ADSL Router: Permitting only specific MACs

[mohanty1942]

I have a 4 port ADSL router ( TPLink-TD8841 ) used for Internet access. The modem is configured in PPP-O-E mode (userid & pw is set in the modem itself).

I want that except two laptops(mine), no other laptop or desktop should able to access internet from the router.
For which i want to deny all other mac addresses except the two (mine).

Pls suggest.

 

[asingh]

There should be an option MAC Filtering. You can enable that, and put in the device MACs. Only those will be allowed to access the radio.

 

[Ishu Gupta]

Its pretty useless. Only hinders yourself. If you want to connect your phone/tablet, you need to add it too.

If anyone is going to hack into your security, he already knows how to get past MAC filtering.

 

[mohanty1942]

@asingh : I have set MAC Filtering to Blocked mode. ( means that all MAC layer frames will be BLOCKED except those matching with any of the specified rules in the following table). I have added only one PC's MAC; still anyone can connect his laptop and is able to surf. How ?
(ii) if I am adding a MAC of a machine what should be the value of Source MAC and Destination MAC fields ?

(iii) Basically what is the purpose of MAC Filtering in a ADSL router used for internet access?

@gupta: If MAC filtering is useless for denying unauthorized access, will you please suggest the effective way ?

 

[Ishu Gupta]

1) Change it to Allowed mode.

2) Change security to WPA2 and use a strong password.

 

[mohanty1942]

1) Change it to Allowed mode.

2) Change security to WPA2 and use a strong password.

(1) First remember that in allowed (permitted) mode all MAC layer frames will be FORWARDED except those matching with any of the specified rules in the following table..
..AND I CAN'T GUESS THE MACs of INTRUDER.. to fill in the table.

(2) My ADSL router model is TPLink TD-8810 which is a non wireless and having 4 ethernet ports.
So there is no question of WPA2.

 

[Ishu Gupta]

Who do you want to protect the connection from? The other person can just press the reset button

PS - In most routers, allowed means that the mentioned MACs will be allowed. (Whitelisted)

 

[mohanty1942]

(1) You don't know the field requirement of the situation. The ADSL router is physically protected and only ethernet cables are layed to the other building and meant to be used by one/or two specific machine only.

(2)There is not a single ADSL router in which "allowed (in MAC Filtering Menu) means that the mentioned MACs will be allowed. (Whitelisted)".

I can show you thousand examples (ex.*support.dlink.com/emulators/dsl2640b/306041/scmacflt.html?action=view). Show me one which proves your statement.

 

[asingh]

Can you post a screen shot of the router configurator page which has MAC filtering options.

 

[Ishu Gupta]

(1) You don't know the field requirement of the situation. The ADSL router is physically protected and only ethernet cables are layed to the other building and meant to be used by one/or two specific machine only.

(2)There is not a single ADSL router in which "allowed (in MAC Filtering Menu) means that the mentioned MACs will be allowed. (Whitelisted)".

I can show you thousand examples (ex.*support.dlink.com/emulators/dsl2640b/306041/scmacflt.html?action=view). Show me one which proves your statement.

Beetal 440TX1. Wifi Router given by BSNL and Airtel.

 

[mohanty1942]

Beetal 440TX1. Wifi Router given by BSNL and Airtel.

That is not exactly under a Menu named "MAC Filtering".
If yes, post the full-screen shot so that one can figure out.

Further the interface doesn't prove that in "Activated" mode all the MACs mentioned are permitted only. Those can be set to 'Deny Association' mode also while the main menu is still set to 'Activated' .

 

[mithun_mrg]

@op if macfiltering is enabled allowed list means only the macs listed there will be allowed access others denied also it is not a full proof security anyway it dosen't sense to secure a wired router BTW have u changed the default login password

 

[Ishu Gupta]

Further the interface doesn't prove that in "Activated" mode all the MACs mentioned are permitted only. Those can be set to 'Deny Association' mode also while the main menu is still set to 'Activated' .

Its is a screen from MY router. So I can confirm that thats how it works.
Those two are my laptop's and phone's MACs.

it is not a full proof security anyway

+1

Install macchanger (linux) and use

macchanger --mac <allowed mac> <Interface Address>