The wireless MAC filter is a layer of security that allows only specific MAC addresses to connect to your router via WiFi. This tool allows you to specify a list of MAC addresses that are authorized. When a device tries to connect to your Wifi network, if its MAC address does not match one on the authorized list, it will not be able to establish a connection. Alternatively, you can ban a certain list of MAC addresses and every other MAC address that is not on the list will be able to connect.
What is a Mac Address?
MAC stands for Media Access Control. A unique MAC address is assigned to each network-capable interface when it is manufactured. For example, your desktop PC may have several MAC addresses; one for each LAN port and one for a wireless card. Here is an example of a MAC address:
01-23-45-67-89-AB
They are sometimes also formatted like this:
01:23:45:67:89:AB
The digits can range from 0-9 and A-F.
How to Setup Wireless MAC Address Filtering
The screenshot below is where I would setup the filter on my Linksys WRT100 RangePlus wireless router. Your page may look different, but the concept will still be the same and your router should work similarly.
You have the option of ALLOWING the specific MAC addresses in the list, where no other MAC addresses will be able to connect. You also have the option to BLOCK the specific MAC addresses on the list, where any MAC address NOT on the list will be able to connect.
The Wireless Client List button will show you the clients that are currently connected and will allow you to select each one and add it to the MAC address list. Here is what that looks like:
Verifying MAC Addresses on Devices
The above method works well, but sometimes it may not be so easy to distinguish your devices from intruders (if there are any). So you may feel more safe by manually entering in the MAC addresses of your devices, or at least verifying them yourself. Here is how to verify the MAC address on common devices:
- Windows XP / Windows 7 / Windows 8 / Windows Phone
- Mac / iPod Touch, iPhone, or iPad
- Android Phone
- Blackberry
- Playstation 3
- Xbox 360
- Wii
MAC Address Spoofing
Every network device has a unique MAC address assigned to it by its manufacturer. However, it is important to note that there is something called MAC address spoofing that can cause a security risk. There is software out there that will allow people to spoof (or even change) MAC addresses on their devices. If someone were to obtain a MAC address on your list of authorized MAC addresses, they would technically be able to spoof the MAC address of their device so the router thinks it is a legitimate, authorized device. This information is not to say that using a MAC address filter is not a good security practice. It is actually very useful and effective in keeping the majority of people out.
This goes to show that multiple layers of security is the best way to go. There are ways around almost any security measure you can implement. No single security measure will keep everyone out. The trick is to implement multiple layers of security in order to make it more difficult for intruders to get what they want. No network can ever be 100% safe and secure. What we really need to do is make it as hard as possible for someone to get into the network.