How to use MAC address filtering in AEBS(n)

Several views and not a single answer? O.o

You can easily configure it with the AirPort Utility. You'll have to go into the "Manual" configuration. It's one of the tabs. (Though it may not be labeled "MAC filtering")

I'd tell you exactly which tab, but I'm not around any of my AirPort base stations ATM, so I can't go through it. The help file seems to call it "MAC Address Access Control"

I can see how it's a pain to find, however... MAC != Mac, but the search function doesn't care...

Hello kollie. Welcome to the Apple Discussions!

AirPort Extreme Base Station Setup (AEBSn) - MAC Filtering

Either connect to the AEBSn's wireless network or, temporarily, connect your computer directly (using an Ethernet cable) to one of the LAN ports of the AEBSn, and then, using the AirPort Utility in Manual Setup, check these settings:

AirPort - Access Control
o MAC Address Access Control: Timed Access
o Click "+" to open the "Timed Access Control Setup Assistant" window
o MAC Address: <Enter the MAC address or AirPort ID of the device to be added to the filter.>
o Everyday: <Select the appropriate option from the pop-up menu.>
o all day: <Select the appropriate option from the pop-up menu.>
o Click "+" to add more time-limit rules as required.
o Click "Done" to close the Timed Access Control Setup Assistant.
o Click "Update" to save the settings and restart the base station.

Mac address filtering basically adds no security, so is it worth the effort if you are using WPA?

http://blogs.guardian.co.uk/askjack/2007/11/macinvaders_on_a_home_wifine.html

If someone knows your WPA password they will be able to read the MAC address of any connected computer, clone that address, and join your network in a matter of minutes. Therefore it is a waste of time to use MAC address filtering (access control).

Just be sure and use a strong non-dictionary WPA password.

Duane wrote:
If someone knows your WPA password they will be able to read the MAC address of any connected computer, clone that address, and join your network in a matter of minutes.

Yeah - IF you know the password. If you don't know the password, it can make some injection attacks more difficult.

Therefore it is a waste of time to use MAC address filtering (access control).

I disagree; it's part of the philosophy of 'defense in depth' - using multiple layers, even if some are only marginally useful. MAC address filtering is indeed little more than a speed bump to a skilled person who knows the password - but it is a speed bump nonetheless.

It requires some skill to clone the address - the vast majority computer users don't know how to clone a mac address, and most will simply assume that they got the wrong password, and try somebody else's network.

People looking for a 'free wifi' to use generally move on if it doesn't work in the first minute or so.

If you're looking to foil an experienced attacker, you need more security than anything the AirPort has to offer anyway - which is one reason why most of the corporate wi-fi access I've seen is inside a DMZ, firewalled off from the rest of the network.

Just be sure and use a strong non-dictionary WPA password.

Yeah, preferably a non-sensical password like <#fGx92*'}+,. Not the easiest thing to remember, but that's what keychain is for.