# ADSL Router: Permitting only specific MACs



## mohanty1942 (Aug 16, 2011)

I have a 4 port ADSL router ( TPLink-TD8841 ) used for Internet access. The modem is configured in PPP-O-E mode (userid & pw is set in the modem itself).

I want that except two laptops(mine), no other laptop or desktop should able to access internet from the router.
For which i want to deny all other mac addresses except the two (mine).

Pls suggest.


----------



## asingh (Aug 16, 2011)

There should be an option MAC Filtering. You can enable that, and put in the device MACs. Only those will be allowed to access the radio.


----------



## Ishu Gupta (Aug 16, 2011)

Its pretty useless. Only hinders yourself. If you want to connect your phone/tablet, you need to add it too.

If anyone is going to hack into your security, he already knows how to get past MAC filtering.


----------



## mohanty1942 (Aug 16, 2011)

@asingh : I have set MAC Filtering to Blocked mode. ( means that all MAC layer frames will be BLOCKED except those matching with any of the specified rules in the following table). I have added only one PC's MAC; still anyone can connect his laptop and is able to surf. How ?
(ii) if I am adding a MAC of a machine what should be the value of Source MAC and Destination MAC fields ?

(iii) Basically what is the purpose of MAC Filtering in a ADSL router used for internet access?

@gupta: If MAC filtering is useless for denying unauthorized access, will you please suggest the effective way ?


----------



## Ishu Gupta (Aug 16, 2011)

1) Change it to Allowed mode.

2) Change security to WPA2 and use a strong password.


----------



## mohanty1942 (Aug 16, 2011)

Ishu Gupta said:


> 1) Change it to Allowed mode.
> 
> 2) Change security to WPA2 and use a strong password.



(1) First remember that in allowed (permitted) mode all MAC layer frames will be FORWARDED except those matching with any of the specified rules in the following table..
..AND I CAN'T GUESS THE MACs of INTRUDER.. to fill in the table.

(2) My ADSL router model is TPLink TD-8810 which is a non wireless and having 4 ethernet ports.
So there is no question of WPA2.


----------



## Ishu Gupta (Aug 16, 2011)

Who do you want to protect the connection from? The other person can just press the reset button

PS - In most routers, allowed means that the mentioned MACs will be allowed. (Whitelisted)


----------



## mohanty1942 (Aug 18, 2011)

(1) You don't know the field requirement of the situation. The ADSL router is physically protected and only ethernet cables are layed to the other building and meant to be used by one/or two specific machine only.

(2)There is not a single ADSL router in which "allowed (in MAC Filtering Menu) means that the mentioned MACs will be allowed. (Whitelisted)".

I can show you thousand examples (ex.*support.dlink.com/emulators/dsl2640b/306041/scmacflt.html?action=view). Show me one which proves your statement.


----------



## asingh (Aug 18, 2011)

Can you post a screen shot of the router configurator page which has MAC filtering options.


----------



## Ishu Gupta (Aug 18, 2011)

mohanty1942 said:


> (1) You don't know the field requirement of the situation. The ADSL router is physically protected and only ethernet cables are layed to the other building and meant to be used by one/or two specific machine only.
> 
> (2)There is not a single ADSL router in which "allowed (in MAC Filtering Menu) means that the mentioned MACs will be allowed. (Whitelisted)".
> 
> I can show you thousand examples (ex.*support.dlink.com/emulators/dsl2640b/306041/scmacflt.html?action=view). Show me one which proves your statement.



Beetal 440TX1. Wifi Router given by BSNL and Airtel.


----------



## mohanty1942 (Aug 19, 2011)

Ishu Gupta said:


> Beetal 440TX1. Wifi Router given by BSNL and Airtel.



That is not exactly under a Menu named "MAC Filtering".
If yes, post the full-screen shot so that one can figure out.

Further the interface doesn't prove that in "Activated" mode all the MACs  mentioned are permitted only. Those can be set to 'Deny Association' mode also while the main menu is still set to 'Activated' .


----------



## mithun_mrg (Aug 20, 2011)

@op if macfiltering is enabled allowed list means only the macs listed there will be allowed access others denied also it is not a full proof security anyway it dosen't sense to secure a wired router BTW have u changed the default login password


----------



## Ishu Gupta (Aug 20, 2011)

mohanty1942 said:


> Further the interface doesn't prove that in "Activated" mode all the MACs  mentioned are permitted only. Those can be set to 'Deny Association' mode also while the main menu is still set to 'Activated' .



Its is a screen from MY router. So I can confirm that thats how it works.
Those two are my laptop's and phone's MACs.



mithun_mrg said:


> it is not a full proof security anyway



+1

Install macchanger (linux) and use

```
macchanger --mac <allowed mac> <Interface Address>
```


----------

