[SOLVED] Are there any free Wi-Fi or MAC Address Filtering software?

[RGS23]

Hi,

In our building, we have routers that acts as a switch to provide WAN connection for an entire floor. We got our Wireless MAC Filter Access Restriction set to 'Enabled' so we can filter out users who can connect. A lot of people come and go and this part of work can be really repetitive.

It gets so tedious to manually get a device's MAC address to add it in the 'MAC Filtering' tab of our router's interface. I do it manually by borrowing the client's device and look for the MAC/Wi-Fi address in the status of the device.

I also want to know if there is any recommendation to ease up the process or any other way to make it easier and at the same time, reliable for security.

The Linksys router is WAP54G

Thank you!

 

[bill001g]

That is sure is a old piece of junk for a router.

There is no actual simple way to do this because it is the wifi chips in the router doing most the work. Routers have very limited cpu especially old ones so even if you were to load third party firmware on them you can't run anything real fancy.

I suspect your best option is to continue to do it the way you do.

You could setup some fancy captive portal like a hotel uses so they have to agree to something but you would have to replace the router with some kind of server.

The other option which is somewhat easier than the mac filter but still mostly manual is to use enterprise mode on the router. You need a radius server but that just a old laptop running a unix variant with the radius function active. Each user gets their own userid and password rather than using the single common one. The router checks with the radius server when users try to connect. Even your old router supports this.

 

[RGS23]

That is sure is a old piece of junk for a router.

There is no actual simple way to do this because it is the wifi chips in the router doing most the work. Routers have very limited cpu especially old ones so even if you were to load third party firmware on them you can't run anything real fancy.

I suspect your best option is to continue to do it the way you do.

You could setup some fancy captive portal like a hotel uses so they have to agree to something but you would have to replace the router with some kind of server.

The other option which is somewhat easier than the mac filter but still mostly manual is to use enterprise mode on the router. You need a radius server but that just a old laptop running a unix variant with the radius function active. Each user gets their own userid and password rather than using the single common one. The router checks with the radius server when users try to connect. Even your old router supports this.

Yeah, I agree. But the thing is, I am new at the job, and I cannot really request to change it unless it breaks. I also read about it and it does not support Guest Wi-Fi.

Is it necessary to be a server? It can't be any desktop computer? I had to ask because I have to cut costs as much as possible.

I also don't see any enterprise mode for the AP anywhere in the interface, is it possible to do it?

 

[bill001g]

A server is more just a function rather than some particular hardware. It generally means you have some machine dedicated to provide some function. It gets very messy since there are server OS versions that can run on any hardware and you have hardware designed to be say rack mounted but can run any software.

The AP has a function called WPA-enterprise.

The more I look at this device the scarier it is. It still talks about using WEP which is not considered completely insecure.

 

[faalin]

Why arent you using a password or passphrase to allow people on the wifi? If you're only relying on MAC address filtering to block people from getting on your network then its not very secure. If someone finds out a known good MAC address on your network they can spoof their MAC address and gain access to your network.

We run cisco meraki at work and us 3 different SSID's for wifi.

Internal which gives anyone full internet speed and network access.
Floor for anyone out on the shop floor, limited to 1mbps, 95% are music streamers.
Guest set on a different sub network with .5mbps and only have internet access.

The guest password is the only published password, Internal and floor you have to come to IT with your device and they will put the password in.

 

[Urumiko]

No offence, But Its shocking any company would not support a minor upgrade of this solution.
You cant have business grade functionality on a basic old home router.

Upgrading to a router that supports an internal / guest wifi, or installing a radius server is the way forward (it doesnt have to be an actual big server).

Mac address filtering is pointless, Anyone can see what mac addresses are conencted to your network, and change their mac to match this in secconds.

What is in place to stop a guest connecting and instantly allowing malware from their device to infect your company with ransomware?

They need to take it serously and not cheap out.
I appreciate you are new n the job but it doesnt hurt to ge tthe risk down on paper.

 

[RGS23]

Why arent you using a password or passphrase to allow people on the wifi? If you're only relying on MAC address filtering to block people from getting on your network then its not very secure. If someone finds out a known good MAC address on your network they can spoof their MAC address and gain access to your network.

We run cisco meraki at work and us 3 different SSID's for wifi.

Internal which gives anyone full internet speed and network access.
Floor for anyone out on the shop floor, limited to 1mbps, 95% are music streamers.
Guest set on a different sub network with .5mbps and only have internet access.

The guest password is the only published password, Internal and floor you have to come to IT with your device and they will put the password in.

Password or passphrase can be shared without our knowledge so we resorted to MAC filter. Do you recommend having the IT to type in passwords on devices over typing-in MAC address on the access point's interface?

 

[RGS23]

No offence, But Its shocking any company would not support a minor upgrade of this solution.
You cant have business grade functionality on a basic old home router.

Upgrading to a router that supports an internal / guest wifi, or installing a radius server is the way forward (it doesnt have to be an actual big server).

Mac address filtering is pointless, Anyone can see what mac addresses are conencted to your network, and change their mac to match this in secconds.

What is in place to stop a guest connecting and instantly allowing malware from their device to infect your company with ransomware?

They need to take it serously and not cheap out.
I appreciate you are new n the job but it doesnt hurt to ge tthe risk down on paper.

It's shocking yes, pretty typical on early stages of a company in a third-world country though.

Isn't that MAC spoofing? Or that's different?

 

[Corwin65]

Typical of the end stages of an early stage company.

 

[faalin]

Password or passphrase can be shared without our knowledge so we resorted to MAC filter. Do you recommend having the IT to type in passwords on devices over typing-in MAC address on the access point's interface?

Yes, they are already bringing you their device so you can get the MAC address off it, why not at that point just type the password in. That is the only way we allow anything on our network, we never tell the pasword to anyone. The only wifi password that is freely open to anyone is our guest password and its locked down to only get to the internet nothing on our internal network, we keep everything on there own network.

Internal network is a 192.168.x.x while the guest network is 10.1.x.x, we also limit the guest wifi to 500Kbps. It also go through the same firewall content filtering as the rest of the internal network.