I missed something in my last reply that some folks might not take for granted - once you have sniffed the mac address of a wireless card, changing your card to match is simple - I did it on a card integrated into a notebook inside of 30 seconds - you set it in the GUI even.
Andras -----Original Message----- From: Chuck Larrieu [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 15, 2001 7:10 PM To: [EMAIL PROTECTED] Subject: RE: Mac Address filtering on a 3512XL [7:26398] Ken, this comes up regularly with customers who want to do wireless, as if wireless will solve some great problem of theirs. well, in the case of my customers, there are indeed some great vertical applications that make this a wonderful technology. but... yes, mac filtering is one way to provide some modicum of security. spoofing mac's is not the first thing that enters the hacker's mind, so I've heard, but I would not rely on any one method to ensure a secure net. remember that there are several "wireless sniffers" available, so mac information can be decoded, and later spoofed. some folks I have spoken with do a number of things, including WEP, LEAP, and IPSec or L2TP from the wireless end device into the network, end to end. some folks go so far as to encrypt everything on storage devices, so that even if the wireless authentication is broken, it does hacker no good. if your app is hand-held based these may not be options. then you are back to the mac filtering. still, you might want to think about upping to 128 WEP anyway. how concerned are you about the integrity and confidentiality of the data going over the wireless? more so or less so than if that same data were available via VPN across the internet or via dial up access? Chuck -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ken Diliberto Sent: Thursday, November 15, 2001 3:18 PM To: [EMAIL PROTECTED] Subject: Re: Mac Address filtering on a 3512XL [7:26398] Yes, I do have a goal in mind. I just purchased some wireless equipment and would like to restrict the MAC addresses allowed in. 40 bit encryption is not good enough for the paranoid like me. It seems the network name is advertised. To me, that security really sucks. Besides, it's another challenge. Next, maybe a VPN tunnel. :-) Ken >>> "Howard C. Berkowitz" 11/15/01 02:24PM >>> >I am wanting to configure a mac-address filter on my switch but need some >help. Has anyone done this? > >Thanks. > >Ken Well, yes. But to coin a phrase, and to put it into a better context, what problem are you trying to solve? I find people learn better when they have a goal in mind, then look at configuration alternatives and how they relate to the problem. Howard Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26443&t=26398 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]