idialman

Hello,
I have this setup: 1) Router -> Wireless DWL-2100AP----[BRIDGED]----Wireless DWL-2100AP-> DWL-G700AP-> Computer.

I have set up DWL-G700AP with WPA-PSK, but I figure it dosen't do much good considering the two bridged routers (DWL-2100AP) do not have any encryption on them.

So here is my question: How do I secure the two bridged routers wireless routers? If I pop WPA-PSK on them, will it break my network?

Since no one is trying to connect to the two bridged routers, should I just set up a MAC-FILTER that only lets the MAC from the other DWL-2100AP connect to it? Would that break the network?

Basically, how do I secure the wireless bridge without breaking the bridge?

jimcarree

It is not possible to set WPA up without seeing network downtime as each access point will at least need to reboot after the changes are applied. Even if they do not have to reboot they will at the very least have to reassociate using the new security settings.

MAC filtering can be done without breaking the connection at all with most modern access points, although MAC filtering is a complete waste of time if you do not encrypt the network.

For WPA-PSK configure the one at the remote end first then do the one from the end you are configuring. If you enter the same configuration on both ends the only downtime you will experience is about a minute or so to enter in the configuration and wait for the access points to reboot.

idialman

Ok, it works great. It didn't support WPA-PSK (It was there, but the option was grayed out?) so I just did WEP. Should I add Mac filtering, or would that add no security?

miketoy

Ahhh...but you need a valid MAC to crack the WEP key in the first place If an AP is using MAC filtering and no clients are associated, you will have to wait for something to show up and then either wait for enough traffic to decrypt the WEP or deauth it, spoof it's MAC and do some ARPing or whatever. Basically what I'm trying to say is MAC filtering DOES make life harder for a hacker...so turn it on

jimcarree

Forgot to mention D-Link access points don't support WPA in bridge mode. I haven't used one for yonks, there might be a firmware update that fixes this now.

idialman

MAC filtering doesn't provide much protection, especially if you're already using WEP/WPA. If someone goes to the trouble of cracking your WEP key then they would be able to fake their MAC address

miketoy

You need to have a client doing traffic on the network anyway to crack it, yes. MAC filtering won't stop/slow this process down, as you cannot associate with a WEP/WPA network without the key.

Spoofing a MAC on an encrypted network won't allow you to connect. Afaik you can just sit there and deauth the client to generate enough traffic to crack the WEP/WPA. MAC filtering doesn't stop any of this.

Still it can't do any harm, apart from getting your own MAC address wrong and locking yourself out of your own network

idialman

Yea, WPA in DLink Bridges dosen't work, but WEP does. Thanks guys. Ill go ahed and turn MAC filtering on, just because it can't hurt.