6 Replies Latest reply: Dec 6, 2007 11:12 PM by kollie
kollie Level 1 Level 1 (30 points)
Hi everyone,

I finally got the new Airport Express Base Station(n) with Gigabit after using my long Netgear router for more than 8 years.
My question is : Where and how can you filter MAC address?
I understand using WPA is more secure (which I did), but I also want to weed out the possible leeches out there who just want to piggy-back on my wireless network by MAC address filtering process. It may be overkill.
Anyone who knows, please response. Thanks.

20" iMac 2.16GHz Intel Core 2 Duo, Mac OS X (10.5.1), 17" iMac G5 1.8GHz
  • pariah0 Level 1 Level 1 (80 points)
    Several views and not a single answer? O.o

    You can easily configure it with the AirPort Utility. You'll have to go into the "Manual" configuration. It's one of the tabs. (Though it may not be labeled "MAC filtering")

    I'd tell you exactly which tab, but I'm not around any of my AirPort base stations ATM, so I can't go through it. The help file seems to call it "MAC Address Access Control"

    I can see how it's a pain to find, however... MAC != Mac, but the search function doesn't care...
  • Tesserax Level 8 Level 8 (49,415 points)
    Hello kollie. Welcome to the Apple Discussions!

    AirPort Extreme Base Station Setup (AEBSn) - MAC Filtering

    Either connect to the AEBSn's wireless network or, temporarily, connect your computer directly (using an Ethernet cable) to one of the LAN ports of the AEBSn, and then, using the AirPort Utility in Manual Setup, check these settings:

    AirPort - Access Control
    o MAC Address Access Control: Timed Access
    o Click "+" to open the "Timed Access Control Setup Assistant" window
    o MAC Address: <Enter the MAC address or AirPort ID of the device to be added to the filter.>
    o Everyday: <Select the appropriate option from the pop-up menu.>
    o all day: <Select the appropriate option from the pop-up menu.>
    o Click "+" to add more time-limit rules as required.
    o Click "Done" to close the Timed Access Control Setup Assistant.
    o Click "Update" to save the settings and restart the base station.
  • iFelix Level 8 Level 8 (35,145 points)
    Mac address filtering basically adds no security, so is it worth the effort if you are using WPA?

    http://blogs.guardian.co.uk/askjack/2007/11/macinvaders_on_a_home_wifine.html
  • Duane Level 10 Level 10 (117,955 points)
    If someone knows your WPA password they will be able to read the MAC address of any connected computer, clone that address, and join your network in a matter of minutes. Therefore it is a waste of time to use MAC address filtering (access control).

    Just be sure and use a strong non-dictionary WPA password.
  • pariah0 Level 1 Level 1 (80 points)
    Duane wrote:
    If someone knows your WPA password they will be able to read the MAC address of any connected computer, clone that address, and join your network in a matter of minutes.


    Yeah - IF you know the password. If you don't know the password, it can make some injection attacks more difficult.

    Therefore it is a waste of time to use MAC address filtering (access control).


    I disagree; it's part of the philosophy of 'defense in depth' - using multiple layers, even if some are only marginally useful. MAC address filtering is indeed little more than a speed bump to a skilled person who knows the password - but it is a speed bump nonetheless.

    It requires some skill to clone the address - the vast majority computer users don't know how to clone a mac address, and most will simply assume that they got the wrong password, and try somebody else's network.

    People looking for a 'free wifi' to use generally move on if it doesn't work in the first minute or so.

    If you're looking to foil an experienced attacker, you need more security than anything the AirPort has to offer anyway - which is one reason why most of the corporate wi-fi access I've seen is inside a DMZ, firewalled off from the rest of the network.

    Just be sure and use a strong non-dictionary WPA password.


    Yeah, preferably a non-sensical password like <#fGx92*'}+,. Not the easiest thing to remember, but that's what keychain is for.
  • kollie Level 1 Level 1 (30 points)
    I've learned quite a bit from you all.. Thank you all.