cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1571
Views
55
Helpful
18
Replies

how to block WIFI network scan APP

W-ALI
Level 1
Level 1

Hello ,

does there any solution to prevent WIFI connected users from using any mobile applications like (Fing App) for wifi network scanner. .already I configured below ACL on WIFI connected port on switch  , but useless.

40 deny tcp 172.22.179.0 0.0.0.255 any eq 161
60 deny udp 172.22.179.0 0.0.0.255 any eq snmp
80 deny ip 172.22.179.0 0.0.0.255 172.22.179.0 0.0.0.255
100 permit ip any any

any solution ?

 

18 Replies 18


@W-ALI wrote:

I'm just looking for the best practice to secure the WIFI with the capabilities currently available.


802.1x

Regarding MAC filtering. With a normal wireless sniffer, that can be installed on any laptop, for example Wireshark, you can simply capture a bit in promiscuous mode and you get all the client MAC addresses in the captured data. MAC addresses are no secret, they are more or less public. 

Because of that your best option is to use 802.1x with a Radius server that can limit the simultaneous logins per username/certificate to 1. 

But in the end I wouldn't do this, as more and more devices will want Wi-Fi. It's very soon that every user has a tablet, laptop, smart watch, .... which should be online. 

Thanks a lot  @patoberli for your input, really appreciated that,

yes that's true

the best solution 802.1X  , i will try to apply it with certificate

thanks mate

Rich R
VIP
VIP
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: