MAC filtering (access-list)
Wireless networks

10 posts   •   Page 1 of 1
ceL
Frequent Visitor
Frequent Visitor
 
Posts: 71
Joined: Thu Nov 10, 2005 1:15 am

MAC filtering (access-list)

by ceL » Tue Aug 07, 2007 11:02 pm

Does anyone know if it's possible to allow just the first 3 octets of the MAC address for example... mac-address=00:0C:42:xx:xx:xx just like a wildcard so anyone that tries to register with my AP which begin with that OUI will be able to connect?

User avatar
MarTux
just joined
 
Posts: 14
Joined: Mon Apr 23, 2007 11:42 pm
Location: Casablanca - Morocco

Re: MAC filtering (access-list)

by MarTux » Wed Aug 08, 2007 12:28 am

i don't think that it's possible, you must specify exactley the MAC adress in the Access list.
moreover, it's not a good strategy to do that, coz avery one have your three first bytes will be able to access the Network.

ceL
Frequent Visitor
Frequent Visitor
 
Posts: 71
Joined: Thu Nov 10, 2005 1:15 am

Re: MAC filtering (access-list)

by ceL » Wed Aug 08, 2007 12:35 am

Well I don't think it's such a bad idea because we have RouterBoard R52 cards and the people around here hardly know anything about computers as it is, plus we use WPA2, I'd just like to use WPA2 and MAC filtering both but I would like to do wildcards to make it easier on myself not having to login to a router each time someone does an installation. Just a pipe dream I guess.

User avatar
MarTux
just joined
 
Posts: 14
Joined: Mon Apr 23, 2007 11:42 pm
Location: Casablanca - Morocco

Re: MAC filtering (access-list)

by MarTux » Wed Aug 08, 2007 12:46 am

I see, but i don't think that it's possible to make acces lists with wildcard (to my knowledge).

User avatar
ivaring
Frequent Visitor
Frequent Visitor
 
Posts: 92
Joined: Sun Dec 24, 2006 4:25 pm

Re: MAC filtering (access-list)

by ivaring » Wed Aug 08, 2007 7:04 am

But that 3 first values are talking about a vendor, why did u wanted to block or permit a vendor?.

Regards.

ceL
Frequent Visitor
Frequent Visitor
 
Posts: 71
Joined: Thu Nov 10, 2005 1:15 am

Re: MAC filtering (access-list)

by ceL » Wed Aug 08, 2007 7:19 pm

So that basically we can just authenticate an entire vendor so when we have installations we don't have to go in and authenticate them since we are not using radius yet and we have towers with all Mikrotik CPE's which we use R52 cards in and the vendor starts with 00:0C:42:xx:xx:xx it would just make it easier, I guess now would be the time to put in the radius server though.

User avatar
CyB3RMX
Frequent Visitor
Frequent Visitor
 
Posts: 70
Joined: Thu May 26, 2011 7:08 am

Re: MAC filtering (access-list)

by CyB3RMX » Sat Mar 10, 2012 4:19 am

Still anything?
Trying to route the world...
Certified: MTCNA - MTCWE
Please give some KARMA if you think i helped you.

User avatar
jfassiano
just joined
 
Posts: 2
Joined: Mon Apr 18, 2011 10:09 pm
Location: Buenos Aires, Argentina

Re: MAC filtering (access-list)

by jfassiano » Thu Sep 13, 2012 8:13 pm

Hi mate! I think you can use "/interface bridge filter".
There you have a src-mac-address and a mask to specify.
Regards

User avatar
karina
Member
Member
 
Posts: 363
Joined: Sat Feb 06, 2010 3:18 am

Re: MAC filtering (access-list)

by karina » Fri Sep 14, 2012 12:07 am

ceL wrote:Well I don't think it's such a bad idea because we have RouterBoard R52 cards and the people around here hardly know anything about computers as it is, plus we use WPA2, I'd just like to use WPA2 and MAC filtering both but I would like to do wildcards to make it easier on myself not having to login to a router each time someone does an installation. Just a pipe dream I guess.

Why bother with MAC if your network is not vulnerable? To be honest MAC filtering is not at all secure. If someone has the ability to crack you wpa then they will certainly bypass your MAC filter in no time

routing just a little bit of the world

User avatar
karina
Member
Member
 
Posts: 363
Joined: Sat Feb 06, 2010 3:18 am

Re: MAC filtering (access-list)

by karina » Fri Sep 14, 2012 12:17 am

In fact if it were possible to wilrcard MAC address access list it would make it pretty pointless anyway.


routing just a little bit of the world

10 posts   •   Page 1 of 1

Who is online

Users browsing this forum: Bing [Bot], Yahoo [Bot] and 21 guests

It is currently Mon Dec 22, 2014 6:34 pm