This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Is there a way to prevent MAC Address Spoofing on ZoneDirector 3000

tristan_zaraspe
New Contributor II

‎03-15-2017 09:23 PM

We are using ZoneDirector 3000 in our environment and lately we noticed that one particular user which we blocked from the network (because user was hogging all the Internet bandwidth) keeps on re-joining the network but with different MAC Addresses.

The user joins the network by a generic username login that we gave our contractors to access the wifi system (AD authentication), so we really cannot Identify the person in our system because there are multiple users using the same generic account login.

We know that its the same user who is repeatedly logging on to the network because he left a unique host name on his device so we can identify it, although, we can see that the MAC Address is changing after several minutes the device was blocked.

Our Solution for now is to create individual accounts for the contractor so that we can easily identify the culprit rather than having them use a single generic account. However, it would be good to know if there is a way we mitigate such instances on the ZoneDirector? If not on the ZoneDirector level, are there any suggestions where to apply a block that can prevent this? Does anybody here experienced the same problem before?

And does anyone know how many MAC ACL entries can a ZoneDirector 3000 series cater?

Thanks guys
8 REPLIES 8

itdept_head_me
Contributor

‎03-15-2017 09:40 PM

Yes , I deal with this on a daily basis in China. (don't even talk to me about WIFI.com)


It is almost impossible unless you employ AAA Radius, which has a record of  all valid macs


we get round the 'contractor' problem by splitting out a contractor WIFI to a separate VLAN & SSID
Each contractor gets a separate pw.

They don't play nice, we can rate limit all contractors in a couple of min, or ban a specific one.
Rate limiting a separate SSID prevents it impacting our own users.

 storing the ACL in the  ZD is not always an option due to the stupidity that is "randomised macs"
on mobile devices, massive headache for management if in the ZD

Also finger printing is not reliable, win 7,8,9,10 & mobile all come as 1 print.
some android devices from China identify as apple or Android

tristan_zaraspe
New Contributor II
In response to itdept_head_me

‎03-15-2017 11:47 PM

Thanks for the inputs
0 Kudos

monnat_systems
Valued Contributor II

‎03-15-2017 10:00 PM

ACL limit is actual on AP not on ZD.Limit is 128 per SSID.
0 Kudos

tristan_zaraspe
New Contributor II
In response to monnat_systems

‎03-15-2017 10:05 PM

Thanks for the information
0 Kudos
Copyright © 2024 Khoros, LLC