x
Your opinion in 1 minute.
Help us improve by answering 4 quick questions.
Take Survey Now
18.222.10.9
18.222.10.9
Start Thread
Can't find what you're searching for? Start Thread
WaveSPAN
‎06-05-2023 02:10 PM

Random MAC Address

Setting up firewall to secure large network that will handle traffic for square terminals owned by vendors coming on site. On Square's Troubleshooting Terminal page  https://squareup.com/help/us/en/article/6537-square-terminal-troubleshooting

They list every thing a network admin would need to know about Square terminals connections and ports. I found the MAC OUI Base 44:59:25 which I was going to use to assign a certain IP range and classify traffic.

Using our test terminal I found it uses a random MAC address which makes using MAC based Auth and assigning certain IP's useless. 

 

Is there a way to disable random MAC on Square terminals ?

0 Likes
673 Views
Message 1 of 6
Report
5 REPLIES 5
Donnie-M
Super Seller
‎06-06-2023 02:00 PM

@WaveSPAN I only know to find the mac address in the general settings under about, but I haven't paid attention to see if this is a truly randomized mac address or just the one assigned to the terminal.  

 

I am thinking though that you are inviting a ton of network administration with vendors to keep a super secure network.  Have you thought about just setting up a guest network that is separate from your company network?  A walled garden so to speak, where all of the vendor terminals can access the internet separately? The real security of a terminal is the encryption between it and square servers and not necessarily your network.

Donnie
Multi-Unit Manager
Order Up Cafe/Tombras Cafe/Riverview Cafe/City County Cafe
Roddy Vending Company, Inc.
www.OrderUpCafe.com

Using Square since July, 2017
Square Super Seller
Square Beta Team

"Good judgment comes from experience, and experience comes from bad judgment."

"You can have everything in life you want, if you will just help other people get what they want." Z.Z.
Do you want to have great restaurant menus that are easy to edit and don't cost a fortune? I use MustHaveMenus and you can too!
MustHaveMenus
0 Likes
612 Views
Message 2 of 6
Report
WaveSPAN
‎06-07-2023 05:06 AM

In response to Donnie-M

This is a separate network only for Square and Clover Terminals. Problem is we have a WPA2 Password that has to be entered by us to keep users from using this network for anything other than CC Terminals in the case the WPA2 Password got out we are securing it further by MAC address, Firewall Rules and Bandwidth Shaping. Having a MAC address that randomly changes is not very helpful.

0 Likes
601 Views
Message 3 of 6
Report
Donnie-M
Super Seller
‎06-07-2023 06:22 AM

In response to WaveSPAN

@WaveSPAN IT might be easier to follow the whitelisting for the networks for square communications to prevent the network from even being functional outside of payment processing.  Another could be changing the password periodically to eliminate the sharing much like a hotel/campground.  What specifically are you trying to prevent happening on the guest network?

 

I am just trying to figure out a way to accomplish what you are wanting in a different way.  I am also thinking about what level of security you are trying to go for versus what is acceptable.

Donnie
Multi-Unit Manager
Order Up Cafe/Tombras Cafe/Riverview Cafe/City County Cafe
Roddy Vending Company, Inc.
www.OrderUpCafe.com

Using Square since July, 2017
Square Super Seller
Square Beta Team

"Good judgment comes from experience, and experience comes from bad judgment."

"You can have everything in life you want, if you will just help other people get what they want." Z.Z.
Do you want to have great restaurant menus that are easy to edit and don't cost a fortune? I use MustHaveMenus and you can too!
MustHaveMenus
0 Likes
596 Views
Message 4 of 6
Report
WaveSPAN
‎06-11-2023 05:20 AM

In response to Donnie-M

We have a separate network that is just like a hotel network, open but brings up a splash page to login. Obviously this is not a option for CC Terminals so another SSID was created just for CC Terminals with minimal bandwidth and the hopes of using the mac address as an authenticator then the WPA2 password really wouldn't matter if it was shared. Using the whitelisting option would help to lock it down a bit more. I would be hesitant on even trusting the information Square supplied since the MAC OUI doesn't hold true.

 

Most vendors assume there going to use cellular service with there own hotspot instead of paying us for WiFi. Then it turns into a scramble to add all these terminals to the WiFi when they realize the carriers cant support 200k patrons and there cellular service doesn't work.

 

It all comes down to limitations on not being able to authenticate CC Terminals of any brand using Radius or now MAC address.

0 Likes
586 Views
Message 5 of 6
Report
Donnie-M
Super Seller
‎06-12-2023 10:14 AM

In response to WaveSPAN

@WaveSPAN Understand better now, this is a scale issue that isn't just a large group but a very large group and you are correct about cell provider density issues.  I'll see if I can come across any other ideas.

 

My gut reaction would be to just change the password each day/week/event and blacklist all the important domains like amazonia, fb, yahooooo, etc. so that it wouldn't be used for say utube vids etc.  This should keep it plenty  locked  down and would be easier in some ways.

Donnie
Multi-Unit Manager
Order Up Cafe/Tombras Cafe/Riverview Cafe/City County Cafe
Roddy Vending Company, Inc.
www.OrderUpCafe.com

Using Square since July, 2017
Square Super Seller
Square Beta Team

"Good judgment comes from experience, and experience comes from bad judgment."

"You can have everything in life you want, if you will just help other people get what they want." Z.Z.
Do you want to have great restaurant menus that are easy to edit and don't cost a fortune? I use MustHaveMenus and you can too!
MustHaveMenus
0 Likes
581 Views
Message 6 of 6
Report
Anonymous
Anonymous

Seller Community

Square Products

Resources

More

© 2022 Square, Inc.