Friday, June 17, 2011

Connecting devices to WPA Airport Extreme base station without authentication - including guests

This isn't new, but it's new to me. I ran across it in my Airport Extreme menu
AirPort Utility 5.1 Help: Adding a wireless client to your 802.11n network
... If your base station supports it, and your network is password-protected using WPA Personal or WPA/WPA2 Personal, you can provide wireless clients access to your network without requiring them to enter the network password...
... Choose Add Wireless Clients from the Base Station menu...
This is different from the "guest network" base station configuration. The most obvious use is for visitors, but I assume it can be used for WPA devices that don't support password entry (do such exist?).

It works by creating a hole in network security -- a device is allowed on the network based on its MAC address without a password. This is spoofable of course, but I imagine you'd have to know the magic MAC address. Based on the article title it's 802.11n only.

Access can be limited to 24 hours, which makes sense for most uses. Easiest configuration is first device to try gets the privilege. If you don't use the 24 hour limit access is forever, unless you edit the Airport Access Control list.

No comments: