https://community.cisco.com/t5/wireless/1200-wap-mac-address-authentication-without-radius-server/m-p/262557#M20758 <HTML><HEAD></HEAD><BODY><P>Yes, you can use static WEP and/or MAC filtering without needing a AAA server. Be aware that it's trivial to spoof a MAC address, and that it's possible to break static WEP relatively quickly depending on your volume of wireless traffic. The two together should keep out bored kids, but will not protect you from a determined attack.</P></BODY></HTML> Fri, 18 Jun 2004 16:15:46 GMT gamccall 2004-06-18T16:15:46Z https://community.cisco.com/t5/wireless/1200-wap-mac-address-authentication-without-radius-server/m-p/262556#M20757 <P>We have a relatively small wireless network (about 40 1200 WAP's). Right now, our wireless is open, no restriction at all. Our goal is to allow access to the wireless for only authorized users instead of just anyone who wanders within range. We don't have a need for the security levels of LEAP or PEAP, and we don't want to require everyone to buy a new wireless card if they don't currently have a Cisco card. Can we combine WEP with MAC access lists? If so, can we do that without a RADIUS server? From the documentation that I have been reading, a RADIUS server is used for much higher levels of security than what we will be implementing.</P><P></P><P>Maybe there is another solution that is better for us that I am just not identifying. Any help/suggestions would be greatly appreciated!</P><P></P><P>Thanks-</P><P>Sonia</P> Sun, 04 Jul 2021 16:43:51 GMT https://community.cisco.com/t5/wireless/1200-wap-mac-address-authentication-without-radius-server/m-p/262556#M20757 srokusek 2021-07-04T16:43:51Z https://community.cisco.com/t5/wireless/1200-wap-mac-address-authentication-without-radius-server/m-p/262557#M20758 <HTML><HEAD></HEAD><BODY><P>Yes, you can use static WEP and/or MAC filtering without needing a AAA server. Be aware that it's trivial to spoof a MAC address, and that it's possible to break static WEP relatively quickly depending on your volume of wireless traffic. The two together should keep out bored kids, but will not protect you from a determined attack.</P></BODY></HTML> Fri, 18 Jun 2004 16:15:46 GMT https://community.cisco.com/t5/wireless/1200-wap-mac-address-authentication-without-radius-server/m-p/262557#M20758 gamccall 2004-06-18T16:15:46Z https://community.cisco.com/t5/wireless/1200-wap-mac-address-authentication-without-radius-server/m-p/262558#M20759 <HTML><HEAD></HEAD><BODY><P>Hi Sonia,</P><P></P><P>If you are running IOS access points and 12.2(15)JA, you can setup one Access Point to function as a local radius server that does mac authentication.</P><P>One centralized entry point for your Mac addresses instead of entering them on every one.</P><P></P><P>Regards,</P><P>Charlie</P><P></P><P></P></BODY></HTML> Fri, 18 Jun 2004 23:09:29 GMT https://community.cisco.com/t5/wireless/1200-wap-mac-address-authentication-without-radius-server/m-p/262558#M20759 ctripp 2004-06-18T23:09:29Z https://community.cisco.com/t5/wireless/1200-wap-mac-address-authentication-without-radius-server/m-p/262559#M20760 <HTML><HEAD></HEAD><BODY><P>Yes we are running 12.2(15)JA. I am very interested in this. Would this limit us to approximately 50 users? If so, this wouldn't work. If it doesn't limit us, this would work great!</P></BODY></HTML> Mon, 21 Jun 2004 01:10:45 GMT https://community.cisco.com/t5/wireless/1200-wap-mac-address-authentication-without-radius-server/m-p/262559#M20760 srokusek 2004-06-21T01:10:45Z