Configuring MAC Filtering on Your Router

Configuring MAC Filtering on Your Router

MAC Filtering allows you to manage a list of devices that may access the network. Any non-listed device will be blocked from connecting.

MAC address filtering is a highly-effective means of protecting networks. Like a nightclub bouncer, it acts like a check list: If a device’s MAC address appears on it, then they gain entry; otherwise they remain out.

Allow/Deny

If you want to stop certain devices from connecting to the network, MAC filtering can be an effective solution. Simply create a list of allowed MAC addresses, and the appliance will only permit devices from this list access the network. Moreover, for added protection from unwanted accessing of other MAC addresses from being taken from this list by third-parties, enable it so it doesn’t store any details regarding which devices have been added and then set the filter not to store information about these MAC addresses in its database.

To configure the MAC Filter, navigate to the Security Settings section of your administration interface and click on the Configure MAC Filtering link. To activate MAC Filtering, click “Enable,” while within the MAC Filter dialog box select either LAN MAC Filter or WLAN MAC Filter and either enable or disable for specific networks as necessary.

LAN MAC Filters enable only specific MAC addresses to access the network while blocking all other MAC addresses from doing so. When used for DHCP reservations or automatic user login, their respective MAC addresses do not form part of this filter. To add or remove a MAC address from this filter use “Add/Delete.

The WLAN MAC Filter allows you to specify which wireless clients will gain or deny access to the wireless network. Without it, anyone who knows its SSID could join it and view its contents; but with MAC Filtering enabled on SonicOS appliances this problem is mitigated by requiring wireless clients to authenticate themselves by providing their MAC address as part of authentication procedures.

However, you should remember that MAC Filtering is only part of the solution to wireless security. A skilled hacker could change their MAC address, bypass MAC Filtering and gain access to your wireless network if your password for Wi-Fi connection is weak; even without encryption enabled they could easily breach it and gain entry. For the best security of wireless networks it is wise to utilize strong passwords with WPA2 encryption enabled to ensure privacy and safety for sensitive data stored therein.

Whitelist

MAC Filtering uses each device’s MAC address as a unique identifier to restrict access to its wireless network, creating “whitelist” of approved devices and “blacklist” of disallowed ones. When devices attempt to connect, routers compare the MAC address against this list and allow or deny their connections accordingly. If any device doesn’t fit, connection attempts are denied by default.

Implementing MAC Filtering is straightforward. First, locate and click the option within your router’s web interface; this will open a page allowing you to configure filter settings. Next, choose either “Block” or “Whitelist” mode; “Whitelist” allows only devices listed within it to access your network; all others will be blocked while “Block” prevents all devices from connecting at all, even if they try using Internet access; this provides maximum protection.

To implement MAC Filtering, choose “Whitelist” and enter all MAC addresses of devices you would like allowed onto the network. After creating this list, click Save/Apply Changes in order to save or implement them.

Add descriptions for every device included on the list, which can be especially helpful if you have multiple lists and must keep track of each purpose for each. For instance, Nintendo systems that are allowed on Wi-Fi might need different restrictions than family computers which need to be limited during specific hours each day.

MAC Filtering’s primary advantage lies in WiFi protection: it prevents unapproved users from taking advantage of your bandwidth without your permission. However, this should not be relied upon as the only security measure; open networks allow hackers to easily sniff the air for whitelisted device MAC addresses to gain entry to networks by using simple tools to fake them out and gain entry.

Blacklist

Once enabled on your router, only devices with MAC addresses that appear in the whitelist will be permitted to connect to it – protecting against illegal downloads, bandwidth usage and DDoS attacks while providing control over which devices use wireless internet in your home or office.

Computers all contain a MAC address which identifies them uniquely, usually assigned by their network interface controller or network card. A MAC address usually belongs to one PC but may also be assigned to virtualization software or Ethernet cards.

Your router can use a MAC address filter to either allow or deny specific MAC addresses from connecting to your business’s network, providing effective security measures against those seeking to gain access to sensitive information or resources. However, this method is far from foolproof, as experienced hackers are likely able to get around it by forging fake MAC addresses; moreover, managing such complex systems adds extra complexity while giving false assurance of safety.

To configure a MAC filter on your router’s web-based configuration interface, visit its Advanced tab and click MAC Filtering, followed by either Whitelist or Blacklist mode from its Filtering list. When creating a whitelist entry you will enter each device you would like to allow on your network and provide a brief description whereas when creating a blacklist entry all devices that would block access should be entered and added as separate entries to this list.

Once complete, save and activate MAC filtering to only permit devices that you have whitelisted from connecting to your WiFi network and accessing internet resources – this way you can prevent children from browsing the web or playing online games while you work or study.

As important as MAC address filtering is, it should not replace basic security measures like WPA2-encrypted passwords. If your aim is to protect the entire network with maximum protection, combine MAC address filtering with additional strategies such as strong passwords and firewalls.

Logging

If correctly configured, MAC filtering protects you against freeloaders who try to hog WiFi network bandwidth, as well as cybercriminals who might use your WiFi network as an entryway into your devices and computers.

MAC filters enable you to restrict access to your Wi-Fi network for certain device MAC addresses. You can enable MAC filtering from the security configuration page in the WLC web interface; depending on your needs, you can limit access to either just the WAN port or both ports.

Create a local database on the controller with MAC addresses you wish to allow or deny by clicking New in the MAC Filtering tab of the security section of the GUI and entering client MAC address/profile name combination into Filter Entry window of controller GUI. When wireless clients attempt to join WLAN, WLC checks their MAC against its local database and either permits or denies access based on whether or not their address exists in it.

This feature works when setting up MAC filtering with Layer 2 security enabled and AAA override checked in the advanced settings of your WLAN configuration. Unfortunately, it will not function on guest WLANs or VLANs.

To disable MAC filtering, the following command can be used:

The MAC address is an unique identifier for each physical interface adapter on your system, which serves to identify and communicate with other network hardware such as devices and servers on a local or wide area network (LAN/WAN). However, unlike IP addresses that can be changed through software changes, MAC addresses cannot be reused after replacing an adapter or updating either operating system software or firmware on the computer.

MAC filtering is an essential security measure, yet not foolproof. While its implementation is straightforward and user-friendly, its effectiveness may be defeated by changing your network adapter’s MAC address or by employing other forms of protection such as firewalls or strong password protection.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.