cancel
Showing results for 
Search instead for 
Did you mean: 

Is there a way to prevent MAC Address Spoofing on ZoneDirector 3000

tristan_zaraspe
New Contributor II
We are using ZoneDirector 3000 in our environment and lately we noticed that one particular user which we blocked from the network (because user was hogging all the Internet bandwidth) keeps on re-joining the network but with different MAC Addresses.

The user joins the network by a generic username login that we gave our contractors to access the wifi system (AD authentication), so we really cannot Identify the person in our system because there are multiple users using the same generic account login.

We know that its the same user who is repeatedly logging on to the network because he left a unique host name on his device so we can identify it, although, we can see that the MAC Address is changing after several minutes the device was blocked.

Our Solution for now is to create individual accounts for the contractor so that we can easily identify the culprit rather than having them use a single generic account. However, it would be good to know if there is a way we mitigate such instances on the ZoneDirector? If not on the ZoneDirector level, are there any suggestions where to apply a block that can prevent this? Does anybody here experienced the same problem before?

And does anyone know how many MAC ACL entries can a ZoneDirector 3000 series cater?

Thanks guys
8 REPLIES 8

itdept_head_me
Contributor
Yes , I deal with this on a daily basis in China. (don't even talk to me about WIFI.com)


It is almost impossible unless you employ AAA Radius, which has a record of  all valid macs


we get round the 'contractor' problem by splitting out a contractor WIFI to a separate VLAN & SSID
Each contractor gets a separate pw.

They don't play nice, we can rate limit all contractors in a couple of min, or ban a specific one.
Rate limiting a separate SSID prevents it impacting our own users.

 storing the ACL in the  ZD is not always an option due to the stupidity that is "randomised macs"
on mobile devices, massive headache for management if in the ZD

Also finger printing is not reliable, win 7,8,9,10 & mobile all come as 1 print.
some android devices from China identify as apple or Android

Thanks for the inputs

monnat_systems
Valued Contributor II
ACL limit is actual on AP not on ZD.Limit is 128 per SSID.

Thanks for the information