I am currently deploying some AP541N and I just discovered what seams to be a security bug.
The AP541N version :
I have programmed a SSID with WPA Enterprise standard settings and Mac filtering using the radius server.
|VAP||Enabled||VLAN ID||SSID||Broadcast SSID||Security||MAC Filtering||Station Isolation||HTTP Redirect||Redirect URL||Delete|
|0||None Static WEP Dynamic WEP WPA Personal WPA Enterprise||Disabled Local RADIUS||Enabled Disabled||Disable Enable|
The radius server is a freeradius linux server globaly configured and the client is a Macbook pro, but the problem is independent of the client and radius server.
The bug is that although the MAC address of my client fails on the radius server, the client is accepted on the AP.
The log on the radius server show the failed MAC auth and succeed WPA2 auth :
Wed Sep 1 17:44:21 2010 : Auth: Login incorrect: [60-33-4B-04-AE-84/NOPASSWORD] (from client ap541n port 0 cli 60-33-4B-04-AE-84)
Wed Sep 1 17:44:22 2010 : Auth: Login OK: [arichard/<via Auth-Type = EAP>] (from client ap541n port 0 cli 60-33-4B-04-AE-84)
and then the client is able to access to the network and the MAC address authentification with the radius server is never retried for this client (I suppose because the AP has white listed the MAC address).
This is a serious security bug !
It is present on an older firmware versions ?