MAC Address Filtering Linksys BEFW11S4

talkincat · #1 10-17-2002, 03:27 PM

I recently set up a wireless network with a linksys BEFW11S4 wireless access point with built-in router. I have 3 systems on my LAN, 2 desktops (both wired) and a laptop (wireless). I want to set up MAC address filtering such that the MAC address of the wireless card in the laptop is the only MAC address that's allowed to connect to the access point wirelessly. I know this is possible using the WAP11 stand alone access points from linksys, but the only two options that I've found for MAC filtering, "Edit MAC Filter Setting" under "Filters" and "Station MAC Filter" under "Wireless," filter out specific MAC addresses so that the MACs on the list can't connect, but won't let me set up a list of "only allow access to these MACs." Does anybody know how I can do this?

bowen · #2 10-17-2002, 06:42 PM

Hi,

You over thought the problem

You need to go into the 'station mac filter' under 'wireless'
Enter in all the mac addresses on your private network in the list.
This sets up the list of mac addresses that can access the wireless acces point. You have to then apply the changes. Applying the list sets it up so that all other mac addresses are rejected. Note: this does not solve mac address spoofing...

That check box about accessing the router is optional. That is intended if you had a nosey employee/little sister. Generally don't enable that unless you have to. It's just there to further tighten the security. Hope that clears it up for you.

Directions from linksys (Quote):

1. From the "Setup" page, click Advanced

2. When the "Filters" page opens, click on the Wireless tab

3. Make sure all wireless computers are setup to the router, and are currently able to access the internet. Once this is done, click on the Active MAC Table button.

4. Move the "Wireless Active MAC Table" window and click on Edit MAC Filter Settings on the main window.

5. When the "Wireless Group MAC Table" opens, go to the task bar and click on the Wireless Active MAC Table so that window appears.

6. With the two windows side by side enter the MAC Addresses from the "Wireless Active MAC Table" window into the Wireless Group MAC Table.

Note: When you enter the MAC Addresses do not include the dashes/semi-colon, and do not click "Filter"

7. Click Apply then Continue in the "Wireless Group MAC Table" window.

8. Close the "Wireless Group MAC Table" window and the "Wireless Active MAC Table" window

9. On the Main window Enable the Station MAC Filter setting.

-Bowen

talkincat · #3 10-17-2002, 08:43 PM

I'll have to check when I get home, but I suspect the "filter" checkbox was my problem.

So, if I'm understanding this all correctly, if I have "Station MAC Filter" enabled, the access point will only allow access to the devices that I have set in my "Wireless Group MAC Table."

Also, does the "Wireless Active MAC Table" show all MACs that have tried to connect, or just those that have done so successfully?

talkincat · #4 10-17-2002, 09:08 PM

Also, I'll be using this and 128 bit WEP, are there any other wireless security tips anybody can offer me?

Thanks

bowen · #5 10-18-2002, 01:36 AM

Using WEP is good. As well you may want to mess with your SSID. (Wireless security page)

1. SSID

a) Delete 'linksys' from the "SSID" field

b) Input your own unique SSID. Maybe try to use a mix of numbers and letters so people would not be able to guess it easily.

c) Click Apply then Continue

======================================

2. SSID Broadcast

a) Click No on the Allow "Broadcast" SSID to associate?

b) Click Apply then Continue

*NOTE: If you're using Windows XP Zero Config and the Linksys Site Survey will not be able to detect the AP any longer and you must manually encode the SSID for it to work.

- I do not actually know how long addresses stay in this list. I get the impression the list of mac addresses is only 'recent' traffic. I suspect it is similar to a mac address bridging table. So that would mean about 90 seconds after the last packet sent an address would be erased from the list.

Keep in mind that Ethernet sends 'hello' packets quite frequently. The mac address bridging table would contain all 'active' communication partners. At very least, addresses would be flushed when you power off the router

- Bowen

Quote:

Originally posted by talkincat
Also, I'll be using this and 128 bit WEP, are there any other wireless security tips anybody can offer me?

Thanks

talkincat · #6 10-18-2002, 01:10 PM

Ok, one last question, then I think I can stop bothering you

Most of the time my laptop is going to be withing 5 feet of the AP, I've done a little benchmarking, and I'm getting about 5 Mb/s throughput between the wireless laptop and the rest of the LAN. Is that about average? It's not a huge deal, but that's a little disappointing, getting less than half the advertised bandwidth. On the linksys utility, it does report an 11 Mb/s connection, and the link and signal are both at 100%. If that's what people get out of this type of equipment, than so be it. Just wondering.

ecgriffith · #7 10-18-2002, 01:39 PM

talkincat: If you're getting 5Mbps second, you're doing great! The overhead on a WLAN is huge and no WLAN gets the advertised throughput. Generally the best you'll see is around 4.5Mbps -- I think the best I've seen is 4.8.