cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
730
Views
0
Helpful
3
Replies

MAC-Based Authentication

raviuk
Level 1
Level 1

I am sorry if this has been asked before or it is the wrong place to ask this.

I just want to know how secure is MAC-Based Authentication on an AP340 access-point (not bridge) with version 11.07.

I've done this by adding 'Dest MAC Address' in 'Address Filters' under 'Association' in 'Setup'.

Also selected 'Disallowed' for 'Default Unicast Address Filter' for all the relevant authentication types in 'Advanced' for 'AP Radio' of the 'Network Ports' in 'Setup'.

Thanks for any suggestions.

3 Replies 3

matthew.joyce
Level 1
Level 1

Cisco say they're "not appropriate as a security handle". Take a look at the bottom of

http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/1327_pp.htm

I agree with them. MAC authentication might discourage casual wireless sniffers, but it's not a serious technical control.

Some older units allow the MAC to be overridden!

bmcmurdo
Cisco Employee
Cisco Employee

If an attacker has a network analizer, they can see the MAC address in use (even if WEP is being used as the MAC must not be encrypted)

Some 802.11 NICs allow the user to configure a MAC address into the NIC.

So the attacker *could*:

1. observe a valid NIC in use

2. program that MAC into their NIC

3. Wait till the valid user has gone home

4. Use the NIC they have programmed to access your network from the safty of the parking lot.

LEAP or VPNs provide a much more secure solution

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: