CPE510 WIFI Bridge Protection

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

CPE510 WIFI Bridge Protection

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
CPE510 WIFI Bridge Protection
CPE510 WIFI Bridge Protection
2017-12-09 19:44:45
Model :

Hardware Version :

Firmware Version :

ISP :

Dear friends
I connected buildings using two devices CPE510 v2.0 Firmware Version:
2.1.6 Build 20170908 Rel. 45233 (4555). One of the two is configured as AP, while the other as CLient, with security imposed on WPA2 and AES encryption, as described in various installation tutorials. Everything works perfectly, but I'm worried about the possibility of fraudulent access to the network. To prevent other users from connecting, I tried to restrict access to the AP by setting up Wireless MAC Filtering on the Client's MAC address. In this way it is no longer possible to connect with other devices, but unfortunately the client is no longer connected!
I thought to activate the AP Isolation on the Access Point, this should allow internet browsing, but not access to PCs on the network on the AP side. It could be a solution, but it is useful to reach the various PCs and devices present.
Is it possible to configure the system to allow access to the WIFI bridge and to the AP-side network, only from devices connected to the client?

Thanks to the availability

Giulio
  0      
  0      
#1
Options
1 Reply
Re:CPE510 WIFI Bridge Protection
2017-12-10 09:23:21

bagiuba wrote

To prevent other users from connecting, I tried to restrict access to the AP by setting up Wireless MAC Filtering on the Client's MAC address. In this way it is no longer possible to connect with other devices, but unfortunately the client is no longer connected!


Works for me. Of course, after setting the MAC filter, the radio adapter is reset and it could need some time until the two CPE510 re-sync successfully. I could speed up the re-syncing process by resetting the remote (client) CPE.


I thought to activate the AP Isolation on the Access Point, this should allow internet browsing, but not access to PCs on the network on the AP side.


Wrong. AP isolation just prevents connections from wireless clients of an AP to other wireless clients of the same AP. It does in no way limit any systems connected to the wired network on both sites (AP site and remote client site).

Is it possible to configure the system to allow access to the WIFI bridge and to the AP-side network, only from devices connected to the client?


If you use a MAC filter for the client this allows (wireless) access to the AP only from the remote CPE, but just on base of the MAC address, which can be spoofed more or less easily.

So if you are developing rockets or handle sensitive data in your company, you might consider to use OpenVPN, which would allow to secure access using certificates and offers strong encryption over the link. That's nothing a WiFi device is expected to handle, since a VPN offers end-to-end protection/access security, which is completely unrelated to the transport mechanism used.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#2
Options