Block private/random MAC addresses
Hello as per title, how can I block device that want to connect using the private/random MACs.
I know that this feature is possible since long and now more evident with the release of Apple IoS14 where users can use that feature for WiFi connection.
I have seen on internet that all MAC where the second digits is 2, 6, A or E is a random address.
In the MAC groups I cannot create a kind of MAC format like X2.XX.XX.XX so how can I do that in order to restrict a user to don't use the private address ?
I use OC200 to control with Omada a switch TL-SG2428P and some EAP245/225.
Thanks
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @Xstreem,
In the SDN version of Omada, you can enable MAC based authentication. It's under Settings, Authentication, MAC based authentication
"MAC-Based Authentication allows or disallows clients access to wireless networks based on the MAC addresses of the clients. In this authentication method, the controller takes wireless clients’ MAC addresses as their usernames and passwords for authentication. The RADIUS server authenticates the MAC addresses against its database which stores the allowed MAC addresses. Clients can access the wireless networks configured with MAC-based authentication after passing authentication successfully."
Generally speaking, though, since it is very easy to spoof and clone MAC addresses this is not generally regarded as a useful/secure methodology. That said, it does tend to prevent novice users out -- aka "keeping honest people honest"
It seems like a Radius server may be needed to host the list. I thought there was a way to use a CSV or similar before.
-Jonathan
- Copy Link
- Report Inappropriate Content
@JSchnee21 thanks for reply, it's absurd you cannot simply enter a mac address with a format string like xA:xx:xx:xB. Aswell as it's absurd you cannot import an excel or text file with a list.
as said in another post it's ridiculous that complex things are implemented and basic first college things don't, also they are not considering that those stuff are becoming more and more popular in home appliance, where they can grow business a lot implementing better features
- Copy Link
- Report Inappropriate Content
Hi @Xstreem,
I just posted this in another thread which you might find interesting:
FYI, I did find, in the Omada SDN interface, under the WLAN settings for each SSID you can BATCH import a whitelist or blacklist of MAC addresses. BUT, I do not believe it supports wild cards.
Settings => Wireless Networks => Edit SSID => Enable MAC Filter => Manage MAC Groups => Create a New Group => Batch Add
"Note:
1.Each MAC address and name should be entered on a new line. The MAC address and name should be separated by a space.
2.Octets in a MAC address should be separated by a hyphen. For example, AA-BB-CC-DD-EE-FF."
I'm not sure how easy it would be to update this to support wild cards. Theoretically, it could with some firmware code modification (it's just a string compare) but I'm not sure how performant this would be under load.
-Jonathan
- Copy Link
- Report Inappropriate Content
@JSchnee21 thanks Jon i saw that, do you know if it is possible to get an alert and then email when a new mac address connect to the network?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2691
Replies: 4
Voters 0
No one has voted for it yet.