DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
MAC Address Filter Limit Vigor 2860n
- nairnmonster
- Topic Author
- Offline
- New Member
Less
More
- Posts: 5
- Thank you received: 0
29 May 2020 16:04 #96260
by nairnmonster
MAC Address Filter Limit Vigor 2860n was created by nairnmonster
Hi,
I've looked on manuals and internet but can't find an answer. Why is MAC address filtering limited to 64 entries and is there a way to increase this?
Basically, I live in a area with a large number of houses around me. When I see someone has tried to access my either of my SSID's (One visable and one hidden) I black list their MAC address (Yes I know they can easily spoof another, but it's is just another layer of protection).
Basically, the list is getting quite full and need to start thinking about new ways to defend.
Any help or advise would be great.
Thanks as always
Steve
I've looked on manuals and internet but can't find an answer. Why is MAC address filtering limited to 64 entries and is there a way to increase this?
Basically, I live in a area with a large number of houses around me. When I see someone has tried to access my either of my SSID's (One visable and one hidden) I black list their MAC address (Yes I know they can easily spoof another, but it's is just another layer of protection).
Basically, the list is getting quite full and need to start thinking about new ways to defend.
Any help or advise would be great.
Thanks as always
Steve
Please Log in or Create an account to join the conversation.
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank you received: 0
30 May 2020 01:03 #96262
by hornbyp
I can't answer the 1st part and suspect the answer to the 2nd part is probably "no"
So is this a common occurrence? (I'm guessing we're talking about a student suburb - rather than 'normal' neighbours?)
Is your current strategy effective? ... do you think you've had (approaching ) 64 separate 'attackers' - or one attacker, who tried 64 times? - that might influence your next move...
...If it's just one, maybe you could setup a honeypot, that would let them connect in to a network that offers access to nothing at all:wink: ... then you could start to investigate them .
You could think about enabling the "Strict bind" option in "Bind IP to MAC", so they can't get a DHCP address (in concert with an 'unexpected' network address, such as a 10. or 172. range, so they can't guess at a static one).
Or you could move away from the simple "Shared Key" to an 802.1x implementation - but, obviously, this isn't trivial.
One simple solution, might be to re-position the Router so that its signal does not travel too far in unintended directions. (ISPs in particular, seem to like to boast about how 'powerful' their Wifi is - Personally, I thought it was highly undesirable when I discovered that a Virgin Media Super Hub was accessible 50m away!...)
(If necessary, you could lower the "TX" power on the 2860n - but this might reduce connectivity inside your house)
Replied by hornbyp on topic Re: MAC Address Filter Limit Vigor 2860n
nairnmonster wrote:
Why is MAC address filtering limited to 64 entries and is there a way to increase this?
I can't answer the 1st part and suspect the answer to the 2nd part is probably "no"
but he also wrote:
Basically, I live in a area with a large number of houses around me. When I see someone has tried to access my either of my SSID's (One visable and one hidden) I black list their MAC address (Yes I know they can easily spoof another, but it's is just another layer of protection).
Basically, the list is getting quite full and need to start thinking about new ways to defend.
So is this a common occurrence? (I'm guessing we're talking about a student suburb - rather than 'normal' neighbours?)
Is your current strategy effective? ... do you think you've had (approaching
...If it's just one, maybe you could setup a honeypot, that would let them connect in to a network that offers access to nothing at all
You could think about enabling the "Strict bind" option in "Bind IP to MAC", so they can't get a DHCP address (in concert with an 'unexpected' network address, such as a 10. or 172. range, so they can't guess at a static one).
Or you could move away from the simple "Shared Key" to an 802.1x implementation - but, obviously, this isn't trivial.
One simple solution, might be to re-position the Router so that its signal does not travel too far in unintended directions. (ISPs in particular, seem to like to boast about how 'powerful' their Wifi is - Personally, I thought it was highly undesirable when I discovered that a Virgin Media Super Hub was accessible 50m away!...)
(If necessary, you could lower the "TX" power on the 2860n - but this might reduce connectivity inside
Please Log in or Create an account to join the conversation.
- piste basher
- Offline
- Big Contributor
Less
More
- Posts: 1193
- Thank you received: 7
30 May 2020 10:52 #96263
by piste basher
Replied by piste basher on topic Re: MAC Address Filter Limit Vigor 2860n
Just out of interest how do you know when someone has tried to access your wifi? Are you using WLAN syslog?
Please Log in or Create an account to join the conversation.
- admin
- Offline
- Site Admin
Less
More
- Posts: 1723
- Thank you received: 0
08 Jun 2020 22:38 #96322
by admin
Forum Administrator
Replied by admin on topic Re: MAC Address Filter Limit Vigor 2860n
And tried to access...but presumably failed because they don't know your password...so why bother ?
Forum Administrator
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek