gpccit
asked on
How to block rogue Mac addresses from authentication attemps!!
We have a wireless network installed, using HP products, we have a WESM, HP 2800, 5300xl, 5406zl switches, and HP 2300 radio ports. We are using a radius server, and mac authentication to control access. The problem is, that anybody with a wifi device coming into our network, continously trys to authenticate... usually about 200times per hour. This fills up all our loggs and ruins realtime information in procurve. Is there a way to select mac addresses and block them from interrogating the network?? Or at least stop procurve from looking at them??
If they're deliberately trying to connect, hiding the SSID isn't going to stop that - not only do they already know what it is, but they could easily capture packets for a while and find out what it is again even if you do change it then hide it. They aren't trying to authenticate via 802.1x (RADIUS) accidentally.
Could you please be more specific about what equipment you have?
Product search results
No search results were found that match "2300 radio ports" in HP ProCurve Networking
Results for "hp 2300" (257 products)
Results for "hp 2800"
More than 300 products contain the term "hp 2800".
Results for "5300xl" (7 products)
» ProCurve 5304xl Switch
» ProCurve 5304xl-32G Switch
» ProCurve 5308xl Switch
» ProCurve 5308xl-48G Switch
» ProCurve 5348xl Switch
» ProCurve 5372xl Factory Racked Switch
» ProCurve 5372xl Switch
Could you please be more specific about what equipment you have?
Product search results
No search results were found that match "2300 radio ports" in HP ProCurve Networking
Results for "hp 2300" (257 products)
Results for "hp 2800"
More than 300 products contain the term "hp 2800".
Results for "5300xl" (7 products)
» ProCurve 5304xl Switch
» ProCurve 5304xl-32G Switch
» ProCurve 5308xl Switch
» ProCurve 5308xl-48G Switch
» ProCurve 5348xl Switch
» ProCurve 5372xl Factory Racked Switch
» ProCurve 5372xl Switch
ASKER
Sorry radio port 230's.... to many Zeros.....
That still leaves
Results for "hp 2800"
More than 300 products contain the term "hp 2800".
Results for "5300xl" (7 products)
» ProCurve 5304xl Switch
» ProCurve 5304xl-32G Switch
» ProCurve 5308xl Switch
» ProCurve 5308xl-48G Switch
» ProCurve 5348xl Switch
» ProCurve 5372xl Factory Racked Switch
» ProCurve 5372xl Switch
Results for "hp 2800"
More than 300 products contain the term "hp 2800".
Results for "5300xl" (7 products)
» ProCurve 5304xl Switch
» ProCurve 5304xl-32G Switch
» ProCurve 5308xl Switch
» ProCurve 5308xl-48G Switch
» ProCurve 5348xl Switch
» ProCurve 5372xl Factory Racked Switch
» ProCurve 5372xl Switch
ASKER
Ok not broadcasting the SSID hasn't worked. So extra info requested:
2800's:
2848
2810-24g
2810-48g
2824
5300xls:
5304
5304xl
5308
5406zls:
5406zl
I guess what we are specifically looking for is a way to stop all these unauthenticated macs from repeatedly trying to authenticate and therefore filling up logs in procurve... eg 1 particular mac tried to authenticate 158 times between 9-10am this morn...
2800's:
2848
2810-24g
2810-48g
2824
5300xls:
5304
5304xl
5308
5406zls:
5406zl
I guess what we are specifically looking for is a way to stop all these unauthenticated macs from repeatedly trying to authenticate and therefore filling up logs in procurve... eg 1 particular mac tried to authenticate 158 times between 9-10am this morn...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That seems to have done it!!, we are monitoring currently, and 1 person seems to be slipping through the ACLs each morning, but instead of 6500 failed authentications we are recieving 1 or 2... so thanks heaps!
This would prevent wifi devices trying to connect unless they know the SSID.