Securing Ruckus Wireless by allowing and restricting Mac address with Ruckus Zone Director

Why control wireless access based on MAC Address?

MAC addresses filtering is a good practice for managing access control for a wireless network. It lists down a set of allowed devices that you have added on your Wi-Fi. This method helps in preventing unauthorized access to the system.

In a way, we can think of it as whitelisting and blacklisting of computers based on their MAC address rather than the public IP address. We can configure in a way that allows only connection from selected devices added into the approved list. The allowed list of records will provide greater security because the router will only grant access to the selected approved devices.

As Entrust Network provides IT Maintenance and helpdesk support to a Children Home, we were contracted to set up a secure Wi-Fi solution for the Children Home. Under the guideline from the ministry of social and family development (MSF), Entrust Network setup 10 Ruckus R300 for the home with a ZoneDirector 1200D to provide internet access for the residents in the home. With the ZD1200 wireless controller, we can manage the wireless network remotely. After the implementation, we were requested to set up MAC Address filtering so that the staff can control who has access to the Wi-Fi in the children’s home.

Is MAC Address filtering secure?

MAC Address filtering is unable to protect the wireless network against experience hackers as MAC Address can be spoofed, and the unauthorized device can gain access as an allowed user to the wireless network. Nevertheless, Mac address filtering is still an effective access control measure to protect the wireless network from intruders.

 

On Ruckus ZoneDirector, click on Configure > WLANs

Click Create New to create your WLAN

 

Type in an SSID Name, at Encryption Options, select WPA2, and type in a Passphrase

Expand the Advanced Options, at Access Control > L2/MAC, click on Create New

 

Type in a name and enter the MAC Addresses that you want to allow and click OK

 

If you need to add or delete any MAC Addresses, on your Ruckus ZoneDirector, click on Configure > Access Control

At Access Control, you will need to expand the section L2-L7 Access Control

 

At L2/MAC Access Control, you can add or delete your current WLAN by clicking Edit or you can create a new WLAN by clicking Create New.

We will be adding a new Mac Address into the current WLAN called Test. To add the Mac Address, click on Edit

 

On the MAC Address text box, type in your MAC Address and click Create New.

Once created, check to see if the MAC Address is there. After you are done verifying, click on OK.

Go to the device of the MAC Address that was just added and connect to the WLAN.

To delete a MAC Address in the list, simply locate the MAC Address and click delete. After deleting, click on OK.

Contributed by Roger Tham.

Roger is a helpdesk engineer and passionate in Computer Networking and Cyber-security