Description:

This article describes how to configure separate access keys for every member in a WiFi network on a LANCOM access point with LCOS LX by means of LEPS-MAC (LANCOM Enhanced Passphrase Security).

What is LEPS-MAC?
LEPS-MAC uses an additional column in the ACL (access-control list) to assign an individual passphrase consisting of any 8 to 63 ASCII characters to each MAC address. Authentication at the access point is only possible with the correct combination of passphrase and MAC address.

This combination makes the spoofing of the MAC addresses futile — and LEPS-MAC thus shuts out a potential attack on the ACL. If WPA2 is used for encryption, the MAC address can indeed be intercepted — but this method never transmits the passphrase over wireless. This greatly increases the difficulty of attacking the WLAN as the combination of MAC address and passphrase requires both to be known before an encryption can be negotiated.

LEPS-MAC can be used both locally in the device and centrally managed by a RADIUS server. LEPS-MAC works with all WLAN client adapters available on the market without any modification. Full compatibility to third-party products is assured as LEPS-MAC only involves configuration in the access point.

Compared to LEPS-U, the administrative overhead is slightly higher because the MAC address has to be entered for each device.

 On LANCOM Access Points with LCOS LX LEPS-MAC can only be used with WPA2.



Requirements:


Procedure:

1) Open the configuration of the access point in LANconfig, go to the menu Wireless-LAN → Stations/LEPS and set LEPS active to Yes.

2) Go to the menu Profiles.

3) Create a new profile and modify the following parameters:

  • Name: Enter a descriptive name fo the LEPS-MAC profile.
  • Network-Name: In the dropdownmenu select the existing WiFi network
  • Check MAC Address: In the dropdownmenu select the option Whitelist. Thereby WiFi access is only allowed for all members in the whitelist and access for all other devices is denied. 

4) Go to the menu Users.

5) Create a new user and modify the following parameters:

  • Name: Enter a descriptive name for the LEPS user.
  • Profile: In the dropdownmenu select the LEPS profile created in step 3
  • WPA-Passphrase: Optionally you can enter a WPA key (8 to 64 characters), which has to be entered on the WiFi device instead of the key entered in the configured WiFI network. Thus a separate WPA key can be assigned to each WiFi device. If the entry is left empty, the WPA key of the WiFi network is used.   
  • MAC-Address: Enter the MAC address of the WiFi device in the format 00:a0:57:12:34:56.

Repeat this step for additional WiFi devices if needed.

6) This concludes the configuration of LEPS-MAC. Write back the configuration into the access point.