implemented using the built-in RADIUS-server.

While you cant completely hide an SSID from someone that really wants to find it, you can write a wireless ACL to either only allow certain wireless clients to connect based on their MAC. Something like this:

/interface wireless access-list
add interface=wlan1 mac-address=00:00:00:00:00:01 vlan-mode=no-tag
add authentication=no forwarding=no interface=wlan1 vlan-mode=no-tag

This basically says only allow a wireless client with MAC address 00:00:00:00:00:01 to connect and forward traffic. Any other client would not be able to connect.

Does that make more sense?

yes.thanks very much

Hello
When you set your wireless access-point in hidden mode(no body can see your SSID commonly),and for increasing the security you can add your station mac addresses to your Access-Point(as my friend said earlier in this post) that just the mac address in your access-list table can connect to your wireless ap. But the important fact about the wireless network is that when you hidden your ssid it does'nt mean that you provide the security at all, you just use one method to secure your wireless network, Beacause when the attacker with the wireless card with promiscous ability scan sniff the wireless packets can see your Access-point mac address(BSSID),the channel that your ap working in and many information about your ap except your SSID(cause you set it to hidden) but the attacker need to send just three or more deathenticate message to your ap BSSID(your ap mac address) and your ssid will be visible in the attacker screen(BOOOOM!). You need to provide a security with all of the features like hidden ssid,mac filtering,Firewall and etc.

thanks bro

Sorry, but a hidden SSID adds no extra security and MAC address can easily be spoofed as pointed out earlier. Use WPA2/AES and choose a password with at least 10 long and mixed characters.

In case you need even stronger secure you can utilize WPA2-Enterprise with certificates using PEAP/TTLS, (i.e. TLS over EAP over 802.1X), though I'm not sure this can be implemented using the built-in RADIUS-server.

thank you

Yes,i know.