[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1029
  • Last Modified:

How to block rogue Mac addresses from authentication attemps!!

We have a wireless network installed, using HP products, we have a WESM, HP 2800, 5300xl, 5406zl switches, and HP 2300 radio ports. We are using a radius server, and mac authentication to control access. The problem is, that anybody with a wifi device coming into our network, continously trys to authenticate... usually about 200times per hour. This fills up all our loggs and ruins realtime information in procurve. Is there a way to select mac addresses and block them from interrogating the network?? Or at least stop procurve from looking at them??
0
gpccit
Asked:
gpccit
  • 3
  • 3
1 Solution
 
kdearingCommented:
You could disable transmission of the SSID.
This would prevent wifi devices trying to connect unless they know the SSID.
0
 
Darr247Commented:
If they're deliberately trying to connect, hiding the SSID isn't going to stop that - not only do they already know what it is, but they could easily capture packets for a while and find out what it is again even if you do change it then hide it. They aren't trying to authenticate via 802.1x (RADIUS) accidentally.

Could you please be more specific about what equipment you have?

Product search results

No search results were found that match "2300 radio ports" in HP ProCurve Networking

Results for "hp 2300" (257 products)

Results for "hp 2800"  
More than 300 products contain the term "hp 2800".

Results for "5300xl" (7 products)
» ProCurve 5304xl Switch
» ProCurve 5304xl-32G Switch
» ProCurve 5308xl Switch
» ProCurve 5308xl-48G Switch
» ProCurve 5348xl Switch
» ProCurve 5372xl Factory Racked Switch
» ProCurve 5372xl Switch
0
 
gpccitAuthor Commented:
Sorry radio port 230's.... to many Zeros.....
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
Darr247Commented:
That still leaves

Results for "hp 2800"  
More than 300 products contain the term "hp 2800".

Results for "5300xl" (7 products)
» ProCurve 5304xl Switch
» ProCurve 5304xl-32G Switch
» ProCurve 5308xl Switch
» ProCurve 5308xl-48G Switch
» ProCurve 5348xl Switch
» ProCurve 5372xl Factory Racked Switch
» ProCurve 5372xl Switch
0
 
gpccitAuthor Commented:
Ok not broadcasting the SSID hasn't worked. So extra info requested:

2800's:
2848
2810-24g
2810-48g
2824

5300xls:
5304
5304xl
5308

5406zls:
5406zl

I guess what we are specifically looking for is a way to stop all these unauthenticated macs from repeatedly trying to authenticate and therefore filling up logs in procurve... eg 1 particular mac tried to authenticate 158 times between 9-10am this morn...
0
 
Darr247Commented:
It looks like in the zl's you can create 'MAC extended ACL' lists, then Add rules to 'deny [mac address]'.

Create a new list and you should find MAC extended list in the ACL Type picklist.

You should find that ability in Security > ACLs > Configuration in the web interface.

After creating the new list you'll need to add a rule for each MAC address you want to explicitly block. You can also use masks to deny access to entire blocks of MAC addresses, but I think that could create problems down the road if one of your machines happens to have a MAC address in one of the blocks of MAC addresses filtered.

ACLs should be covered in detail by chapter 7 of the WESM-zl-MgmtCfg*.PDF manuals.
0
 
gpccitAuthor Commented:
That seems to have done it!!, we are monitoring currently, and 1 person seems to be slipping through the ACLs each morning, but instead of 6500 failed authentications we are recieving 1 or 2... so thanks heaps!
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now