MAC Address Filtering – CompTIA Security+ SY0-401: 1.5


One common method of access control on a wireless network is the use of physical hardware addresses. In this video, you’ll learn how to limit wireless access using MAC addresses.

<< Previous Video: EAP, PEAP, and LEAPNext: SSID Management >>


We’ve now encrypted our data. We’ve chosen an authentication method so we can make sure that people get on to the network who are allowed and prevent those who aren’t. There may be some other things that we can configure in our wireless access point to help with security. Let’s look at one of these. This is MAC filtering. MAC stands for Media Access Control. It’s the hardware address, the Mac address, of your wireless card that’s in your devices. And one of the things you can do is list out in your wireless access point a list of all of the MAC level addresses who are allowed to communicate to your wireless network. So this keeps all your neighbors out. This keeps other people who don’t your MAC addresses from being able to even communicate to your wireless access points. This obviously creates a lot of administration. You have to get a list of everybody’s MAC address and put it into the wireless access point. If you have visitors that are coming in, you may have to add those MAC addresses also to the wireless access point.

And in reality, as long as somebody has a protocol analyzer they can sniff what’s happening over a wireless network. Becomes really easy to find out what MAC addresses might be out there, and it’s really easy to spoof MAC addresses. So we can simply wait until you leave for the day and then use your MAC address to get back on the network. So obviously that’s not the only security feature you should apply to your access points and your wireless routers because it’s so easy to do this. We call that security through obscurity. And in reality, that is not the security at all. There’s no real security if all you’re doing is trying to hide something that somebody later on can very, very easily find out that information. It’s only going to protect you from the people who don’t want to get into your network to begin with. So don’t think and use MAC layer filtering as the only security method. Use it to layer on along with all of the other things that you’re doing.