Hello normis i run hotspot but in my school student still do mac cloning and bypass the hotspot is there nay way i could handle this?if you will have any kind of user/pass based authentication (like hotspot or pppoe) then the mac cloning will be useless for these violators, they will also need username+password
The only way to prevent MAC spoofing on a layer2 network is to prevent each client from seeing each other. This is beyond the control and scope of ANY layer3 device, this must happen at the edge of the network. Get access points that support client isolation, get managed switches that support port isolation, this is your solution.Hello normis i run hotspot but in my school student still do mac cloning and bypass the hotspot is there nay way i could handle this?if you will have any kind of user/pass based authentication (like hotspot or pppoe) then the mac cloning will be useless for these violators, they will also need username+password
Thanks
Yea thanks for ur reply but could i use mikrotik to do that ?The only way to prevent MAC spoofing on a layer2 network is to prevent each client from seeing each other. This is beyond the control and scope of ANY layer3 device, this must happen at the edge of the network. Get access points that support client isolation, get managed switches that support port isolation, this is your solution.Hello normis i run hotspot but in my school student still do mac cloning and bypass the hotspot is there nay way i could handle this?if you will have any kind of user/pass based authentication (like hotspot or pppoe) then the mac cloning will be useless for these violators, they will also need username+password
Thanks
Note that this does not prevent them from changing their MAC address at will, it just prevents them from scanning the network and finding out other peoples MAC addresses in the hopes of getting on with another clients MAC address.
If the MikroTik is the edge device, i.e. the access point yes. Or if a client needs to go "through" the MikroTik to talk to another client, you can block them.
Yea thanks for ur reply but could i use mikrotik to do that ?
Wrong!!!At least on Hotspot anyway.if you will have any kind of user/pass based authentication (like hotspot or pppoe) then the mac cloning will be useless for these violators, they will also need username+password
@Mplsguy Link does not existIf all your client devices are running RouterOS, you can use management frame protection available in wireless-test:
http://wiki.mikrotik.com/wiki/Wireless_ ... protection
Or you can use WPA and assign different preshared key for every customer.
That's what happens when you respond to a 5 year old post@Mplsguy Link does not existIf all your client devices are running RouterOS, you can use management frame protection available in wireless-test:
http://wiki.mikrotik.com/wiki/Wireless_ ... protection
Or you can use WPA and assign different preshared key for every customer.