Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
538
Views
0
Helpful
4
Replies

How many MAC addys in the local table?

ptilling
Level 1
Level 1

‎10-21-2004 08:07 AM - edited ‎07-04-2021 10:05 AM

If I use the local radius sever on a 1200AP I only get 50 usernames/mac's. If I use the local table on each AP how many MAC addys can I have?

14 1200AP's - LEAP with one AP running the local radius server. 60+ devices.

Labels:
0 Helpful
4 Replies 4

dixho
Level 6
Level 6

‎10-21-2004 05:24 PM

If local table is used, the limit is still 50.

May I ask you why you want to use MAC authentication. From my experience, MAC authentication is used when you have very old wireless clients, which do not support any fancy authentication methods (i.e. 802.1x). If hackers can break LEAP, they can certain break MAC address authentication because the MAC address of the adapter is unencryption on any wireless frames.

I do not understand "14 1200AP's - LEAP with one AP running the local radius server. 60+ devices."

0 Helpful

ptilling
Level 1
Level 1
In response to dixho

‎10-22-2004 03:40 AM

Thanks I though that was the answer.

We do have some older devices on the network that will only support up to LEAP ( Cisco radios on a DOS machine, they best we could to is MD5)

The building has a total of 14 1200AP's for coverage, One of which is running the radius server for the LEAP auth. My customer wanted to run MAC auth due to some of LEAP's vunerabilities but because we have more than 50 devices (60+). we cannot now unless we have some sort of other radius server on the nework that can handle more.

We tried that "freeradius" software but they did not change there LDAP to a NT or plain text hash.

So now unless we can just tell the 1200AP to querey a database for the MAC address auth we will look into another radius server. ( yes money is an issue)

Thanks for the help.

0 Helpful

dixho
Level 6
Level 6
In response to ptilling

‎10-22-2004 11:00 AM

To be honest, MAC authentication is easier to hack than LEAP. I do not understand why your customer wants from LEAP to MAC authentication. If a hacker can hack LEAP, he/she must have a wireless sniffer. It takes him/her less than an hour to crack LEAP with weak password. It takes him/her less than a minute to crack MAC authentication. He/she sniffs one packet. Figure out the MAC address adapter, which is unencrypted and modify his/her wireless adapter. That's it.

If I were your customer, I would use a strong password. That's pretty tough to hack. Of course, it is not easy to implement strong password for some customers.

I hate to say it. You pay for what you get. If your customer does not want to spend any money on the existing equipment, LEAP with strong password is the best you can do.

0 Helpful

scottmac
Level 10
Level 10
In response to dixho

‎10-23-2004 06:39 AM

Another option would be to use a VPN tunnel with lighter encryption.

Depending on the firewall and / or servers available, you may be able to set up a VPN from the client into the net.

If they're using Microsoft servers, you can probably bring up the MS VPN (L2TP / PPTP) clients.

Some firewalls can be set up to act as a VPN endpoint.

We've done this in our Lab space to accommodate older Laptops and NICs. We have one SSID / VLAN set up for WPA, and another that is open authentication, no encryption .... but must pass through a VPN concentrator to gain access to the network.

Using VPNs may not be an optimum solution, but it's WAY better than MAC or MD5 from a security perspective.

Good Luck

Scott

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card