Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

871W + mac address security

i have a cisco 871w with two ssids configured. one for my private network, and one for the guest network. is there a way i can keep wireless clients from associating with the ssid for the private network? if your mac isn't specified in one of the ACLS, i don't want the client to have the ability to associate. i have tried:

bridge-group 1 input-access-list <mac address acl number> and it seems that the clients can stil associate with the private network. they may not be able to get anywhere, but i don't want them to even associate with it.

thanks in advance



Re: 871W + mac address security

Cos of the way 802.11 is designed, there is no way to use MAC filtering the way we could in an ethernet network.

What you could try is to disable SSID broadcasting on the router, that way, the accesspoint / router would stop sending out broadcasts and only clients who knew the ssid and wep keys would be able to associate with the network.

Please note that for any person with a compliant card and software like airodump, it would still be possible to "listen" in to the ssid using the software and associate with the AP if he knows what the WPA / WEP keys are. Later, he could spoof his mac address using software like smac and logon to your wireless networs as the frames are most likely not encrypted

Disabling SSID broadcast however, would deter the casual user from associating as the network would not show up in a normal winxp based scan for wireless networks.

CreatePlease to create content