MAC Filtering Not Working

I recently enabled MAC filtering to add additional
security to my MN-500 base station but I noticed that two
of my stations continued to be able to access the network
(I assume because they still had the correct WEP key in
their config). I assumed that once the MAC table was
enable that workstations would require both WEP and MAC
but I appears this is not the way it works. I can add a
MAC and set the flag to deny and It kills that connection
so I know I'm adding the MAC correctly. This is a problem
for both wired and wireless connection to the base. Any
help is appreciated.

Kobe Did It

Hi,

I don't quite understand your question. It appears that the MAC address
filtering is working from what you've described.
What's the issue that you're having?

--
Gary Tsang
Microsoft MVP - Windows XP Shell/User
http://www.microsoft.com/mvp

"Kobe Did It" <(E-Mail Removed)> wrote in message
news:06d701c4ac1f$358a3470$(E-Mail Removed)...
>I recently enabled MAC filtering to add additional
> security to my MN-500 base station but I noticed that two
> of my stations continued to be able to access the network
> (I assume because they still had the correct WEP key in
> their config). I assumed that once the MAC table was
> enable that workstations would require both WEP and MAC
> but I appears this is not the way it works. I can add a
> MAC and set the flag to deny and It kills that connection
> so I know I'm adding the MAC correctly. This is a problem
> for both wired and wireless connection to the base. Any
> help is appreciated.
>
> Kobe Did It

Gary, the problem I'm having is the mac filter is not
overriding the WEP authenication. WEP was configured
correctly some time ago and always works. After adding
(and enabling MAC filtering)as a second layer of security
I was under the impression that the workstations should
not work until I enter their MAC addressess into the MAC
filter table and from this point forward only
workstations that have both the correct WEP key and a
valid MAC entry would sucessfully access the base
station. They continued to work without me adding them
into the table. Do you now understand the problem I'm
trying to correct?

>-----Original Message-----
>Hi,
>
>I don't quite understand your question. It appears that
the MAC address
>filtering is working from what you've described.
>What's the issue that you're having?
>
>--
>Gary Tsang
>Microsoft MVP - Windows XP Shell/User
>http://www.microsoft.com/mvp
>
>"Kobe Did It" <(E-Mail Removed)>
wrote in message
>news:06d701c4ac1f$358a3470$(E-Mail Removed)...
>>I recently enabled MAC filtering to add additional
>> security to my MN-500 base station but I noticed that
two
>> of my stations continued to be able to access the
network
>> (I assume because they still had the correct WEP key in
>> their config). I assumed that once the MAC table was
>> enable that workstations would require both WEP and MAC
>> but I appears this is not the way it works. I can add a
>> MAC and set the flag to deny and It kills that
connection
>> so I know I'm adding the MAC correctly. This is a
problem
>> for both wired and wireless connection to the base. Any
>> help is appreciated.
>>
>> Kobe Did It
>
>
>.
>

Hi,

I understand the issue that you're having now. Thanks for clarifying.

Under the Base Station Management tool's MAC Filtering page,
did you put a checkmark under the second checkmark box "Enable association
control and .... etc.
and for the drop down menu that lets you choose "allow" or "deny" did you
choose deny? You need to choose "deny" for the MAC filtering to deny any
unauthorized wireless network cards to associate with your base station.

Then click on the Apply button at the bottom.


--
Gary Tsang
Microsoft MVP - Windows XP Shell/User
http://www.microsoft.com/mvp

"Kobe did it" <(E-Mail Removed)> wrote in message
news:022901c4acaf$3716c570$(E-Mail Removed)...
> Gary, the problem I'm having is the mac filter is not
> overriding the WEP authenication. WEP was configured
> correctly some time ago and always works. After adding
> (and enabling MAC filtering)as a second layer of security
> I was under the impression that the workstations should
> not work until I enter their MAC addressess into the MAC
> filter table and from this point forward only
> workstations that have both the correct WEP key and a
> valid MAC entry would sucessfully access the base
> station. They continued to work without me adding them
> into the table. Do you now understand the problem I'm
> trying to correct?
>
>>-----Original Message-----
>>Hi,
>>
>>I don't quite understand your question. It appears that
> the MAC address
>>filtering is working from what you've described.
>>What's the issue that you're having?
>>
>>--
>>Gary Tsang
>>Microsoft MVP - Windows XP Shell/User
>>http://www.microsoft.com/mvp
>>
>>"Kobe Did It" <(E-Mail Removed)>
> wrote in message
>>news:06d701c4ac1f$358a3470$(E-Mail Removed)...
>>>I recently enabled MAC filtering to add additional
>>> security to my MN-500 base station but I noticed that
> two
>>> of my stations continued to be able to access the
> network
>>> (I assume because they still had the correct WEP key in
>>> their config). I assumed that once the MAC table was
>>> enable that workstations would require both WEP and MAC
>>> but I appears this is not the way it works. I can add a
>>> MAC and set the flag to deny and It kills that
> connection
>>> so I know I'm adding the MAC correctly. This is a
> problem
>>> for both wired and wireless connection to the base. Any
>>> help is appreciated.
>>>
>>> Kobe Did It
>>
>>
>>.
>>

Gary, thanks for the reply. Is this something similar to
configuring cisco routers where you have to have an
explicit deny or permit statement as the last entry
preventing all other users. In other words do you mean
after all my valid entries I need to go down one line and
select deny which applies to all "other" or unauthorized
devices?
>-----Original Message-----
>Hi,
>
>I understand the issue that you're having now. Thanks
for clarifying.
>
>Under the Base Station Management tool's MAC Filtering
page,
>did you put a checkmark under the second checkmark
box "Enable association
>control and .... etc.
>and for the drop down menu that lets you choose "allow"
or "deny" did you
>choose deny? You need to choose "deny" for the MAC
filtering to deny any
>unauthorized wireless network cards to associate with
your base station.
>
>Then click on the Apply button at the bottom.
>
>
>--
>Gary Tsang
>Microsoft MVP - Windows XP Shell/User
>http://www.microsoft.com/mvp
>
>"Kobe did it" <(E-Mail Removed)>
wrote in message
>news:022901c4acaf$3716c570$(E-Mail Removed)...
>> Gary, the problem I'm having is the mac filter is not
>> overriding the WEP authenication. WEP was configured
>> correctly some time ago and always works. After adding
>> (and enabling MAC filtering)as a second layer of
security
>> I was under the impression that the workstations should
>> not work until I enter their MAC addressess into the
MAC
>> filter table and from this point forward only
>> workstations that have both the correct WEP key and a
>> valid MAC entry would sucessfully access the base
>> station. They continued to work without me adding them
>> into the table. Do you now understand the problem I'm
>> trying to correct?
>>
>>>-----Original Message-----
>>>Hi,
>>>
>>>I don't quite understand your question. It appears
that
>> the MAC address
>>>filtering is working from what you've described.
>>>What's the issue that you're having?
>>>
>>>--
>>>Gary Tsang
>>>Microsoft MVP - Windows XP Shell/User
>>>http://www.microsoft.com/mvp
>>>
>>>"Kobe Did It" <(E-Mail Removed)>
>> wrote in message
>>>news:06d701c4ac1f$358a3470$(E-Mail Removed).. .
>>>>I recently enabled MAC filtering to add additional
>>>> security to my MN-500 base station but I noticed that
>> two
>>>> of my stations continued to be able to access the
>> network
>>>> (I assume because they still had the correct WEP key
in
>>>> their config). I assumed that once the MAC table was
>>>> enable that workstations would require both WEP and
MAC
>>>> but I appears this is not the way it works. I can
add a
>>>> MAC and set the flag to deny and It kills that
>> connection
>>>> so I know I'm adding the MAC correctly. This is a
>> problem
>>>> for both wired and wireless connection to the base.
Any
>>>> help is appreciated.
>>>>
>>>> Kobe Did It
>>>
>>>
>>>.
>>>
>
>
>.
>