Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Does WPA2 wireless access control pre-empt MAC address filtering?

Question:

I’ve been trying to protect my home wireless network with both a WPA2
password and an enabled MAC address filter. It seems to work for the more
traditional computers but for many video game systems, smartphones and many
Apple products, they seem to be able to connect using only the WPA2 password.
Why isn’t the MAC address filter preventing these devices from accessing the
network? Does the possession of the password somehow pre-empt the filter?

In this excerpt from
Answercast #94
I look at some issues in setting up a network with MAC
address filtering, and wonder if it is even necessary when WPA2 is already
enabled.

]]>

WPA2 and MAC address filtering

It should not – and unfortunately, without knowing exactly what device you’re using, the only comment I can make about the MAC address filtering is that it sounds like it’s not actually enabled. It sounds like it is not actually doing what it’s supposed to be doing.

Enabling MAC address filtering

The idea is that MAC address filtering restricts the physical access of a device to specific network controllers that have a unique and specific MAC address.

Now, if devices that are not in the MAC address filter (in other words, they’re not explicitly allowed in by the filter) are still able to get in? Bottom line is the filter’s not working. I can’t really help diagnose that any further – other than to say triple check the settings in the router or in the access point that are controlling the MAC address access control.

Is MAC address filtering necessary?

Now, I will say this: I’ve never found it necessary to use MAC address filtering.

The problem, from my perspective, is that so many different devices come and go all the time that it would be a maintenance nightmare to keep track of all the MAC addresses and make sure that the filter was always up to date. It seems like it would be a terrible inconvenience. In particular, since WPA-2 is a great way to make sure that only authorized devices access your network.

So, I would be more than happy to say, just use WPA-2. I believe that is sufficient security for most people in most situations and is certainly the security that I run with here myself at home.

(Transcript lightly edited for readability.)

End of Answercast 94 Back to – Audio Segment

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

1 thought on “Does WPA2 wireless access control pre-empt MAC address filtering?”

  1. In addition to WPA, I also limit the number of dynamic IP addresses to the number of items I want using the router (and hence the internet).

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.