Mac Address filtering and internet use control, Do I need some kind of proxy server?

Posted on 2006-03-24
Last Modified: 2013-11-13
One of our offices is due to have an IT overhaul and we are considering giving visitors a certain amount of access to be able to use the internet through our network and we also plan to have wireless access points in the building.

We would like to have a system where these visitors could connect to the network (probably wirelessly) but would be required to enter a password through a web based system or have their MAC address registered before they can use the internet.  We figure that trying to get them to set the WEP key for our network would be asking too much of them so would like to secure it another way.  We would like also to be able to register the MAC addresses of our company machines so that users of these machines can use the internet without having to enter a password every time.

Any advice as to what software or hardware can be used will be great.
Question by:howardsit
    LVL 20

    Expert Comment

    We do something similar using 802.1x authentication.

    All domain machines have a Microsoft domain machine certificate.
    All the switches are configured for 802.1x authentication using Microsoft IAS
    The switches put our machines in our VLAN and guest machines (no certificate) in a guest VLAN.

    Much easier than registering a ton of MAC addresses.

    more detail
    LVL 12

    Expert Comment

    You have to separate your wireless network which is open to visitors from your internal network anyway, so you'll need a proper firewall. Any firewall that has 3 or more network interfaces will be able to give your company network access, while forcing the wireless network through a proxy server (by disallowing outside access except for the proxy server).

    If you place the proxy server in a DMZ (which I believe is best practice anyway) then your internal network can profit from it as well.

    Maybe have a look at SmoothWall Firewall/Guardian?

    Author Comment

    It is only for a reasonably small office of 12 - 15 full time network users. They are due to go over to a citrix solution now but we still want to give mobile users wireless access to the internet.

    Using the firewall to force wireless through the proxy seems to be a reasonable idea but how do we stop random people in neighbouring offices from using our internet connection (and bandwidth which is needed for our citrix users) and still allow visitors to the company to use it.  They frequently have meetings and presentations at this office.  We don’t want to have to give them a wep key to use as most of them won’t be able to figure out where to insert it.

    Can you get proxy server software can recognise our network devices and allow them access but then for unrecognised users display a password box before it will allow any pages through?  I don’t know how well I am explaining that.

    Many thanks for your previous fast responses.
    LVL 12

    Accepted Solution

    For example ISA Server allows users that are already logged on to a Windows domain to use the internet connection transparently (if the rules allow them to do so). Your visitors will not be logged on and will require authentication, so a username/password dialog is displayed.

    You can hand them a default username that only allows proxy access and a password that changes every now and then, if required.

    If you don't want to buy ISA server, then there are firewalls that can automatically force http(s) to be redirected to a proxy server (for example Sonicwall). Your internal office users then do not use the proxy server, the wireless users are forced through the proxy and must authenticate.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    #Citrix #Citrix Netscaler #HTTP Compression #Load Balance
    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now