Tightening Up

Now that the basic link is operating, it's time to add some security. First step is to limit access to only those PC cards with a known MAC address. It's also possible to block the ESSID value from being broadcast, which again makes life more difficult for anybody wishing to take advantage of the network.

NetGear ME-102

Using the ap-atmel configuration program, connect to the access point and select Configure/Wireless and set the Insert ESSID in broadcast packets value to off. Then type in W to send the change to the access point.

Limit MAC address access by selecting Configure/Mac Auth and turn on Mac authorization and thence type in the MAC addresses for the client(s). When done, type W to write the data to the access point.

Finally, go to Commands/Upload to apply the changes to the access point operation.

LinkSys WAP-11 v2.2

Connect your web browser to the IP address of the access point, then click on the Advanced tab at the top of the page. Thence select the Filters tab. This page controls MAC address filtering. Click on the Enabled button, as well as the Only allow PCs with MAC listed below to access device Then type in all 12 hex digits of the MAC address of the card(s) allowed access. Finally, click the Apply button at the bottom of the page.

To disbale the ESSID transmission, now click on the Wireless tab. At the bottom of this page is the SSID Broadcast field. Click on the Disable button, and again click Apply to apply this change.


At this stage, only stations with known MAC addresses are allowed access, and there is no broadcast of the ESSID string from the access point.

It is also perhaps a good time to change the ESSID, now that it is no longer broadcast! And when you change it on the access point, also change it on the client.

To check that all is well, remove the wireless card from the client and re-insert it. Once again, the network should come to life, which can be verified by pinging the access point and/or the iwconfig program. If the network does not operate, verify that the MAC address on the access point acceptable list is correct, and that the ESSID strings are identical at both ends. They are case sensitive.

Sparks Flying
Getting Serious

Version: $Revision: 1.4 $; Updated at 15:47 EST on Tue Apr 11, 2006
Copyright (C) 2002 - 2006, Lindsay Harris