Link to home
Start Free TrialLog in
Avatar of gpccit
gpccitFlag for Australia

asked on

How to block rogue Mac addresses from authentication attemps!!

We have a wireless network installed, using HP products, we have a WESM, HP 2800, 5300xl, 5406zl switches, and HP 2300 radio ports. We are using a radius server, and mac authentication to control access. The problem is, that anybody with a wifi device coming into our network, continously trys to authenticate... usually about 200times per hour. This fills up all our loggs and ruins realtime information in procurve. Is there a way to select mac addresses and block them from interrogating the network?? Or at least stop procurve from looking at them??
Avatar of kdearing
kdearing
Flag of United States of America image

You could disable transmission of the SSID.
This would prevent wifi devices trying to connect unless they know the SSID.
Avatar of Darr247
If they're deliberately trying to connect, hiding the SSID isn't going to stop that - not only do they already know what it is, but they could easily capture packets for a while and find out what it is again even if you do change it then hide it. They aren't trying to authenticate via 802.1x (RADIUS) accidentally.

Could you please be more specific about what equipment you have?

Product search results

No search results were found that match "2300 radio ports" in HP ProCurve Networking

Results for "hp 2300" (257 products)

Results for "hp 2800"  
More than 300 products contain the term "hp 2800".

Results for "5300xl" (7 products)
» ProCurve 5304xl Switch
» ProCurve 5304xl-32G Switch
» ProCurve 5308xl Switch
» ProCurve 5308xl-48G Switch
» ProCurve 5348xl Switch
» ProCurve 5372xl Factory Racked Switch
» ProCurve 5372xl Switch
Avatar of gpccit

ASKER

Sorry radio port 230's.... to many Zeros.....
That still leaves

Results for "hp 2800"  
More than 300 products contain the term "hp 2800".

Results for "5300xl" (7 products)
» ProCurve 5304xl Switch
» ProCurve 5304xl-32G Switch
» ProCurve 5308xl Switch
» ProCurve 5308xl-48G Switch
» ProCurve 5348xl Switch
» ProCurve 5372xl Factory Racked Switch
» ProCurve 5372xl Switch
Avatar of gpccit

ASKER

Ok not broadcasting the SSID hasn't worked. So extra info requested:

2800's:
2848
2810-24g
2810-48g
2824

5300xls:
5304
5304xl
5308

5406zls:
5406zl

I guess what we are specifically looking for is a way to stop all these unauthenticated macs from repeatedly trying to authenticate and therefore filling up logs in procurve... eg 1 particular mac tried to authenticate 158 times between 9-10am this morn...
ASKER CERTIFIED SOLUTION
Avatar of Darr247
Darr247
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of gpccit

ASKER

That seems to have done it!!, we are monitoring currently, and 1 person seems to be slipping through the ACLs each morning, but instead of 6500 failed authentications we are recieving 1 or 2... so thanks heaps!