From: Michael Snyder (msnyder@xxxxxxx)
Date: Mon Jul 08 2002 - 23:27:11 GMT-3
Everything you need is in the Wavelan AP. We support these in my shop.
Download the AP management software to access the unit. Under the mac
address filter, just insert every wnic mac address of the cards you
have. The AP will not connect to any wireless mac not in your list.
BTW, while you are in there, turn off bridging for every protocol but IP
and IP-ARP.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Dennis Laganiere
Sent: Monday, July 08, 2002 4:23 PM
To: 'Logan, Harold'; 'cisco@groupstudy.com'; 'ccielab@groupstudy.com'
Subject: RE: Mac Layer access list [7:48324]
My intention is to buy an Aeronet 1200, which I believe will have much
of
this functionality built in. For the initial testing I'm using an old
Lucent (Orinoco) access point that I had in my desk from the last time I
played with 802.11b two years ago. Since I've long since lost the cable
and
documentation I haven't been very successful getting a console session
to
make any changes (if anybody knows the cable pinout and console
settings,
let me know). I can easily filter based on static IP addresses, but MAC
addresses would be better because it would make it that much more
difficult
to hack.
By the way, even once I get the Areonet AP, the principle security tool
is
128-bit WEP. The problem here is that WEP only offers encryption, not
authentication or other security features; and It's already known to
have
been hacked - so the access list would still be nice as an extra layer
of
security.
--- Dennis
-----Original Message-----
From: Logan, Harold [mailto:loganh@mccfl.edu]
Sent: Monday, July 08, 2002 12:32 PM
To: Dennis Laganiere; cisco@groupstudy.com
Subject: RE: Mac Layer access list [7:48324]
As others have pointed out, having your upstream router act as a bridge
is
your best bet. Out of curiosity, what brand of access point is involved?
If
you haven't yet, you may want to see if the vendor has an updated
firmware
available for download that includes the option for the AP to filter by
source mac.
Hal
> -----Original Message-----
> From: Dennis Laganiere [mailto:dennisl@advancedbionics.com]
> Sent: Monday, July 08, 2002 2:04 PM
> To: cisco@groupstudy.com
> Subject: Mac Layer access list [7:48324]
>
>
> I looked through the CCO, the groupstudy archive and my stack
> of cisco press
> books, but I can't find any information about setting up an
> ACL for MAC
> addresses. Has anybody done it before?
>
> Here's what I'm trying to do: I've got a wireless access
> point that lets
> just anybody join. I want to put a router upstream to block all but a
> limited number of pre-defined MAC addresses. Any thoughts?
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:22 GMT-3