[TriLUG] selecting one wap from many: MAC addresses of waps

Joseph Mack NA3T jmack at wm7d.net
Sun Jul 27 15:24:13 EDT 2008 

I have a bunch of waps around the house, with the same SSID. 
All of them are in range from where I sit with my computers. 
To test the waps, I can stand next to each one in turn and 
attempt to connect, or I can power them up one at a time. 
This is getting a bit old, so I thought that I should be 
able to run iptables rules on a laptop which allow it to 
connect to only one wap at a time, allowing me to test the 
waps in a loop.

I thought that when the association is established between 
the laptop and the WAP that packets would have to be 
exchanged between the laptop and the wap and I could filter 
on the MAC address of the wap eg

iptables -A INPUT -m -mac --mac-source $wap_mac -j ACCEPT
iptables -A INPUT -j DROP

however this didn't work. No matter what I used for the MAC 
address, I could still get an association and an IP from the 
dhcp server on the other side of the wap. I could even 
associate with the wap and get an IP from the dhcp server 
with this pair of rules on the laptop

iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP

which was a bit of a surprise (I expected this would shut 
the machine down totally at least network wise). To check 
that I hadn't done anything crazy, I found I couldn't ping 
the dhcp server, indicating that these rules were working. 
Pings started to come through after I cleared these rules 
with `iptables -F`.

Looking with tcpdump at the packets between the dhcp server 
and the laptop, I find that the MAC address on the other end 
is that of the dhcp server and not that of the wap. On 
further thinking, I realised that a wap is a bridge and 
won't change the MAC address. I then started to figure that 
filtering on MAC addresses of the wap mightn't get me 
anywhere.

It would appear then that the establishment of the wifi 
connection and exchange of keys is not done at layer 2 (the 
MAC address layer anyhow). It all must be done at RF (layer 
1?).

Anyone know if this is right?

Anyone have any ideas on how to selectively associate with 
one wap and not any others?

Thanks Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

More information about the TriLUG mailing list