Blocking users.

Hello there,

i'm in a LAN network with around 6 other ppl,the router and switch are under my control..

I have network majic installed on my laptop and sometimes i find users who aren't supposed to be in the network,computer names other than those of the other 6 ppl in the network,so i was wondering,is there a way for me to block these users?

Thanks in advance

 

assign a WPA key and make stations that arent recognised unable to access the router using known MAC address's.....

 

Ok maybe you should know that i know Nothing about networking and how routers work and so on lol

So if you can explain better that wud be great

 

could you please supply the brand and model of the router please mate. Thanks

 

You will need to login to the router's admin page, using a wired connection. All setup should always be done with wired. Make sure you change the def admin password. Under the wireless section you should have security. You want to select WPA(2) Personal AES. enter a strong random generated key. I like using www.grc.com password key generator. Copy a all printable chr string to a notepad doc and save it to a USB pin drive. Now you need to use a min of 20 chr long, longer it is the more secure it will be to hackers. Save the settings Change the SSID to something other than default. Save your settings. This change alone will prevent users with out the key from connection via wireless. Now there is a section that gives you access control based on MAC Address. So while everyone is connected write down the MAC address of users you allow, make sure you get your pc's wired and wireless MAC address into the list. Now under the access control start with our wired MAC, then start adding the MAC address of person you allow. Soon as you save the settings all non allowed users will be bumped off. Now you will need to go to users that are allowed to connect wirelessly and scan for networks and select your SSID, when prompted copy the key from the USB Pin drive into the field when prompted. Save settings they should connect. You will need to do this with all users. Once you have every one in, you can now elect to hide the SSID if you like. Has nothing to do with security but will keep the free loader from seeing it and attempting to connect. You can hide this during your initial setup but you will have to do a manual setup on every pc. DON'T Give out the KEY. Only you should have it to control access. The reason for the usb key. Once you have a station setup, do another copy and cmd to flush it form notepad. Don't use Word because it remembers alot of stuff, use only the simple notepad.

 

The router is speedtouch,500 series.

 

Thanks blue for the detailed answer,and i apologize if i wasn't clear from the begining,this is a wired network,not wireless,so i'm sorry if i got you to write down a bunch of instructions for a wireless network..

Most prolly i'm mistaken,but the MAC adresses are the ip addresses within the network,like 10.0.0....??
Or am i mistaken?

 

All you can do with wired is MAC filtering. MAC address are hex chr (12 chr) like A1C2EFG3A2C4 . Networks use these ID to move data. You should be able to find these under the dhcp log that the router keeps.

 

Ok i typed the router's ip in my explorer(which i assume where i shud be looking 4 the MAC address) and i looked under dhcp but i can't seem to find the hex chr address..am i looking in the wrong place?

 

hey stranger

try logging onto your router from a hard wired connection

i'm not familir w/ your router, but somewhere it should show the the computers connected to the router and most likely their mac address as blue pointed out. it should be fairly easy to id the pc's connected to the router
since it's not wireless, you don't have to worry as much about hitchhikers on your net

after you get going a bit more, you'll ditch network magic, it's good for beginners, but......

 

lol hola seniorita Ann

It's nice of you not to ignore my need 4 help on here too lol

But as you said, network magic is for beginners, so i'm a beginner, so i don't really know much about networks, or have any idea what a hard wired connection is lol

ok here's a snapshot of the router's page,hope you can help me out and tell me where shud i be looking lol

thanks 4 replying

http://img110.imageshack.us/img110/9612/routerbasicii3.jpg

http://img292.imageshack.us/img292/2854/routeradvancedxb0.jpg

 

From the pic look under basic connections -> LAN (wired connections, this is the cable connection from your pc). It could also be under the advanced -> IP address, routing, DHCP and may be under system.

MAC Filtering is the same as Access Control.

And they said this was going to be easy. Only if ALL mfg used the same terminalolgy.

 

All right this is what i found under Advanced -> DHCP

Is "Client ID" the MAC address?

http://img166.imageshack.us/img166/2659/dhcpmj7.jpg

 

That's what is currently connected. You will need that info to setup the filtering, so print the page for reference. It contain the MAC Address (clinet ID's) needed. Which tab are you under DHCP Clinet, Leases, ....

You should now find a section that you enter the Access control table. Some give you an option to allow or block.

 

I'm under leases,and leases is under DHCP client.

How can i filter the addresses then?

 

There should be a section that you can enter them. Keep looking. Most of the time it's blank till you enter something to start the table.

 

i can't seem to find any section that has to do with filtering/blocking...What should it be called??

 

In your router it may be called ACL (Access Control List), user management. Local network devices maybe.

 

ermm ok i dunno if the problem is in me or what exactly...
Or maybe i'm looking in the wrong place?
I can't seem to find any of the stuff u're saying...this is what i do,in firefox i type the router's ip..then i get the page that i posted a screenshot for earlier..
Am i in the right place?if yes,is there any other way to block MAC addresses cause i can't seem to find anything related to that in the page.

Btw i appreciate ur patience Thanks.

 

You in the right place, but it's hard to believe your router does not support it. The very first routers ever released before 11b wireless had this feature. Maybe worth a shot sending the mfg tech support or your ISP if they provided the router and find out if it's supported. You could restrict the DHCP range to just the number you need. Another option would be to do a static setup for all users. Changing the subnet so users that had previous connected settings would not work.

 

Maybe i should just get rid of the router lol

how can i do a static setup for all users?

 

To do a static setup you will need the DNS info form the isp/wan settings or from your current connection. You need to turn off DHCP, this prevents anyone who plugs into from getting the connection info. Then in the same section were your DHCP range is 10.0.0.1-100 (example). Here is where you change the Gatway subnet to something like 10.0.230.1, this is the new gateway. It will now reboot for the new subnet. You will need to do a disable then enable on your pc, then reconnect using the new gateway. The router is now setup for static. You now need to configure the pc/workstations. Where your current settings are you (port properties) select Internet protcol (TCP/IP) then properties. Then tell it to use the following IP address. IP (10.0.230.100), Sub 255.255..255.0, then 10.0.230.1 (gateway). Now configure the DNS servers the same way with the DNS info. It should now work in a static config. You will need to do this to all of your users. Now if any of the users get this info they can connect. But just plugging in it will not work.

 

ugh,that's a lot to do lol

but problem is,if anyone gets the info they can log in,what if one of the users already connected gives the info to someone

The problem now is that i'm doubting one of the ppl connected already supplied other ppl with wires,can't tell who it is though,so if he already did that,then he can easily give others the info as well...

 

Thats the problem if you can not filter. The MAC Address can be spoofed too, but your network will crash if 2 with the same MAC is on at the same time.

You best option may be to replace the router with one that supports mac filtering. I would suggest you move to a SMB class router, like the Netgear FVS-338. This is a 8 port VPN router that comes with a 5 user liesen. So users could connect from home or on the road if needed. I use my vpn when I'm away from home. Also supports VLAN, so you can have users isolated if needed. You could put your people in 1 group, then everyone else in a different group with no www access, see if they like that. The business class routers give you all kind of users control option. You can even group users together and control access by time and even block all www access if needed, still allowing users to share data and printers.

Most all of my network equipment fall in the SMB class. A lot heaver duty than residential routers, made to be hammered 24/7 with no problems.

 

alright will check one out

thanks alot for your help though,you've been really patient with me lol,thanks 4 that

 

His router does support it, as it's an international standard since 1998. Setup a WPA key which can be encrypted many diffrent ways or just set up the MAC addresses and let them connect that way, or if you can't figure that out Ban the MAC Addresses that are connecting to your router.

Wow I'm CCNA certified and never have glanced at this section on the forum maybe I'll look around a bit more.

 

His router is not wireless nor mine.

 

Well Amped24 if you think my router supports that,be my guest and tell me how to ban or filter MAC addresses lol,there are attatchments of my router's page on the 2nd page,post #11

But i can't seem to find any part where i can ban certain MAC addresses, but ofcourse, will be great if you can help

 

If his router isn't wireless then how are unauthorized people getting onto his internet without physically connect the ethernet cable to the switch or router? Sorry I must have misunderstood. Please clerify for me so I can help you more.

 

well yeh my router isn't wireless,and the problem is i think one of the people in the network with me is supplying cables to the unauthorized ppl,but i can't find out who it is exactly.

 

moby,
hi again
what do you mean he is supplying cables? I know ur english is not the best, but this is confusing for us at times as well.......

and bule, i'm not sure he understands all the technical stuff you throw at him- he has said he is a beginner and it's difficult for him to understand all this-you are so knowledgable yo almost confuse me at times......

 

lol ann

well here's the thing,i'm in a network,with 6 others,the switch is at my place,now i THINK,one of the 6 ppl in the network owns another switch,and is connecting his cable to that switch and in turn connecting other ppl to that switch,hope my simple english made it clearer this time lol

And yeah as ann says,i'm a beginner,blue has been really helpful though,but true,some of the stuff he's saying is new to me

 

Just limit all the port speeds but the one you're on

 

lol, ur not helping by not explaining.......

 

Well it's not really a good option especially if the other 6 people need a specific amount of bandwidth I was just trying to lighten up the mood. You could buy a cheap cisco switch off ebay and i'll make the config for you so it'll have a good ACL and only allow those 6 that are suppose to be on the network connect. They're probably around ~20ish dollars.

 

did you happen to notice he's from Egypt??? I don' think ebay ships there

did you read the infor on his router? his choices/options are VERY, VERY limited....

 

lol ebay doesn't cover egypt :-O?? i never knew that

switches and routers are not that expensive here,so i don't need to buy it off ebay anyways,but before i go on buying anything,can you please explain what do i need that is not available in my current router?

nice pic btw Ann

 

ermm for some reason my msg was duplicated,sorry about that...

 

You need a router/switch that supports MAC Filtering and/or bandwidth control. MAC Filtering will allow you to restrict users based on the ports MAC Address. Every piece of hardware that connects to a lan has a MAC Address that unique to its self. ONLY 1 MAC address is allowed. So if some one trys to spoof one it will kill the network. This will happen very quickly so you will be able to find the non authorized user. Most routers have the option to send email alerts too. So if a problem accours you will be notified.

Now the more expensive manged switches and routers also have the capability of VLAN, and bandwidth control. VLAN will allow you to group the people you want access together, and let all others go into a group that will prevent internet access if you like. Network Printers can also be added in with your group in turn restricting access. This one, if your the one budgeting for supplies, you will have more control on who is actually using it. This can be a big cost saver if a color laser.

Bandwidth control can be used to make sure all users have the same so no one can hog all of it. Basicly its a QoS flow control feature, but only higher end switches have it.

 

Alright thanks alot blue68f100

Do you recommend a certain brand or model?I guess i don't really need the VLAN feature so a router that supports MAC flitering will do for now.

Another question sorry, is there any software or any way that i can find out how much bandwidth each user is using?
I always assume that the bandwidth is divided equally between users,but if i'm wrong, is there a way to find out how much each person in the network use?

 

My Netgear FVS338 8 port VPN router supports the MAC Filtering and Bandwidth control. Like I said earlier this router is design for Small to medium Business use and has a lot of tools needed for businesses. It comes with 5 user Liesen VPN Client software. This is for users away from the home to connect to your existing network, and have full secure connections.

If you are considering a router, down load the Manual so you can see it it will actually meet your needs.

Netgear has 2 other models, the FVS328 model is a smaller more residential VPN router. The FVS538 is design for dual ISP for load balancing or rollover.
Here is the help from my router:

Have not used this feature or have I checked to see it if supports just individual user use. It does track your bandwidth usage as a whole. Incoming and outgoing.

From all of the info you have passed along this router would suit your needs. I would create a lan group for your users giving full access and bandwidth control if needed. Have the def group have NO Access to the www. So any one just connecting will not have internet. You could also force the group to a VLAN, doing this all of your computer will be transparent. Another layer of security. So if you have 2 groups sharing the same network you can have total isolation for up to 10 groups if needed. VLAN is like have multiple switches with every one connecting to their own switch. It just does not through firmware.

 

Ok thanks a lot blue, that was really helpful, i'll go looking for one soon

but till then, is there a way to know how much bandwidth each user is consuming?

 

Not that I know of, without running everyone through a proxy server. There is software for controlling bandwidth that installs on each pc. Normally if you want that feature you have to go with managed switch or through a proxy. May ask that question on another thread. You ISP may be able to give you your total, but in most cases you are subscribed for a specific speed. So individual will not be in the total.

 

Alright,thanks alot blue