MAC Address Filtering On Router

  • Thread starter Robin
  • 9 comments
  • 2,918 views

Robin

Premium
16,799
United Kingdom
United Kingdom
This may sound like an odd question but,

Can you set a wireless router to provide an open (no security) connection to specifically approved MAC address devices whilst still having the same router running in secure WPA-PSK mode for everything else?

So basically...

Device 1 -----> Router ------> MAC address listed ------> Open Connection Provided.

Device 2 (everything else) -----> Router -------> MAC Address not listed -------> WPA-PSK Connection Offered.

The way it currently stands even if a device is on the MAC address approved list its still required to go to a WPA-PSK authentication. I ask because I have older wireless hardware which does not do WPA and I wont run a totally open connection.

Thanks,

Robin.
 
You would need two devices. Having two routers would work but they might conflict a little. Best option is to have one wireless router, and then one wireless access point on the network. You can then set up two seperate wireless connections with different security to the same network.
 
You could do this fairly easily if your router supports multiple SSID's - one set up for WPA-PSK and one open.
 
TB
You could do this fairly easily if your router supports multiple SSID's - one set up for WPA-PSK and one open.

Not if you want to apply MAC address filterting to only one of the SSIDs which I'm not sure is possible.
 
It depends on the Router. Cheaper ones probably won't be able to do it, but higher end models should.

My Router a 'NetGear WNR3500", supports a Guest Network with different security settings to the default standard one. And also gives the option to deny users connected on the guest network access to the local network, so they can only access the web. I'm not 100% but I'm pretty sure MAC address filtering wouldn't apply to the guest network. I guess I could try it though...
 
Thanks for the replies, my router doesn't support multiple SSID's and cannot provide two separate networks, buying another router would be too pricey and would probably conflict with each other anyway.

In any case all these still end up with a separate network being broadcasted for everyone to see as 'open' even if its MAC secured. It's probably not possible but I want one network to appear as a secured connection to everyone but when it sees a MAC address it knows let it through the backdoor so to speak.

So MAC address checking should be placed first then WPA-PSK the second if its then needed, currently all routers do it the opposite way.

Robin.
 
MAC address filtering is useless. Anybody with a scanner can watch the traffic, then spoof that MAC on their wireless card. Most cards, you can set the MAC address in the card's properties.

And what does it accomplish? That MAC gets in free while anybody else needs the WPA key? So what? Put the damn key on the one system.
 
Isn't this the same as using DMZ? Or are you already using DMZ for another IP/mac address?
None of my iDevices know what WPA is and give incorrect password errors every few minutes so this would help me a bit as well but I don't think it can be done.
 
Eh?

The DMZ is an area between your LAN and the internet. When you say "iDevices" do you mean Apple devices? If so they should definitely know what WPA is. WEP is old technology and most modern devices should be using WPA2.
 
Just noticed he wants to bypass the entire WPA authentication deal. Otherwise, doesn;t DMZ do exactly what he's asking for? One IP with all open ports while all other devices are locked down?

Yes, Iphones, all gens, I've tried can't keep a connection for long coming with a forgotten password error. I have 3 routers that had same problems.
 

Latest Posts

Back