MAC Filtering: What Is It and Should I Enable It?

Most routers on the market include a feature called MAC address filtering. It's a security access control method that determines whether or not a device can access a network. If you have trouble with unauthorized devices stealing your WiFi connection, it might be for you; MAC filtering helps protect a WiFi network, allowing only select devices on. In this article, learn what MAC filtering is, why it's useful, and how to enable it on your router.

What is a MAC address?

In order to better understand MAC address filtering, you should first know what a MAC address is. A MAC (media access control) address, also known as a hardware address, is a twelve-digit hexadecimal number that designates each device, whether it be a desktop computer, laptop, or smartphone, on a local area network (LAN).

MAC addresses distinguish one device from another on these local networks, allowing data to transmit to the intended recipient without confusion. Each address is unique and assigned to a network interface card (NIC) by the device manufacturer.

What is MAC address filtering?

MAC address filtering is a control mechanism used to control access to a network based on the MAC addresses of devices. It adds an extra layer of security by limiting the number of devices that can connect to a network.

Your wireless router does MAC authentication before letting any device join a network. A device can only join a network if the address matches one on the router's list; if not, the router denies access.

MAC address filtering

In the media access control address filtering process, your router acknowledges a collection of approved devices on your WiFi. It also keeps a list of devices that you do not want grant network access to. When you enable MAC filtering on your router, you can specify a list of approved media access control addresses and devices.

Essentially, this type of filtering helps prevent unauthorized access to your network. You can control which devices and users you grant network access to. It also offers you the ability to limit Internet access to certain computers for a certain time period.

How does MAC address filtering work?

MAC address filtering works by allowing or blocking devices from accessing a network based on their MAC addresses. When media access control address filtering is enabled on a network device, it creates a whitelist and blacklist of addresses. The whitelist contains the MAC addresses of approved devices that are permitted to access the network. The blacklist, on the other hand, contains the MAC addresses of devices you don't require or don't want on your network.

When a device attempts to connect to the network, the network device checks the MAC address of the incoming connection against the whitelist or blacklist. If the MAC address is on the whitelist, access is granted to the device. However, if the address is on the blacklist, the device denies access.

You can set up filtering on routers, switches, and wireless access points. It's often used in wireless networks as an additional layer of security along with encryption methods like WPA2 or WPA3.

By filtering addresses, network admins are able to keep track of specific devices within a system. They block untrusted devices from joining the network.

How to configure MAC address filtering

To enable MAC address filtering, you need to you know your router's admin login, as this enables you to log in to the WiFi router console. Once logged in as an admin, you can configure your MAC address whitelists and blacklists.

To locate your router's username and password, check the back of your router. It should be listed there. If, however, you don't have easy access to your router or the credentials aren't listed there, check the master list of router logins to find your system's username and password. You can reset your router's password if necessary.

Once you're logged in, you will likely see connected devices in the admin console. Most modern routers display the physical address of devices there. Then, you can go into the router's settings and enter the MAC addresses where they belong. Though each router will have a slightly different procedure for entering and finalizing MAC address filters, this is the general process that you'll follow.

To configure filtering on a Linksys router once you've reached the router's settings, go to Wireless > Wireless MAC Filter.

To configure filtering on a Netgear router once you've reached the router's settings, go to Advanced > Security > Access Control.

If you have a D-Link router, navigate to Advanced > Network Filter.

How to disable MAC address filtering

Again, the process for disabling media access control address filtering will vary by router or system. However, the general process for disabling MAC address filtering is as follows:

  1. Sign into your router's administrator page using your router's username and password.
  2. Check the MAC filter settings and select Allow as the default mode.
  3. Select all devices from the list of exceptions, which is the whitelist.
  4. Delete the list.

Once you disable MAC filtering, your router will no longer sort traffic based on permitted and denied addresses.

Advantages and disadvantages of MAC filtering

Like all technology, there are both benefits and drawbacks to setting up MAC address filtering on your router. Before you decide whether or not you should do it yourself, make sure you understand both sides.

Benefits of MAC address filtering

There are several benefits to using MAC address filtering in your WiFi network.

  • It prevents bandwidth theft. Media access control address filtering helps prevent bandwidth theft, which occurs when someone connects to your wireless network without paying for Internet. With MAC address filtering, any unauthorized devices won't be able to access your Internet or network.
  • It protects WiFi. By configuring your network to only accept specific connections, you protect yourself from dangerous or malicious connections.
  • Your network is easier to manage. With MAC filtering, administrators can easily identify devices, remove devices, and monitor authorized devices on a network.
  • You'll experience less network congestion. Because you can control the number of devices that connects to your network, you can reduce network congestion and improve network performance.
  • It provides DDoS protection. DDoS attacks result from huge amounts of incoming data packets coming from many devices. Media access control filtering ensures that the network rejects unauthorized data packets, protecting a network from malicious attacks.
  • It's easy to set up. The process doesn't require any additional software or hardware and can be done right from your router.

Disadvantages of MAC address filtering

Though MAC filtering is a great way to protect your network and optimize network management, there are a couple of drawbacks to the process.

  • MAC addresses can easily be spoofed. MAC addresses are easy to spoof, making it possible for hackers to bypass media access control filtering.
  • The process is time-consuming. Maintaining a list of authorized MAC addresses takes time, especially on larger networks. You must manually add each new device to a network.
  • There are no encryption standards. Though users can encrypt their own networks, MAC address filtering provides no encryption for data transmitted over the network, leaving it vulnerable.
  • It limits guest access. Because permitted devices are established beforehand, MAC filtering limits the ability of guests to access your network. Though it's not impossible to change settings, it impacts the flexibility of your network for temporary users, visitors, or guests. In cases like these, using a guest WiFi network could be a viable solution.

Applications of MAC filtering in computer networks

As a security feature, MAC address filtering allows you to control which devices can connect to your network. It has several applications in computer networks, including:

  • providing parental controls
  • providing access control
  • securing public WiFi networks
  • monitoring networks
  • managing traffic and traffic flow
  • troubleshooting
  • managing a network remotely
  • securing Internet of Things (IoT) devices

Frequently asked questions

Does media access control address filtering improve network security?

Yes, MAC filtering improves network security, but it's not a complete security solution on its own. MAC filtering helps you restrict access for unauthorized devices and protect against related security threats.

Can media access control address filtering cause compatibility issues?

In some cases, yes, media access control filtering can cause compatibility issues. This is especially true when dealing with older devices. Certain devices might not support MAC address filtering, or they may have limitations on the number of permitted MAC addresses. This could then cause connectivity problems.

Can media access control filtering prevent all unauthorized access on my network?

While this type of address filtering enhances network security, it's not a foolproof method. Skilled attackers could potentially change their MAC addresses in order to bypass the whitelist and blacklist. Therefore, consider filtering as just one part of a comprehensive network security strategy.