WSEC Lab 4 Wireless security: AP access filtering Student _________________________________
The purpose of this Lab is to create an AP access filter that will limit WLAN access. The filtering will be of two types: Blocking (disallowing) selected users, and Enabling (allowing) only certain users and blocking all others. This technique improves WLAN security (especially when used in conjunction with other measures).
NOTE: It is possible that if incorrect MAC addresses are entered into the Access Filters, you could lock yourself out of the AP! BE CAREFUL!!
Setup the WLAN/LAN that has been used previously: Configure the WLAN using 2 or more WLAN PCs (that include a configured WNIC) linked to an AP, and the AP is connected to the infrastructure LAN via a router/switch.
Write down the MAC addresses of all the WLAN PCs here (use router’s DHCP table):
1. We will block access for the WLAN PC listed as #1 above. Using WLAN PC #2 (see above), open the AP Address Filters Page (direct browser to AP’s IP address, then open “Setup”, then “Address Filters” in the “Association” section).
2. In the “New MAC Address Filter” field type in the MAC address of WLAN PC #1 (from list above) and click “Disallowed”. Then click “Add”, then “Apply”, then “OK”.
3. Repeat step 1 to confirm that the MAC address of WLAN PC #1 is listed in the “Existing MAC Address Filters” field.
4. Open the Aironet Client Utility (ACU) on WLAN PC #1. Has the AP associated the client? ________. Explain _______________________________________________________
5. Repeat steps 2, 3, 4 and add other WLAN PCs to be disallowed (blocked). DO NOT ADD WLAN PC #2 !!) Then check to see if each has indeed been blocked by the AP. What are the results? ______________________________________________________________________________________________________________________________________________
6. Now undo what you have done. Go to the AP Address Filters page and click “Remove” for all the MAC addresses listed.
7. Confirm that the AP is now associating all WLAN PCs.
Part 2. Allowing only certain users to access the WLAN.
WARNING: Include at least one of the WLAN PCs as “Allowed” or you will lock yourself out of the AP!
8. Repeat steps 1 and 2 except click “Allowed” in the AP “New MAC Address Filter” field.
9. Return to the AP “Setup” page, then open the “AP Radio Advanced” page.
10. Select “Disallowed” for the “Default Unicast Address Filter”. Click “OK”. You may need to reboot the AP for the changes to occur.
11. Which of the WLAN PCs can now associate with the AP? Explain what has happened. ___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
12. How can the use of Access Filters improve WLAN security? Does it provide total security? Explain. ___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________