MAC address filter for wireless network

From BubbaWiki
Jump to: navigation, search

Most wireless access points have the possibility to filter which clients are to connect by using MAC addresses. A wireless network card always has it's unique MAC address so this means a way to control which clients can connect and which can not. Please note that there is much less security involved in this since it's very easy to change the MAC address used by a network interface. But at least it makes a bit more difficult for the neighbours noob kid using your network. And also it enhances the security when used in combination with encryption.


B3 has no way of setting up MAC filtering from the web admin gui. Fortunately it's fairly easy fix by hand and that's what I intend to describe here.


First you need to know the MAC addresses of the clients that you wish to connect. In Windows this is achieved by running "ipconfig /all" in a console window and looking for "Physical Address" under a heading that says something about wireless. In Linux you'd probably run ifconfig and look at a interface that's named something like wlan0. The MAC address consists of four groups of two hexadecimal characters. In Windows they are normally separated by "-" though the correct notation is to separate them by ":".


First, SSH into your B3/B2. Logon as root. Go to the folder /etc/hostapd by using the following command:

cd /etc/hostapd


Hostapd is the software used by B3/B2 for wireless access point. The configuration files for hostapd resides in this directory.

Now edit the file named "accept" for example by using nano:

nano accept


Add the MAC addresses that you want to be able to connect. The file should look something like this:

00:0d:4b:23:01:6a
00:21:6b:89:28:b2
00:11:95:89:1f:50


(this is if you want me to connect using some of my computers, but you get the point, right?)

Save the file by pressing Ctrl+X and answering y to the question if you want to save the file.


Now go edit the file hostapd.conf in the same folder by using nano again. In this file we want to change two things. Firstly we want to change the line that says "macaddr_acl=0" into "macaddr_acl=1". This tells hostapd to use MAC filtering. Second we want to add a line (anywhhere in the file, but for clearity it's best to add it just beneath the macaddr_acl line) that says "accept_mac_file=/etc/hostapd/accept". This tells hostapd where to look for addresses that are authorized and points to the file we just changed. Now save hostapd.conf.


Tell hostapd to reload the access point configuration by runing

/etc/init.d/hostapd reload


That should be it. Please note that if you did not add the MAC address of the computer you used for connecting and if that computer is connected using WiFi, you will of course be disconnected from the network.