MAC Filtering in Computer Network

Last Updated : 10 Feb, 2026

MAC filtering is a network access control method where a router or switch allows or blocks devices based on their MAC (Media Access Control) address.

  • Works by keeping an allow list (whitelist) of permitted MAC addresses or a deny list (blacklist) of blocked ones
  • Commonly used in Wi-Fi routers to restrict which devices can join the network
  • Provides basic control, but it’s not strong security alone because MAC addresses can be spoofed

Working

mac_filtering
  • When a device tries to join a network, the router or access point checks the device’s MAC address against the configured filtering rules.
  • In allow list mode, the network permits access only to devices whose MAC addresses are explicitly approved by the administrator.
  • In deny list mode, the network blocks only the MAC addresses marked as restricted, while other devices are allowed to connect.
  • If the same MAC address appears in both lists, the deny rule usually takes priority to avoid accidental access.
  • MAC filtering can be enforced at the connection layer (the device cannot join the Wi-Fi/network) or at the DHCP layer (the device connects but does not receive an IP address, so it cannot use network services).
  • In real networks, MAC filtering is used as an extra security layer along with strong Wi-Fi encryption and authentication, not as the only protection.

Steps (Windows DHCP Example):

  • Open the DHCP Console, expand the server, and select IPv4.
  • Right-click IPv4, choose Properties, and navigate to the Filters tab.
  • Enable the Allow list or Deny list based on the desired access policy, and add the required MAC addresses.
  • Click OK to apply and save the configuration changes.

Updating MAC Filtering

Updating MAC filtering involves modifying the allow or deny lists in the router settings to control which devices can access the network.

  • Open your router’s admin page using a browser or the router’s app.
  • Go to the Wireless or Wireless Security section and locate MAC Filtering settings.
  • In some routers, the same setting may appear as MAC Address Control, Wireless MAC Authentication, or Access Control.
  • If MAC filtering is enabled, add the device’s MAC address (for example, a Nintendo system) to the allowed list, and then save the changes.
  • If you do not want MAC filtering on your network, disable it and save the configuration.

 Applications

  • Access control: It restricts network access to only authorized devices.
  • Parental control: It limits children’s internet access by permitting only selected devices.
  • BYOD enforcement: It allows only approved personal devices to connect to company networks.
  • Guest access: It provides controlled access for visitors without exposing the main network.
  • Wireless security: It blocks unknown devices from connecting to Wi-Fi.
  • IoT security: It prevents untrusted devices from accessing smart home or industrial IoT networks.
  • Traffic management: It limits the number of devices that can connect at the same time.
  • Compliance support: It helps enforce organizational network access policies.
  • Troubleshooting and monitoring: It helps identify unauthorized devices and track which devices are connected.

Security Risks

  • Attackers can spoof a MAC address by changing their device address to one that is already allowed.
  • MAC addresses can be learned by sniffing nearby Wi-Fi traffic, especially when the network is weakly protected.
  • MAC filtering does not provide encryption, so it cannot protect data privacy or stop eavesdropping on its own.
  • Managing MAC lists takes effort because every new device must be added and old entries must be updated or removed.
  • It does not scale well in large networks because maintaining many MAC entries becomes tedious and error-prone.
  • Legitimate devices can be blocked by mistake if their MAC address changes or if MAC randomization is enabled.
Comment
Article Tags:
Computer Networks

Explore