MAC filtering on AEBS/time capsule

Discussion in 'Mac Accessories' started by mrklaw, May 12, 2008.

  1. mrklaw macrumors 68000

    Joined:
    Jan 29, 2008
    #1
    Hi

    I want to add my wifi radio which doesn't seem to let me enter a password. But I can enable the MAC access control on my time capsule. But a quick question:

    does MAC filtering happen before password query or as well as? I.e can I just use access control to provide access to a small list of devices that don't support WPA2 (like the DS or my radio) and everything else can still use the password? Or if I turn on time limited access I have to list everything I want to allow access (which is a lot of things)
     
  2. err404 macrumors 68020

    Joined:
    Mar 4, 2007
    #2
    No, you can not define encryption levels based on MAC address. It's all or nothing. Each wireless network requires the same encryption for all attached devices. If you use WPA, everything will need to support WPA. If you use MAC filtering, every device will need to be defined.

    But be warned; MAC filtering is only useful for stopping casual users from using your bandwidth. It provides absolutely no security to your network. Every packet is sent in the clear and is viewable by everybody in range. It's also trivial to circumvent since all connected MAC address are broadcast by your router. These valid MAC addresses can be easily impersonated to gain full access to you network.
    Anybody who is a threat to your network will hardly even be slowed down by MAC filtering. (almost the same is true for WEP these days, but it better then nothing)

    Since with MAC filtering you are only gaining 'protection' from casual users anyway, you could consider hiding your SSID instead. It's still no level of real security, but at least you wont have to manually maintain a list of MAC addresses.
     
  3. skorpien macrumors 68020

    Joined:
    Jan 14, 2008
    #3
    What about allowing wireless clients access without a password? I was just reading the setup manual, and on pages 25-26 it talks about how to do this. I'm not sure as I've never tried, but I think you'd still be limited by the encryption even if you don't require a password. The DS probably won't work if you're using WPA2, but depending on your wifi radio it could very well be able to access your network.
     
  4. mrklaw thread starter macrumors 68000

    Joined:
    Jan 29, 2008
    #4
    ah, thats where it is - hidden in the utility menu. I'd read that in the manual but was looking for it in the main tabs. That'll teach me to read the manual properly :D

    So I should be able to choose 'first client' and then switch my radio on. Then the time capsule should store its MAC address and give that access, while everything else uses WPA. That'll be useful for the DS as well which might not like WPA

    I do hide the SSID as well BTW.
     
  5. err404 macrumors 68020

    Joined:
    Mar 4, 2007
    #5
    This method of access requires WPA. This a relatively new encryption method and many devices do not support it. If your wireless radio does not allow you to enter a password, the odds of it supporting WPA are slim to none. Can you provide the model of the radio? I may be able to look it up and let you know your best options.

    BTW - there is no advantage to using both a hidden SID and MAC filtering. Either stops casual users, but neither deters even basic probes.
     
  6. skorpien macrumors 68020

    Joined:
    Jan 14, 2008
    #6
    Just realized that I fudged a bit haha. The DS doesn't even support WPA. It only supports WEP encryption. So it wouldn't work for the DS if what err404 says is true. Sorry...
     
  7. mrklaw thread starter macrumors 68000

    Joined:
    Jan 29, 2008
    #7
    from reading the manual it suggests that adding a 'client' which is invited means they don't need to enter a password? Might try later with my DS.


    The radio is a logik100. Found out that there was a firmware update recently that added WPA. so I turned off security, downloaded it and all is well now.
     

Share This Page