How to create a security profile in Mikrotik


Creating a security profile in Mikrotik is one of the easiest parts of the configuration requirements when setting up and establishing wireless links using Mikrotik Router OS. A security profile is a module in your configuration file responsible for maintaining secured connections between your access points and your station devices. It guards against illegal and unauthorized connection to your network.

I have noticed that most wireless engineers hardly set up security profiles when establishing either point to point links or point to multi-point links. This can either be as a result of the implementation of other options available to them, like mac authentication, static IP address assignment on point to point links using /30 subnets, or lack of the knowledge required for its successful implementation which is as a result of limited information on the configuration of security profiles in Mikrotik.

(adsbygoogle = window.adsbygoogle || []).push({});

Before setting up security profile, it is believed that the basic configuration requirements have been met. The wireless interface configured with mode, frequency, SSID, band, radio name, wireless protocol, frequency mode, etc.
 By default, the security profile is set to default as can be seen in the first image below. To set up your security profile, you need to create a new one. Log on to your router via Winbox, click on the wireless tab in the main menu, and double click on the wireless interface you want to configure the security profile on.

  After the security profile has been created, you need to go back to the wireless interface in the interface menu and select the security profile created as shown below:

Now that the security profile has been successfully created on our AP router, what about the station? The exact security profile created on the AP has to be replicated on the stations for connectivity to established. This means that if the static keys or the authentication protocols are not the same on both AP and stations, connection will not be successful.
To help speed up the process as well as make eliminate errors, I will show you how to export the file from the AP and import it into the stations, thereby leaving you with the same security profile set-up on both ends. Simply click on new terminal and type in the commands below to export the security profile file created by you on your AP:
>>interface wireless security profile export file=profile1
Take note of the underlined word. If your security profile was name timigate, simple replace profile1 with timigate. Next, you click on file and drag the exported file to your desktop. On the station, click on file and drag the file from your desktop into it. Click on new terminal and enter the commands below:
>>import file=profile1.rsc (if you saved your security profile as profile1)
>>Go to the wireless interface and choose the security profile you just imported. Scan and connect to your AP.

Spread the love

Timigate

Ashioma Michael, a BSc (Computer Science)., MTCNA, CCNA, and CCNP holder with many years of industry-proven experience in network design, implementation and optimization. He has tutored and guided many professionals towards obtaining their Cisco certifications. Mike works as a senior network engineer with one of the leading internet service providers in West Africa.

Leave a Reply

Your email address will not be published. Required fields are marked *