Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extending wired network wirelessly with MAC associated security


  • Please log in to reply
2 replies to this topic

#1 T

T

  • Members
  • 305 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 15 August 2010 - 10:38 PM

Alright I know that title may have been hard to stomach. Here's the deal. We've got a wired network that has an account based system for monitoring, etc. So, when people plug into a new ethernet port, we check their mac address to see if its used that port before, and if not they have to register their account to it. Think like the multitude of pay-for wireless networks you would find in an airport or someplace similar.

My question is if it is possible to set up a wireless AP on this network. Is there some way to forward individual macs and not have the router's own mac showing? This is going to be a temporary thing (probably using an old linksys wrt54g running DD-WRT). I figure this can be done with iptables and a linux box, but I really don't think this deserves that much effort. Any advice is appreciated.

I might add that I'm brought in as an outsider in this situation, so I really don't know a whole lot about the underworkings of everything and I'm certainly no networking expert.


Thanks,
Ivan

Edited by T, 15 August 2010 - 11:01 PM.

Posted Image


BC AdBot (Login to Remove)

 


#2 Baltboy

Baltboy

    Bleepin' Flame Head


  • Members
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:03:57 PM

Posted 18 August 2010 - 10:36 AM

There are a multitude of wireless AP's available that get direct wired to the router in order to add wireless connectivity. I'm not really sure about the whole MAC thing since MAC;s are automatically transfered as part of the TCP/IP setup for the level 2 (OSI model stuff) portion of the protocol. The MAC's are indivdual an usually transparent so I'm not totally sure why you would be concerned about ther routers being out there since spoofing it would do little to no good for anyone.
Get your facts first, then you can distort them as you please.
Mark Twain

#3 Orecomm

Orecomm

  • Members
  • 261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseburg, Oregon
  • Local time:01:57 PM

Posted 21 August 2010 - 11:09 PM

The best, not necessarily simplest, way to do this is using 802.1x authentication on the wireless network. Most higher end AP's have this option. It works with a Radius server to authenticate by any one of several factors, singly or in combination. Quite powerful, but like most powerful things, not exactly simple and can be a bit dangerous if you don't know what you are doing. Generally, you will have two levels of authentication, one that is very basic and connects the client to a "walled garden" that pokes them for login info, and a much more stringent system (although I wouldn't call MAC filtering all that stringent these days, it's too easy to sniff an active MAC and switch yours as a rogue) that recognizes and grants full access to registered users. This can also be done with one of several Hotspot packages out there as well, although the methods are a bit different. Check out Chillispot, it is one of the more popular and has good community support.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users