Feature Request: MAC authentication in Cortex

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • smoothquark
    Automated Home Sr Member
    • Oct 2009
    • 69

    Feature Request: MAC authentication in Cortex

    Just a request, please. Currently Cortex supports authentication via IP address but not by MAC address. I am currently using my router to dish out IP addresses based on MAC, but it would be nice if I can skip this step and let Cortex authenticate using MAC addresses directly.
  • marcuslee
    Automated Home Ninja
    • Dec 2009
    • 279

    #2
    Originally posted by smoothquark View Post
    Just a request, please. Currently Cortex supports authentication via IP address but not by MAC address. I am currently using my router to dish out IP addresses based on MAC, but it would be nice if I can skip this step and let Cortex authenticate using MAC addresses directly.
    I don't think that would be possible for Cortex.

    I'm not versed in OS or Applications, however I am in networks. Looking at the OSI model with Application down to Physical layers, and how each operates (and each layer's dependency and interaction with the other layers), I would assume Cortex would operate at the Application layer.

    I would assume MAC Address to IP address operate Layer 2 <> Layer 3 in the model, in this case Windows, the OS, would handle the ARP table (MAC address to IP address table, from the command line arp -? if you're not already aware).

    Therefore I would assume Cortex is out of the equation when it comes to trying to facilitate something like what I think you're requesting.

    -- But then again I could be wrong as I have no idea about API calls, HAL layer etc, with how apps can query/manipulate, query etc stuff from Windows (from the little I'd read in the past, it struck me as pretty complex, and there are indeed all sorts of shortcuts, which seemed to be available, such as DirectX I think, which seemed to suggest that maybe something is there).

    But if it was true to the model, one would assume it can't, and therefore I was curious about whether Windows might have any Layer2 features (vs Layer3 features which Windows Firewalls operates at, ie IP address layer).

    Not looked conclusively there, but I think that would be the only place where you might be able to get something along what you're suggesting I would guess ie some sort of Windows OS manipulation where it you only have a static ARP table that the OS uses, and disable normal ARP table operation (where it learns IP to MAC addresses dynamically and as needed).



    Assuming it's not possible to manually manipulate Windows's ARP table, I'm not sure if there is any better way to what you're trying to achieve, Router to check the incoming MAC address and allocate a reserved IP address. And then Windows Firewall/Cortex to disallow connection from all IP addresses except these reserved IP addresses.

    The alternative is a higher end switch which can implement Layer 2 Access Lists (VACLs), or possibly 802.1x authentication clients where during the authentication process the clients get allocated to different VLANs. Either that or VPN clients directly on clients, whereby all clients get generic IP addreses, but then the privileged clients then have a VPN client which VPNs into a inner trusted domain (eg IP addresses), of which Cortex PC would live in.

    Comment

    Working...
    X