Helping people with computers... one answer at a time.

WPA2 and MAC address filtering offer security to a home network. For ease of use, however, WPA2 is probably enough.

I've been trying to protect my home wireless network with both a WPA2 password and an enabled MAC address filter. It seems to work for the more traditional computers but for many video game systems, smartphones and many Apple products, they seem to be able to connect using only the WPA2 password. Why isn't the MAC address filter preventing these devices from accessing the network? Does the possession of the password somehow pre-empt the filter?

In this excerpt from Answercast #94 I look at some issues in setting up a network with MAC address filtering, and wonder if it is even necessary when WPA2 is already enabled.

WPA2 and MAC address filtering

It should not - and unfortunately, without knowing exactly what device you're using, the only comment I can make about the MAC address filtering is that it sounds like it's not actually enabled. It sounds like it is not actually doing what it's supposed to be doing.

Enabling MAC address filtering

The idea is that MAC address filtering restricts the physical access of a device to specific network controllers that have a unique and specific MAC address.

Now, if devices that are not in the MAC address filter (in other words, they're not explicitly allowed in by the filter) are still able to get in? Bottom line is the filter's not working. I can't really help diagnose that any further - other than to say triple check the settings in the router or in the access point that are controlling the MAC address access control.

Is MAC address filtering necessary?

Now, I will say this: I've never found it necessary to use MAC address filtering.

The problem, from my perspective, is that so many different devices come and go all the time that it would be a maintenance nightmare to keep track of all the MAC addresses and make sure that the filter was always up to date. It seems like it would be a terrible inconvenience. In particular, since WPA-2 is a great way to make sure that only authorized devices access your network.

So, I would be more than happy to say, just use WPA-2. I believe that is sufficient security for most people in most situations and is certainly the security that I run with here myself at home.

(Transcript lightly edited for readability.)

End of Answercast 94 Back to - Audio Segment

Article C6316 - February 18, 2013 « »

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

1 Comment
February 27, 2013 5:51 PM

In addition to WPA, I also limit the number of dynamic IP addresses to the number of items I want using the router (and hence the internet).

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.