Page 1 of 1
MAC filtering (access-list)
Posted: Tue Aug 07, 2007 11:02 pm
by ceL
Does anyone know if it's possible to allow just the first 3 octets of the MAC address for example... mac-address=00:0C:42:xx:xx:xx just like a wildcard so anyone that tries to register with my AP which begin with that OUI will be able to connect?
Re: MAC filtering (access-list)
Posted: Wed Aug 08, 2007 12:28 am
by MarTux
i don't think that it's possible, you must specify exactley the MAC adress in the Access list.
moreover, it's not a good strategy to do that, coz avery one have your three first bytes will be able to access the Network.
Re: MAC filtering (access-list)
Posted: Wed Aug 08, 2007 12:35 am
by ceL
Well I don't think it's such a bad idea because we have RouterBoard R52 cards and the people around here hardly know anything about computers as it is, plus we use WPA2, I'd just like to use WPA2 and MAC filtering both but I would like to do wildcards to make it easier on myself not having to login to a router each time someone does an installation. Just a pipe dream I guess.
Re: MAC filtering (access-list)
Posted: Wed Aug 08, 2007 12:46 am
by MarTux
I see, but i don't think that it's possible to make acces lists with wildcard (to my knowledge).
Re: MAC filtering (access-list)
Posted: Wed Aug 08, 2007 7:04 am
by ivaring
But that 3 first values are talking about a vendor, why did u wanted to block or permit a vendor?.
Regards.
Re: MAC filtering (access-list)
Posted: Wed Aug 08, 2007 7:19 pm
by ceL
So that basically we can just authenticate an entire vendor so when we have installations we don't have to go in and authenticate them since we are not using radius yet and we have towers with all Mikrotik CPE's which we use R52 cards in and the vendor starts with 00:0C:42:xx:xx:xx it would just make it easier, I guess now would be the time to put in the radius server though.
Re: MAC filtering (access-list)
Posted: Sat Mar 10, 2012 3:19 am
by CyB3RMX
Still anything?
Re: MAC filtering (access-list)
Posted: Thu Sep 13, 2012 8:13 pm
by jfassiano
Hi mate! I think you can use "/interface bridge filter".
There you have a src-mac-address and a mask to specify.
Regards
Re: MAC filtering (access-list)
Posted: Fri Sep 14, 2012 12:07 am
by karina
Well I don't think it's such a bad idea because we have RouterBoard R52 cards and the people around here hardly know anything about computers as it is, plus we use WPA2, I'd just like to use WPA2 and MAC filtering both but I would like to do wildcards to make it easier on myself not having to login to a router each time someone does an installation. Just a pipe dream I guess.
Why bother with MAC if your network is not vulnerable? To be honest MAC filtering is not at all secure. If someone has the ability to crack you wpa then they will certainly bypass your MAC filter in no time
routing just a little bit of the world
Re: MAC filtering (access-list)
Posted: Fri Sep 14, 2012 12:17 am
by karina
In fact if it were possible to wilrcard MAC address access list it would make it pretty pointless anyway.
routing just a little bit of the world