"Allow" access policies. - dslreports.com

Author	All Replies
CharlieMay join:2002-04-11 Albany, IN clubs:	"Allow" access policies. Is there a way with the Linksys WRT54G to only allow the MAC addresses listed in a restriction policy to have access to the network? I want to list the PC's on my network in the "edit list of PC's" area and restrict any other MAC address that tries to connect to the network. I know I can DENY a MAC address in a restriction but can I DENY ALL except those listed in the list of PC's I don't want to use IP addresses as those can be circumvented too easily. Thanks
	to forum · permalink · · 2008-07-14 18:43:05 ·
Dr Pepper @rr.com	What version is your WRT54G? The Tomato firmware can do what you are describing (DD-WRT likely can as well). However, basing even part of your security on MAC addresses is not a good idea. It's not much harder to sniff and spoof a MAC address than it is to change an IP address.
	to forum · permalink · 2008-07-14 21:14:49 ·
Phil Rojo Sol Premium join:2001-06-11 Camarillo, CA	reply to CharlieMay Is this for wireless clients? You can do this using the factory installed firmware under 'Wireless' > 'Wireless MAC Filer' > check 'Enable' > 'Permit only...' > 'Edit MAC Filter List' and add MAC addresses you want to permit > 'Save Settings'.
	to forum · permalink · · 2008-07-14 23:11:42 ·
CharlieMay join:2002-04-11 Albany, IN clubs:	reply to CharlieMay It is Version 6 and for Wired PC's. I know MAC addresses can be spoofed but it really isn't a concern. I just know that the Dynamic IP can come up as a valid one if one of the valid computers has been off for a while. I'm just trying to alleviate my sons friends coming over and hooking into my network and downloading movies and such. I'll check Tomato out but I remember at one time it didn't work for version 6 routers.
	to forum · permalink · · 2008-07-17 08:59:35 ·
Dr Pepper @rr.com	reply to CharlieMay Correct, Tomato won't run on that router. I just took a look at the manual for the router and it looks like it's possible with the stock firmware. »www.linksys.com/servlet/Satellit···S/Layout I downloaded the PDF from that page and on page 14 it has just what you're talking about. From what I've read it looks like you have the option to deny or allow access for the list of MACs in Access Restrictions > Internet Access.
	to forum · permalink · 2008-07-17 09:51:37 ·
Dr Pepper @rr.com	reply to CharlieMay I'm assuming that if you create a policy and allow access for the list of MACs that all others not listed will be denied access. From just looking at the PDF I'm not sure. Sorry for the double post.
	to forum · permalink · 2008-07-17 09:59:35 ·
CharlieMay join:2002-04-11 Albany, IN clubs:	reply to Dr Pepper said by Dr Pepper : Correct, Tomato won't run on that router. I just took a look at the manual for the router and it looks like it's possible with the stock firmware. »www.linksys.com/servlet/Satellit···S/Layout I downloaded the PDF from that page and on page 14 it has just what you're talking about. From what I've read it looks like you have the option to deny or allow access for the list of MACs in Access Restrictions > Internet Access. Dr Pepper, I saw where you are talking about. Unfortunately however, if I create a restriction with 3 MAC addresses and leave Allow selected, it does nothing. I can only get the list of pcs to mean something if I deny. The restriction for some reason doesn't appear to do anything unless Deny is selected. I don't know if this is a bug in the firmware or by design but it really seems to me like a bug or they wouldn't even have allow listed as an option it would just be deny any pc's in the list. I entered the 3 MACS into the list of pc's and selected deny and saved. I was then able to hook up my laptop which wasn't in the list and had full access. However, if I went back into the restriction and chose deny, my laptop was the only pc of the 4 that had internet access.
	to forum · permalink · · 2008-07-17 12:13:04 ·
RevMortis I Hear Dead Silicon Premium join:2005-05-10 Saint Paul, MN	reply to CharlieMay DDWRT can run on a v6 IIRC. I don't remember if it can do what you want though.
	to forum · permalink · · 2008-07-17 12:14:02 ·
jbob Reach Out and Touch Someone Premium join:2004-04-26 Little Rock, AR ·Comcast ·AT&T Southwest	reply to CharlieMay My 1st suggestion would be to dump the version 6 and get a GL! Beyond that however the suggestions about using the Access Restrictions may work. Why don't you try turning off the DHCP server and then using the Access Restrictions to issue the IP address based on the MAC. With DHCP disabled perhaps an IP will still be issued to the MAC addresses indicated but no other IPs will be used.
	to forum · permalink · · 2008-07-17 13:23:14 ·


Saturday, 30-Aug 00:06:48	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9 years online! © 1999-2008 dslreports.com. republican-creole page compression OFF