Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2799
Views
0
Helpful
2
Replies

Prevent mac address spoofing on wifi

sarat1317
Level 1
Level 1

‎02-26-2016 02:23 PM - edited ‎07-05-2021 04:41 AM

Hello

I am in the process of configuring guest wifi network using WLC and ISE. I configured Open authentication and mac address filtering so that I can monitor and allow the users based on mac addresses.

Problem:

Once I am authenticated, ISE profiled my device and can access the network. However I can spoof the mac address of the profiled device (my phone) and am able to connect from my laptop using the same mac. No further authentication is needed to access the wifi.

Wanted to check if there is any solution on WLC or ISE to prevent spoofing?

Please advise

Thanks

Venkat

Labels:
0 Helpful
2 Replies 2

Leo Laohoo
Hall of Fame
Hall of Fame

‎02-26-2016 03:04 PM

OPEN authentication and MAC address filtering ... will work well in a lab but in production someone will have to manually add and remove the MAC address.  Not efficient. 

Kindly explain the thinking for enabling MAC address filtering.  I mean it's more than easy to just have a PSK and the key gets changed regularly (daily or weekly).

0 Helpful

sarat1317
Level 1
Level 1
In response to Leo Laohoo

‎02-27-2016 04:40 PM

Actually when the mac is passed to ISE it is automatically seen on the user self registration page so the user don't have to enter the mac. I didn't prefer PEAP with certs as they have to be managed and sent securely to the users

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card