Setting Up a MAC Filter

by blksheep

137K3113

Intro: Setting Up a MAC Filter

This instructable shows you how to setup a secure wireless network using a MAC address filter. I have never had any security problems, and it appears as an unsecured wireless network, which means you can bump off an inconsiderate roommate or neighbor who are leaching off of your wireless without getting nasty looks. ::wink::wink::

NOTE: My router is a Linksys, so if you have a different brand, some of the settings will be in different places.

IMPORTANT: One time as I was doing this, I accidentally locked my own computer out of the router. If this happens, don't panic. All you need to do is connect your computer directly to the router using a cable and change the settings. The MAC security lock will only keep computers off of the wireless function, so you won't permanently lock yourself out.

STEP 1: Wireless MAC Filter

First, have all the computers you want to access the wireless feature turned on and connected to the network. You can add others later on, but I like to do them all at once

Next, access your router's settings. The standard Linksys address is 192.168.1.1. If you don't have a Linksys router and don't know the address, you can probably find it online.

Go to the WIRELESS tab, and access the WIRELESS MAC FILTER panel. Select ENABLE and then PERMIT ONLY. Don't save settings yet. Click the EDIT MAC FILTER LIST button.

STEP 2: MAC Address Filter List

This MAC ADDRESS FILTER LIST window will come up. As you can see, mine already has some MAC addresses in it, your's will be blank. Click the WIRELESS CLIENT MAC LIST button.

STEP 3: Adding Computers

A window should appear with a list that shows each computer's name, IP address, and MAC address. Click on the radio buttons of the computers you want to access the wireless network, then hit the UPDATE FILTER LIST button.

STEP 4: Save Settings

You will see the MAC ADDRESS FILTER LIST window has been updated with the MAC addresses of the computers you want to access the wireless network. Hit the SAVE SETTINGS button.

Double check that the radio buttons are set to ENABLE and PERMIT ONLY and then hit the other SAVE SETTINGS button.

STEP 5: What the MAC Filter Does...

Every wireless network adapter has a MAC Address imprinted after it is produced. The router reads the MAC address when a wireless device tries to access it. If the MAC address doesn't match what's on the list, no connection is possible.

This security isn't perfect. MAC Addresses are burned into the wireless client's hardware, but some allow for soft-changes to impersonate other addresses. I've seen websites that claim MAC filters are easy to get around with the right equipment and know-how. I've never had a problem, but if security is really important to you, you can combine this with other security measures.

The benefit of NOT adding other security is that your wireless connection appears as unsecured, which is nice if you want to boot a leech in a clandestine manner. As long as the leech isn't familiar with MAC address hacking, you'll probably be fine.

For more info check out Wikipedia, it has a good article on MAC Addresses. Also check this out to see the weaknesses of MAC filters.

13 Comments

AlexB247 8 years ago

you can find more information about a media access control address on the website http://wlan-wifi.com/mac-address

WajeehU 8 years ago

How can we reserve an IP for a particular MAC address?

ugbor.nnenna 9 years ago

Thanks a bunch, it was of great help

DBLinuxLover 15 years ago

Good job. But you should really update your firmware to DD-WRT. Much more customizable.

wrestler 103 16 years ago

awesome Instructable, i am getting a router soon, so this helps alot!! +1 rating from me!

brandon borick 16 years ago

i just got done putting in about a thousend of these in yosmite

uguy 16 years ago

huh?

iritegood 16 years ago

MAC filtering, as tradergordo had said, is basically useless. You can (and I have) get pass MAC filtering by simply grabbing a few packets and spoofing your MAC address. It doesn't take much time and with tools found on the internet, any idiot could do it. It adds more hassle to your network than security. WPA encryption would be enough for any home network. Even WEP cracking takes longer than getting pass MAC filtering.

tradergordo 16 years ago

Maybe I read too fast, but I don't think you made it very clear that you are only using MAC filtering to BAN certain mac addresses on an as needed basis if and when someone is abusing your connection, but leaving the connection open/free to anyone else. I guess that makes sense for some people. Most people that I know use MAC filtering to only ALLOW certain MAC addresses to connect to thier network - which is just plain stupid as it makes no sense to try to make your network appear unsecured if in fact you want to secure it (with a lousy, easy to defeat, method of MAC address filtering).

blksheep 16 years ago

The method I showed is to only allow certain computers to use the network. I think when I said that it was a way to keep a roommate or neighbor off of the network, it made it sound as if it was to block those people specifically. The actual settings of this instructable however are only to PERMIT certain computers. I should probably clear that up in the steps. As I said in the write-up I know this isn't bulletproof, but it has worked for me for a long time with no problems. Also, for me it did "make sense" to make the network seem unsecure. I lived in a dorm-like situation while working on a job, and everyone started leeching off of my wireless, even though they had plug-in connections in their rooms. If I had secured it and people could see that I was intentionally blocking them out, they all would have been asking to get on the network. Doing it this way stopped all the leeching. Only one person figured out that I had put a block on, and in exchange for his silence, I let him on.

tradergordo 16 years ago

Oh, in that case, I guess I just don't get it. You can use encryption, which is actually intended for this purpose and not as easily defeated, while still broadcasting your SSID so people know your network exists. Your solution really doesn't make any sense to me.

If you only want to allow certain specific users, use a strong encryption instead. Just because you haven't had problems doesn't mean you WON'T. The "wrong person" could be on your network within a couple of minutes, and using it to do something that could get you in trouble. Yes, the probability is probably low, but still, this is what encryption is for. MAC filtering is not secure:
http://en.wikipedia.org/wiki/MAC_filtering

WEP encryption is also pretty worthless but better than MAC filtering. WPA encryption is better.

carlos66ba 16 years ago

It adds a layer of security, but not much (mac addresses can be spoofed). But this, plus WAP makes for some reasonable security.

GorillazMiko 16 years ago

Smart idea. This can help a lot of people. I have the same router too, but we use a different one because that one got all messed up. Awesome job. +1 rating.