D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Vigor 2130n strange behaviour

 

How else will I put each person into their own WLan without using MAC filtering?

On 30 Mar 2014 20:07, "bad apple" <mr.meowski@xxxxxxxx> wrote:
On 30/03/14 19:53, Daniel Robinson wrote:
> Dear Phill and Meowski.
>
> Not sure where to start the reply to your emails, should I be pleased
> that you think I can do better than MAC filtering WPA2 AES CSM Isolated
> WLAN's custom DNS server, Hardware NAT / Firewall, URL filtering or
> should I be disheartened that it's not enough.
>
> All I'm trying to achieve with MAC filtering is to put an IP address to
> each device, separate each device to each owner, then give each owner
> its own private LAN which is inaccessible to anyone else.
>
> For some reason when I enable wireless LAN access control I am no longer
> able to connect devices to their own SSID even when it would seem all
> settings are present and correct.
>
> If you feel I can get more security from this router please advise. Any
> suggestions for what on earth is going on when I enable MAC filtering
> will be greatly received.
>
> Kind Regards


Everything else you're doing sounds highly sensible and is good security
practice: I can see why you'd want to segregate your other users onto
their own network segments as well, so far so good.

Saying that, you definitely could do better - have a look at setting up
a radius server for industrial strength wifi infrastructure. Also a
dedicated hardware NAT/firewall is not actually a value-added
proposition compared to a manually configured OpenBSD or Linux box doing
the same job despite what various snake oil salesmen might tell you.

But the whole MAC filtering thing is a complete, total waste of time.
It's even screwing up your otherwise functional wifi setup so why you'd
persist in trying to implement it in the face of the truly gigantic pile
of evidence pointing to it's complete usefulness is a bit beyond me.
Toss it out and don't look back.

Security through obscurity is always a bad idea...

Cheers

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq
-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq