07-21-2022 08:05 AM
Hello ,
does there any solution to prevent WIFI connected users from using any mobile applications like (Fing App) for wifi network scanner. .already I configured below ACL on WIFI connected port on switch , but useless.
40 deny tcp 172.22.179.0 0.0.0.255 any eq 161
60 deny udp 172.22.179.0 0.0.0.255 any eq snmp
80 deny ip 172.22.179.0 0.0.0.255 172.22.179.0 0.0.0.255
100 permit ip any any
any solution ?
07-23-2022 05:10 AM
@W-ALI wrote:
I'm just looking for the best practice to secure the WIFI with the capabilities currently available.
802.1x
07-25-2022 04:22 AM
Regarding MAC filtering. With a normal wireless sniffer, that can be installed on any laptop, for example Wireshark, you can simply capture a bit in promiscuous mode and you get all the client MAC addresses in the captured data. MAC addresses are no secret, they are more or less public.
Because of that your best option is to use 802.1x with a Radius server that can limit the simultaneous logins per username/certificate to 1.
But in the end I wouldn't do this, as more and more devices will want Wi-Fi. It's very soon that every user has a tablet, laptop, smart watch, .... which should be online.
07-25-2022 04:57 AM
Thanks a lot @patoberli for your input, really appreciated that,
yes that's true
the best solution 802.1X , i will try to apply it with certificate
thanks mate
07-25-2022 04:48 AM
Agreed with @patoberli
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: