Couple of options, you can use WPA + TKIP or AES which is pretty secure and doesn't rely on any external auth servers. Another alternative is to use the built in radius server on the bridges. Top line security would use an external radius server (assuming you can do so). As to it being absolutely uncrackable, there isn't any such thing! : ) By the way, forget MAC security, it isn't worth the bother and doesn't add much to the security of the setup.