Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

WEP and MAC Filter

0 views
Skip to first unread message

bnmohan via HWKB.com

unread,
Jun 20, 2008, 12:33:11 AM6/20/08
to
Hello! 20 June 2008

We have a DIR-300 wireless router, on which I have enabled a WEP key for the
SSID, and also the MAC filter to allow only specific adaptors to access the
network.
I however find that the MAC filter appears to be inactive, as wireless
adaptors that have the WEP key entered can access the lan without their mac
addresses entered into the router.
Is access given to (the WEP key entered OR the mac address is on the router);
meaning either one of them is sufficient to access the router?

Mohan

--
Message posted via http://www.hwkb.com

Bob Willard

unread,
Jun 20, 2008, 6:13:36 AM6/20/08
to
bnmohan via HWKB.com wrote:

My Linksys WRT54Gv2 does it right: the WPA (or WEP) key must match AND the
MAC address must match (if Permit Only is selected) for the PC to access
the 'net.

Sounds like the DIR-300 has a bug or (just maybe) you did not correctly
set up the MAC filter; double-check your settings.
--
Cheers, Bob

bnmohan via HWKB.com

unread,
Jun 20, 2008, 8:38:34 AM6/20/08
to
Thanks!

Now my schedule for Saturday is ready!

Mohan

Bob Willard wrote:
>> Hello! 20 June 2008
>>

>[quoted text clipped - 8 lines]


>>
>> Mohan
>
>My Linksys WRT54Gv2 does it right: the WPA (or WEP) key must match AND the
>MAC address must match (if Permit Only is selected) for the PC to access
>the 'net.
>
>Sounds like the DIR-300 has a bug or (just maybe) you did not correctly
>set up the MAC filter; double-check your settings.

--
Message posted via HWKB.com
http://www.hwkb.com/Uwe/Forums.aspx/network-wireless/200806/1

Bill Kearney

unread,
Jun 20, 2008, 8:52:19 AM6/20/08
to
> and also the MAC filter to allow only specific adaptors to access the
> network.

This is a useless feature. All it take for someone to overcome a MAC filter
is to make a text change in the network card setup to use a different MAC.

Worse, when an interace dies (or a USB dongle gets lost) it then requires
the hassle of adding the new MAC.


bnmohan via HWKB.com

unread,
Jun 21, 2008, 2:44:10 AM6/21/08
to
<My Linksys WRT54Gv2 does it right: the WPA (or WEP) key must match AND the
<MAC address must match (if Permit Only is selected) for the PC to access
<the 'net.
<
<Sounds like the DIR-300 has a bug or (just maybe) you did not correctly
<set up the MAC filter; double-check your settings.
<
< Signature
<
<
<Cheers, Bob

Could it be because the DHCP server is enabled, and the incoming wireless
adaptors were on get dynamic IP when I try to connect them to the router?
I am not sure of the sequence to be followed: I set the wifi adaptor IP to my
local lan; remove 802/11b authentication, connect to the router. I am never
sure in what order I do the three. It ends up at 'validating identity' most
of the time. Sometimes it connects; but the lan is not available ( because
the router is on one subnet and the lan on another). I go to the router and
enter the MAC address. When I retry, it still fails, and I find the 802/11b
auth has come back, or the new IP is gone :-(. I remove the auth, put back
the IP, and the thing connects. I am not sure if the 802 auth had come back
earlier, and the connection would have been made if the auth was removed,
without entering the MAC on the router.

Sorry, all that appears quite incoherent even to me!

Mohan
I would be happy if someone could point out the correct sequence to be
followed.

F8BOE

unread,
Jun 21, 2008, 3:29:43 AM6/21/08
to
bnmohan via HWKB.com wrote:

Hello,

Yes, they connect but they do not pass through to the network.

If you have the right hardware, you should use a strong WEP key such as 256
or 512 bits encryption. If not, a good long (rolling your head all over the
keyboard) WPA or WPA2 key is the way to go.

Ciao @+

Bob Willard

unread,
Jun 21, 2008, 8:46:24 AM6/21/08
to

From your confusing description, I can't tell how you have connected the
router into your environment. For a normal SOHO application, the WAN port
would be cabled to the cable/DSL modem, the 1-4 wired PCs would be
cabled to the 1-4 LAN ports, and the wireless PCs would be channeled
via 802.11G/802.11B to the radio end of the router; normally, all wired
and wireless PCs would be on the same LAN subnet, and all would access to
the 'net via the router's WAN port. Is this what you have, or want?

I don't know what you mean by "802/11b authentication". 802.11B is a
protocol and signalling mechanism used by some wireless nodes, just as
is 802.11G. Neither 802.11B nor 802.11G specify authentication. FWIW,
if all of your PCs are new enough to support 802.11G, I suggest disabling
802.11B in the router, since pure 802.11G will give better performance.

To simplify your LAN while troubleshooting, I suggest not using MAC filtering.
After everything works, you can turn MAC filtering ON and ALLOW only those
PCs that you want to access your LAN (and/or your pipe to the WAN). Note
that MAC filtering offers rather limited security, and probably is not
worth the effort. To secure the wireless segment of your LAN, use WPA2
or WPA or (at least) WEP; pick the best (WPA2 if possible) method that all
of your wireless PCs can use. For a new network, I suggest getting it
all working without wireless encryption, then turning on encryption in the
router and one wireless PC, then in each other wireless PC; it is easy to
screw up when trying to enter the same passphrase into the router and the
PCs, so do it one PC at a time and expect to do it over a few times (until
the difference between password and passphrase becomes clear).

As for DHCP, I would use it across the board from day one. It is very easy
to set up, in the router and in wired and wireless PCs, and it is pretty
robust. If you have problems and want to experiment, you can use DHCP on
some PCs but not others: with the DHCP server set to its normal range of
192.168.0.x (100 < x < 150), you can manually enter an IPA which is in the
same subnet but outside of the DHCP range (e.g., IPA=192.168.0.55 with a
mask of 255.255.255.0); how you assign that IPA to a PC depends on the
OS and the specific device driver for that PC.
--
Cheers, Bob

bnmohan via HWKB.com

unread,
Jun 21, 2008, 9:26:29 AM6/21/08
to
The router is connected to the LAN via one of the 1-4 lan ports. There is no
wan connection to the router. Machines with wifi adaptors connect to the lan
via the router radio connection. Others are (obviously) wired.
Re authentication: Network Neighbourhood Properties->wireless networks tab-
>Select Network->Authentication Tab.

Cheers,

Mohan

Bob Willard wrote:
>> <My Linksys WRT54Gv2 does it right: the WPA (or WEP) key must match AND the
>> <MAC address must match (if Permit Only is selected) for the PC to access

>[quoted text clipped - 26 lines]

--

Bob Willard

unread,
Jun 21, 2008, 9:52:50 PM6/21/08
to
bnmohan via HWKB.com wrote:

If the router is the DHCP server for the entire LAN, then I suggest that
you let it also assign IPAs for the wireless PCs. If there is another
DHCP server in the LAN, then you should disable the router's DHCP server
(and assign static IPAs for your wireless PCs if you need to). In most
SOHOs, you should avoid having more than one DHCP server in a LAN, since
that may cause invisible nodes (due to multiple subnets).

But how you assign IPAs (dynamic or static) should have no impact on the
encryption method for wireless nodes, or FWIW on MAC filtering.
--
Cheers, Bob

jch

unread,
Jun 24, 2008, 3:44:30 PM6/24/08
to
"Bill Kearney" <wkear...@hotmail.com> wrote in message
news:HI6dndtr-t-ZNcbV...@speakeasy.net...

Well.... a would be intruder would at least have to know what MAC to change
his NIC to.


Jerry Peters

unread,
Jun 24, 2008, 4:46:49 PM6/24/08
to
After going to the trouble of breaking the WEP key, spoofing the MAC
address is trivial.

Jerry

0 new messages