Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

MAC address + WPA, WEP for securing wireless connection

Hi,

I have Cisco 1602e AP. Currently I have configured the AP to allow access only when the MAC address matches. However the SSID shows as unsecured but doesn't allow anonymous users to connect since it allows only when the MAC address matches as mentioned earlier. I have not enabled any security key or security settings (WEP, WPA etc) . I feel it is a risk, can you suggest how to enable securitysettings without having a security key configured but with existing MAC address methods I have in place?

I tried adding " encryption vlan 30 mode ciphers tkip" under "Dot11radio 0" interface but it asking me to enter the security key on my laptop to connect wifi.

current configuration

aaa authentication login mac_methods local

aaa authentication login eap_methods group rad_eap

aaa authorization exec default local

aaa accounting network acct_methods start-stop group rad_acct


dot11 vlan-name TEST vlan 30


dot11 ssid TEST

   vlan 30

   authentication open mac-address mac_methods

   mbssid guest-mode

   information-element ssidl advertisement


username 123456790ab password 0 123456790ab

username 123456790ab autocommand exit


interface Dot11Radio0

no ip address

no ip route-cache

!

ssid TEST

!

antenna gain 0

stbc

beamform ofdm

mbssid

station-role root

interface Dot11Radio0.30

encapsulation dot1Q 30

no ip route-cache

bridge-group 30

bridge-group 30 subscriber-loop-control

bridge-group 30 spanning-disabled

bridge-group 30 block-unknown-source

no bridge-group 30 source-learning

no bridge-group 30 unicast-flooding


6 REPLIES
VIP Purple

MAC address + WPA, WEP for securing wireless connection

Hi

Check it out

Here is the procedue to configure MAC filtering:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080c1e40b.shtml

Regards

Dont forget to rate helpful posts

Hall of Fame Super Silver

MAC address + WPA, WEP for securing wireless connection

Since you already have mac filtering in place,

"can you suggest how to enable security settings without having a security key configured but with existing MAC address methods I have in place?"

There isn't a way... with WEP/WPA-Personal/WPA2-Personal/WPA-Enterprise/WPA2-Enterprise, your users will get prompted for the key or credentials if using Enterprise which is 802.1x.  Mac filter isn't a good security method, but if this is for guest users, there isn't much you can do with a stand alone access point.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

MAC address + WPA, WEP for securing wireless connection

Thanks for the advice. This means I have to set the security setting

WEP/WPA-Personal/WPA2-Personal/WPA-Enterprise/WPA2-Enterprise

with Key in addition to the existing MAC filter as a best method.

Please correct me if my understanding is correct.

Hall of Fame Super Silver

MAC address + WPA, WEP for securing wireless connection

I wouldn't use mac filtering at all... its the worse to use for securing your wireless.  look at WPA2/AES PSK which on some devices is WPA2-Personal.  For better security, you would use 802.1x, but you need a radius server and that would tie back to Active Directory.  If this is for guest users, well you don't really care about security, because you don't want to be supporting them.  If you have no choice and they are guest but you want to only allow some and not just anyone, you can use WPA2-Personal and change the preshared key once a week or what ever you decide.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

MAC address + WPA, WEP for securing wireless connection

Purpose of using the MAC filtering is to avoid unathurized users connecting their personal devices or laptops in office network, unlike the PSK where the users will know the PSK and simply connect their own devices, hence the MAC filtering is in place currently.

Now I learnt that having PSK with WPA2/ES in addition to existing MAC filter is more esecure, I will go head and configure them and then will share my feedback.

Hall of Fame Super Silver

Re: MAC address + WPA, WEP for securing wireless connection

MAC address is easy to capture with free tools and then you can spoof your device. Most secure networks will not use Mac filtering but will use 802.1x.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
662
Views
0
Helpful
6
Replies
CreatePlease to create content