MAC address clone

fatonk · October 16, 2006, 8:41am

Hello,

Is there a way to avoid a problem of MAC address cloning and deny unauthorised access to the internet trough my access point. I do not use pppoe, encryption, hotspot, I just use ARP reply-only and I have created an access-list with permited MAC addresses, but it seems that people get through with MAC address cloning.

Best regards.

Faton

brainy · October 16, 2006, 1:37pm

I doubt that you’ll find a way to prevent users from changing their mac to access your service.

The only thing you can do is to use Encryption on the link and not give our the pre-shared Key(s).

janisk · October 17, 2006, 9:38am

hotspot autentification?

grzesjan · October 17, 2006, 4:02pm

Managed switches with port-security or similar options. It will not allow for “walking MAC’s”.

Gregor

sten · October 17, 2006, 9:16pm

now you know why people use pppoe, encryption and/or hotspot

grzesjan · October 17, 2006, 9:23pm

pppoe kills local network - that is way some people will not use it at all

Gregor

cmit · October 18, 2006, 10:15am

PPPoE kills local network?

You’ll have to explain that…

Best regards,
Christian Meis

balimore · October 18, 2006, 10:27am

pppoe kills local network - that is w…

yup…
and how to make prevent about it, cause my networks running with dynamic, pppoe, hotspot, and radius AAA as centralize in one interface, now is work fine…over wire and unwire system.

Hasbullah.com

sten · October 18, 2006, 1:27pm

that’s like saying ppp kills modems.

fatonk · October 18, 2006, 2:14pm

I think it is the only solution, so I will implement pppoe.

Thanks guys.

Regards.

Faton.

sten · October 18, 2006, 4:30pm

that has it’s own flaws.
whats a username and password worth if anyone can read it?
pppoe makes it a little harder if you limit yourself to ms-chapv2. but if the culprits have lots of spare time then that too wont suffice byitself.
you need to control both ends of any and all links and add some form that can help you gain the trust of the mechanism that maintains the links integrity.

grzesjan · October 18, 2006, 6:57pm

Heh, misunderstanding. What I meant was:
biggest competitors to us giving ethernet tu customers are DSL providers and cable TV companies. Our biggest advantage is local network - DSL and cable TV cannot provide 100Mbps or even 1Gbps between customers.
When U use PPPoE, you kill this advantage and your offer is almost identical to your competitors. Of course U can use PPPoE to internet and ethernet without any tunneling to your network but that couses some problems with p2p software and so on.

Is it now clear?

Gregor

Diganet · October 18, 2006, 8:16pm

If you control the CPEs and set them up for PPPoE you own the whole connection and have full control. Its just a matter of having a good concentrator to terminate all the connections..

/Henrik