Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

MAC-Based Authentication

I am sorry if this has been asked before or it is the wrong place to ask this.

I just want to know how secure is MAC-Based Authentication on an AP340 access-point (not bridge) with version 11.07.

I've done this by adding 'Dest MAC Address' in 'Address Filters' under 'Association' in 'Setup'.

Also selected 'Disallowed' for 'Default Unicast Address Filter' for all the relevant authentication types in 'Advanced' for 'AP Radio' of the 'Network Ports' in 'Setup'.

Thanks for any suggestions.

3 REPLIES
Community Member

Re: MAC-Based Authentication

Cisco say they're "not appropriate as a security handle". Take a look at the bottom of

http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/1327_pp.htm

I agree with them. MAC authentication might discourage casual wireless sniffers, but it's not a serious technical control.

Community Member

Re: MAC-Based Authentication

Some older units allow the MAC to be overridden!

Cisco Employee

Re: MAC-Based Authentication

If an attacker has a network analizer, they can see the MAC address in use (even if WEP is being used as the MAC must not be encrypted)

Some 802.11 NICs allow the user to configure a MAC address into the NIC.

So the attacker *could*:

1. observe a valid NIC in use

2. program that MAC into their NIC

3. Wait till the valid user has gone home

4. Use the NIC they have programmed to access your network from the safty of the parking lot.

LEAP or VPNs provide a much more secure solution

276
Views
0
Helpful
3
Replies
CreatePlease to create content