PistonHeads
PistonHeads
Buy
Sell
Forum
Gassing Station » Computers, Gadgets & Stuff
PistonHeads » Gassing Station » The Pie & Piston » Computers, Gadgets & Stuff
Best wireless access point
My ProfileMy PreferencesMy Mates
SearchMy Stuff
What's New3122472

Best wireless access point

Reply
OP Posts Only
OP Posts Only
Reply
OP Posts Only
Author
Discussion

Stupeo

Original Poster:

1,343 posts

194 months

[report]
[news]
Monday 19th October 2009
quotequote all
We need a new Wireless Access Point for our office.

Basically, we use MAC Address filtering currently to allow devices onto our company network. We have just reached 32 wireless devices (the maximum number of MAC addresses i can set on the AP) so will need to upgrade to something that allows more than 32.

Any recommendations? Budget upto £100 i would say. Only need to be an AP not a router.

Thanks,

Matt.

agent006

12,043 posts

265 months

[report]
[news]
Monday 19th October 2009
quotequote all
Why not switch to WPA instead?

Mattt

16,661 posts

219 months

[report]
[news]
Monday 19th October 2009
quotequote all
Have a look at some of the custom firmware around, Tomato (IIRC) and DD-WRT for example.

Mr E

21,709 posts

260 months

[report]
[news]
Monday 19th October 2009
quotequote all
agent006 said:
Why not switch to WPA instead?
How would that help his Mac filtering limit?
I assume the OP is running WPA as well as the mac filter....

Stupeo

Original Poster:

1,343 posts

194 months

[report]
[news]
Monday 19th October 2009
quotequote all
Mr E said:
agent006 said:
Why not switch to WPA instead?
How would that help his Mac filtering limit?
I assume the OP is running WPA as well as the mac filter....
Correct!

Mr E

21,709 posts

260 months

[report]
[news]
Monday 19th October 2009
quotequote all
Have a draytek that's pretty good, but I think it has a mac limit of about 40

agent006

12,043 posts

265 months

[report]
[news]
Tuesday 20th October 2009
quotequote all
Mr E said:
I assume the OP is running WPA as well as the mac filter....
I'm questioning the benefits that MAC address filtering offers when also running WPA.

Roop

6,012 posts

285 months

[report]
[news]
Tuesday 20th October 2009
quotequote all
I'm not sure how many AP's allow more than 32 devices. Typically the SoHo units don't. I expect because the channel becomes very crowded and the throughput drops off considerably.

If I was you I'd look at the following:

- Buy a second AP of the same model (or two new ones of the same model).
- Put one at each end of the office.
- Set up both AP's with the same SSID, WPA2-AES (assuming it's supported by your clients) but have them operating on different discrete channels one each on either Ch.1, Ch.6 or Ch.11).
- Ditch the MAC filtering.

Should reduce the load on a single AP yet allow "roaming" between the two if you move around the office.

Alternatively, you can use 2 separate SSIDs if you want to completely segregate.

Mr E

21,709 posts

260 months

[report]
[news]
Tuesday 20th October 2009
quotequote all
agent006 said:
Mr E said:
I assume the OP is running WPA as well as the mac filter....
I'm questioning the benefits that MAC address filtering offers when also running WPA.
I personally don't bother any more at home, if someone is sharp enough to break the WPA it won't be a huge issue to clone the mac addresses.

On a work network, I certainly would enable MAC filtering to stop employees "loaning" access to unauthorised machines.

Roop

6,012 posts

285 months

[report]
[news]
Tuesday 20th October 2009
quotequote all
Mr E said:
agent006 said:
Mr E said:
I assume the OP is running WPA as well as the mac filter....
I'm questioning the benefits that MAC address filtering offers when also running WPA.
I personally don't bother any more at home, if someone is sharp enough to break the WPA it won't be a huge issue to clone the mac addresses.

On a work network, I certainly would enable MAC filtering to stop employees "loaning" access to unauthorised machines.
Equally though, I'd argue that if employees are smart enough to show the WPA key in Windows / OS X they are smart enough to spoof the MAC on an unauthorised device...

Mr E

21,709 posts

260 months

[report]
[news]
Tuesday 20th October 2009
quotequote all
Roop said:
Mr E said:
agent006 said:
Mr E said:
I assume the OP is running WPA as well as the mac filter....
I'm questioning the benefits that MAC address filtering offers when also running WPA.
I personally don't bother any more at home, if someone is sharp enough to break the WPA it won't be a huge issue to clone the mac addresses.

On a work network, I certainly would enable MAC filtering to stop employees "loaning" access to unauthorised machines.
Equally though, I'd argue that if employees are smart enough to show the WPA key in Windows / OS X they are smart enough to spoof the MAC on an unauthorised device...
On a PC, maybe. On a mobile phone or similar?

Roop

6,012 posts

285 months

[report]
[news]
Tuesday 20th October 2009
quotequote all
Mr E said:
Roop said:
Mr E said:
agent006 said:
Mr E said:
I assume the OP is running WPA as well as the mac filter....
I'm questioning the benefits that MAC address filtering offers when also running WPA.
I personally don't bother any more at home, if someone is sharp enough to break the WPA it won't be a huge issue to clone the mac addresses.

On a work network, I certainly would enable MAC filtering to stop employees "loaning" access to unauthorised machines.
Equally though, I'd argue that if employees are smart enough to show the WPA key in Windows / OS X they are smart enough to spoof the MAC on an unauthorised device...
On a PC, maybe. On a mobile phone or similar?
Fair point. :tumbup:

GregE240

10,857 posts

268 months

[report]
[news]
Tuesday 20th October 2009
quotequote all
Roop said:
Mr E said:
agent006 said:
Mr E said:
I assume the OP is running WPA as well as the mac filter....
I'm questioning the benefits that MAC address filtering offers when also running WPA.
I personally don't bother any more at home, if someone is sharp enough to break the WPA it won't be a huge issue to clone the mac addresses.

On a work network, I certainly would enable MAC filtering to stop employees "loaning" access to unauthorised machines.
Equally though, I'd argue that if employees are smart enough to show the WPA key in Windows / OS X they are smart enough to spoof the MAC on an unauthorised device...
Right, and how are you going to do that then? By "accidentally" finding a valid MAC address?

Roop

6,012 posts

285 months

[report]
[news]
Tuesday 20th October 2009
quotequote all
GregE240 said:
Roop said:
Mr E said:
agent006 said:
Mr E said:
I assume the OP is running WPA as well as the mac filter....
I'm questioning the benefits that MAC address filtering offers when also running WPA.
I personally don't bother any more at home, if someone is sharp enough to break the WPA it won't be a huge issue to clone the mac addresses.

On a work network, I certainly would enable MAC filtering to stop employees "loaning" access to unauthorised machines.
Equally though, I'd argue that if employees are smart enough to show the WPA key in Windows / OS X they are smart enough to spoof the MAC on an unauthorised device...
Right, and how are you going to do that then? By "accidentally" finding a valid MAC address?
Very easy. There are many free tools available that make it literally child's play to packet sniff the MAC address of a wireless client. It takes about 60 seconds to implement - I did it myself to prove to a "dangerous knowledge" neighbour that MAC filtering alone was no substitute for encryption. He got pissed when (with his prior approval) I cloned the address of his MacBook, looged into his Airport AP and applied encryption so he couldn't use it...!!!

GregE240

10,857 posts

268 months

[report]
[news]
Tuesday 20th October 2009
quotequote all
Right, but you're an expert. I've got MAC filtering and SSID hidden. I wouldn't use encryption.

Roop

6,012 posts

285 months

[report]
[news]
Tuesday 20th October 2009
quotequote all
GregE240 said:
Right, but you're an expert. I've got MAC filtering and SSID hidden. I wouldn't use encryption.
For the sake of 5 mins, I'd enable encryption (WPA2-AES if possible). It really is a no-brainer TBH.

Mr E

21,709 posts

260 months

[report]
[news]
Tuesday 20th October 2009
quotequote all
GregE240 said:
Right, but you're an expert. I've got MAC filtering and SSID hidden. I wouldn't use encryption.
I would. Just because your router won't give me an IP address because of the MAC filter doesn't mean I still can't capture all your unencrypted traffic for my various nefarious plans.

And I will sniff and clone a valid MAC that the router will allow in a couple minutes.

WPA on with a decent key is an absolute must unless you VPN everything.
Mac filtering is personal preference IMHO.

Edited by Mr E on Tuesday 20th October 16:57

GregE240

10,857 posts

268 months

[report]
[news]
Tuesday 20th October 2009
quotequote all
Mr E said:
GregE240 said:
Right, but you're an expert. I've got MAC filtering and SSID hidden. I wouldn't use encryption.
I would. Just because your router won't give me an IP address because of the MAC filter doesn't mean I still can't capture all your unencrypted traffic for my various nefarious plans.

And I will sniff and clone a valid MAC that the router will allow in a couple minutes.

WPA on with a decent key is an absolute must unless you VPN everything.
Mac filtering is personal preference IMHO.

Edited by Mr E on Tuesday 20th October 16:57
To be perfectly honest, given I'm on a 2 meg connection (sticks) with a monthly allowance of 110GB, fill your boots mate. Given the machines are rebooted nightly, if one of them couldn't get on due to an IP conflict, it would be less than 24 hours.

And if you can get a wi-fi signal through my 2' thick walls, you'll be licking the windows anyway! I can't get a connection in my bd kitchen, and thats next door to the bloody office where the router is.... :sigh:
Reply
OP Posts Only
OP Posts Only
Reply
OP Posts Only

Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff