Is a MAC address filter incompatible on an extended network?

Hello all,
I've bought myself an Airport Express and an Airport Extreme.
The Express serves two roles:
1. Play music
2. Extend my network (a real extension, not just a network join)
On my Extreme, I've setup MAC address filtering with a time-based access (to avoid hacking of my network during the night -- don't worry, I have WPA2 security too...). Here's what I've done:
- All devices: no access from 11 PM to 7 AM
- Airport Express: always access
- Macbook Pro: always access
So far, so good.
Now, the problem I see if the following: IF my Express has access anytime, then an unknown device CAN connect to my network at night (midnight for example) simply because it will connect on my Express instead of my Extreme! It's like an unlocked back door!
So, from what I see, when I extend a network, the MAC filtering is not passed along to the "extending" devices. Also, on an extended network, I CAN'T set a MAC filter... So I'm stuck with an unsecure extending device.
So, my question is the following: is this normal behavior or is this an oversight from Apple? In other words, how can I extend my network and "propagate" my security setting on all my devices?
Thanks!
P.-S. On another topic, but related, any idea how to apply a setting without rebooting the router everytime? This is very annoying.

HI Yes this works fine. I have these  wifi base stations these configurations on the same subnet in my place *using MAC filtering (access control)* in two extended networks.. Here's how I do it.
• AEBS 802.11n@5Ghz 9DHCP and WAN.. and MAC ADDRESSES. TimecapsuleTV = SSID="my5Gwifi" , closed network
• 1 x AEBS 802.11g 2.4Ghz snow coloured dome base station (connected through ethernet to the main 802.11n AEBS) + 2 x 802.11g APx's + 802.11N APX; closed network; name | SSID ="my2.4Gnetwork"; all bridge mode. FOr WDS add all MAC addreses of all devices like iphones, ipods, macs, pea-seas, PS2's etc and the other APX base stations too!.
Here's the deal:
for the 802.11N base stations (AEBS . TC or APX gen 2), the extensible wifi stations are through '+extend this network+" in the + Airport Utility+.. There is no provision for the extension stations to addf any ACCESS control if you use BRIDGE MODE> (as I would you to do advise).
• for the *802.11g or WDS* I have found that you must ADD all the MAC addresses in EACH of the base statsion. This is simple to do my exporting all teh mac address config lists and importing them as you need. THis works fine.
My company registers world wide all laptop wireless nics. We have over 300,000 employees (3 x 10**5) all dynamically VPN'ed adn mac address filtered for windows , linux and unix. it works for them worldwide. Walk into any office and you are connected.
As for me and others WEP, WPA2 and all that is a mess around for hours (with that awful redmond based software) with frustrating and a huge waste of time when some one tries to connect to your system with some of those ghastly microsoft opertating systems. They all have their quirks. Vista - well you mostly know.
In any case the simplest and I beleive effective for most is MAC ADDRESS fitering.
FWIW all ways can be infiltrated.. you just need to monitr your network or add a GBE hub and use cables where the cables are in a locked oom.
hth
w

Similar Messages

  • WRT54GL MAC ADDRESS FILTER

    Hi I have a wireless access point WRT54GL and i configure it with mac address filter but it allow me to put only 40 mac and i need more? Is there any way to add more? Thanx

    Install 3rd party firmware like dd-wrt or hyperwrt+thibor. That should give you more. However, remember a bad flash may brick the router and is not covered by warranty.
    Also remember, that the wireless mac address filter does not provide you with any reasonable security. MAC addresses are quickly captured and quickly cloned. It only takes a few minutes to gather some mac addresses which are allowed into your wireless network and that's it.
    Set up wireless security with WPA2 or WPA and a strong passphrase. That's all you can do to really protect your wireless.
    If you want more detailed access control, consider installing a RADIUS server and using user/password authentication based on WPA2 or WPA (using the RADIUS or Enterprise variants).
    But the wireless mac address filter is widely overrated as security mean and only requires a lot of work and time to maintain the lists.

  • WRT610N: Cannot enter MAC address in MAC address filter list

    My WRT610N cannot accept a very specific MAC address in any position of the MAC address filter list.  It is a valid address and it was working fine in the filter list of my WRT54G but the 610N will just not take that specific address!  What is this all about?
    Solved!
    Go to Solution.

    gv wrote:
    There is nothing like a "non-critial setup". It's enough to drive by with a car and within a few minutes your network is hacked. Or it's the bored teenager next door...
    I recommend to replace the WEP only device instead of taking the risk of a hacked network.
    And just forget about the wireless mac address filter. Anyone, who wants to crack your WEP network will collect enough accepted MAC addresses during the cracking process. It's just not worth the trouble to set up the filter and keep the list current...
    Thanks for the diligent follow-up gv but I can't replace the WEP-only device for now.  (I need to go through a conversion process for that device to accept WAP and that will take a fair amount of time)  I understand your point about getting accepted MAC addresses but, at least, it requires a bit more effort... Maybe I will return the WRT610 and stick with my old WRT54 until the 610 gets fixed...

  • MAC address filter on router does not work for iOS8

    The MAC address randomization feature in iOS8 is great for privacy, but this being the case, I am not able to connect to a wi-fi router that employs a MAC address filter. Is there a way to turn off this MAC address randomization?

    I had this problem. I followed the directions to replace the netinfo db's. I rebooted, and started going through the initial OS X welcome stuff. When I tried to re-enter my user stuff, I got a "sorry, standard user cannot be added" error, and the machine went to a blue screen.
    This is odd, as I have completely restored the system from scratch (reformatted the hard drives, reinstalled). The first boot up it works fine. It seems that one of the updates must be screwing it up, because after it gets through updating, when it reboots, I can't log in.

  • WRT54GS - MAC Address Filter & Firewall SPI

    Hi,
    I just purchased a WRT54GS V 6 wireless router.  I updated the firmware to the latest (May 30) and the set up seems to be OK.  Using the security recommendations in the manual as a guide, I implemented them - the turn off SSID, and the others. 
    IF I try to filter the MAC addresses (accept only those on the list) for my wife's Sony VAIO VGN - S260 laptop, it can see the network but will not connect. When I turn off the MAC filtering, it is fine.  I used the WPA2 personal encryption, and input the passphrase into both router and computer. 
    My other issue is the firewall Statefull Packet Inspection (SPI).  On the Security set up screen, firewall tab - I have the four radio button settings that I am supposed to (Block WAN request, filter Multicast, Filter NAT, & Filter IDENT), however, I do NOT have the option to turn on the firewall (SPI) above the 4 radio buttons - that setting is totally missing from the set up screen.  Reference Page 28 of the manual.
    I would appreciate any help or suggestions, as I could not find any ideas searching the forum.  Thanks for your help
    Message Edited by donh127 on 08-07-2006 07:00 PM

    Hi. Is your Mac mini loaded with the OSX server edition or OSX consumer edition? I am not 100% sure but I think you need a server edition to do that.

  • E 2500. Mac Address Filter. Improvement. Sugestion

    Hi, what brings me here is a suggestion for improvement in the product management software. Where you make any configuration and / or alteration.
    My suggestion concerns the application of the 'MAC Number filter'. This application allows you to add devices that may or may not access the Linksys E2500.
    It turns out that the current version of this management software, to insert into the list (restrictive or permissive) of ' MAC  Number filter'. This insert serves to both wifi networks generated (2.4 GHz and 5 GHz).
    In my case the core network for home use is the 5 GHZ. And the 2.4 GHz network was set to 'guests'.
    So, when someone comes to my house is either use the 'Network - Guest' can only be used if:
    1- If I'm applying MAC address filtering for my household devices - must have to individually enter the MAC address of each guest; or
    2- Do not use for my home devices MAC number Filtering
    I understand that this security feature (MAC number Filter) is very good and helpful. But the way it is designed is not practical.
    My suggestion is to update the management / configuration software to enable:
    A) The owner can set Allow List or Prohibition of the home devices in the MAC number filter separately. In the 5 GHz network (main). Leaving free the Guest Network;
    B) Provide the update mentioned in item 'A' (above) also in Cisco Connect application.
    Thank you for your time and attention.

    I think other manufacturers follows the same MAC address filtering protocol but I'm cool with your suggestion and it might be implemented in the future by Linksys. Enabling the Guest Access on the router's setup page (Wireless tab > Guest Access) will ease you out of the hassle of inputting the MAC addresses of your guests' wireless devices. Your visitors will still be able to connect to the guest network even if the MAC address filtering is enabled but those will have limited access to your network.

  • Netboot MAC Address filter settings do not hold

    I was able to find this fix for getting the Model property settings to stick:
    * Stop Netboot
    * Uncheck Enable image
    * Make the change
    * DO NOT click "Save"
    * Check Enable image
    * Start Netboot
    but the MAC Address filtering settings do not stay
    Any ideas? My Xserve is running 10.5.5 with all of the latest updates.

    Setting "per image" filtering does not work. This is a known issue. You can set filters for the entire server however.

  • Mac address filter

    Is it possible to identify the visitors mac address using PHP
    if yes is there anything to prevent you from limiting access to specific mac addresses (say by using an IF statement to redirect other users to a different site)

    You can identify the IP address, but that doesn't take you down to the level of the individual machine.
    Barry

  • Can i change the wifi card MAC address in windows 10 /configure/Advanced „Network Address" funktion works?

    Many users complained some wifi cards missing the
    /configure/Advanced „Network Address” funktion.Without this function
    does not work normal MAC adresses which begin for example
    „00”.There are many
    forums people write about (indignantly)
    the problem.
    picture here
    of what
    I mean:
    stewx.cba.pl/extend-your-free-wifi-by-spoofing-your-mac-address/
    older post more links:
    social.technet.microsoft.com/Forums/windows/en-US/8f33667e-ba25-442c-a49b-a3aec79b6cc9/windows-781-can-not-change-the-mac-address-on-wifi-and-cannot-load-login-page-in-public-hotspot?forum=w8itpronetworking
    I'm curious about the Windows 10 users
    experience with different
    wifi cards.
    This function working perfectly, all linux platform,Mac,already in android,the old windows XP,windows 2000,
    it's a basicthing.This problem affects some reason only are newer Windows platforms and directly the wifi option.

    well....it doesn't matter whether the MAC add is 00-14-BF-93-D2-66 or 00:14:BF:932:65 or any other format .. the most important thing is the hex decimal numbers are the same ... so not worry about it...

  • Tools to find a mac address on a port in my network

    I would like to find a tool to help me to easily locate a mac address on the network.
    At the moment I use the following comands :
    On the central switch : sh mac-address-table
    then sh cdp neighbors to locate the witch on with the mac address is connected
    and sh mac-address-table again .

    Hi
    With Ciscoworks Campus Manager you can easily find any MAC connected to your network. But you need to buy the LMS suite, and it's not for free :-)
    An other way is to use a Layer 2 trace, but all devices in between have to support that feature, don't ask me which platforms/software releases, do it or not.
    Simon

  • Mac Address and Filter and Broadcast

    i have an Airport Extreme and want to:
    1 - Do not broadcast the wireless router name;
    2 - Filter by Mac Address the access to my wireless network;
    Thank You,
    Paulo.

    Welcome to the discussion area, PauloGuedes!
    1 - Do not broadcast the wireless router name;
    Open AirPort Utility - Click Manual Setup
    Click the Wireless tab below the row of icons
    Click Wireless Network Options
    Enter a check mark next to "Create a closed network"
    Click Done, then click Update
    2 - Filter by Mac Address the access to my wireless network;
    Open AirPort Utility - Click Manual Setup
    Click the Access Control tab
    MAC Access Control = Timed Access
    Click the + (plus) button at the bottom of the Access Control list to add the MAC address of each device that you want to allow to connect
    Click Update
    For more information, click on the Help menu at the top of the screen and enter the following in the search box: +Controlling access to your wireless network+. You can also reference pages 47-48 in the Apple AirPort Networks Guide.

  • Do I need to add Base Station MAC address to list?

    Hi, If I choose to use MAC address filtering on my Airport Extreme Time Capsule, do I need to add the wireless MAC address of the Base Station to the list of allowed MAC addresses???  I'd feel real bad if I set up a list, didn't include the base station's MAC address and then could never get in to the network again because I, in effect, locked myself out???  I doubt that address needs to be included but I would like some feedback on that.
    Second, does the one MAC address filter list apply to the Guest Network as well if I should choose to turn it on???  If that was the case, I would just turn off MAC address filtering why guests were present.
    thanks..  bob

    If I choose to use MAC address filtering on my Airport Extreme Time Capsule, do I need to add the wireless MAC address of the Base Station to the list of allowed MAC addresses???
    No. Timed Access would be for wireless devices....computers, mobile devices, printer, etc., that are connecting to the Time Capsule. The Time Capsule does not connect to itself in this regard.
    I'd feel real bad if I set up a list, didn't include the base station's MAC address and then could never get in to the network again because I, in effect, locked myself out???
    Sometimes, users lock themselves out by mistake by entering incorrect times for devices to connect, and they often forget that they can connect to the base station using an Ethernet connection and get back in that way.....since Timed Access only applies to devices that connect using wireless.
    does the one MAC address filter list apply to the Guest Network as well if I should choose to turn it on???
    Yes

  • Import / Export of MAC Address Filters (wrt610n to wrt1900ac)

    Is there an easy way to transfer my large MAC address filter list between these two Linksys routers?

    Hi Yemble. There's no easy way to transfer MAC Addresses from one router to another but to do it manually. Sorry.

  • Is there any way to find my new Mac Mini's Mac Address before I complete the initialization of the new Mini?

    I am starting my new Mac Mini for the first time. (My first Mac was a classic 128K that I upgraded myself to 512K back in 1985. My most recent Mac is a G4 466 Mhz unit that I am eventually replacing with the new Mac Mini.)
    I hit a snag when I got to the point where the Mini wants to connect to my home network. The network has my G4 and a MacBook on it. I have my linksys WRT54G Router set to accept only those MAC Addresses that I have authorized. This is because there are several neighborhood networks that are within range of mine.
    At this point I can either disable this filtering for a short time or find the MAC address of my new Mini before I initialize it.
    Can I find the MAC address before I initialize the Mini?
    Thanks,
    -Joe

    The serial number and the part number were on the outside of the shipping container. Nothing on the bottom of the unit at all. I worked around this problem by temporarily disabling the MAC Address or hardware address filter on my router until I was able to look up the MAC Address on the machine, entered it to the MAC Address list then I re-enabled the MAC Address filter on the router.
    Thanks for the response, anyway.
    -Joe

  • Cannot get to the Mac address!

    Hi everyone,
    We used to be able to connect our Wii to our wireless connection with a few clicks, now after we haven't had the Wii plugged in for about a year it can't seem to connect anymore, all though nothing changed on my airport side, the WEP password is the same, I tried retyping it a few times and that did nothing.....anyways, we went to the Nintendo support site and they also recommend the following:
    1. If your WEP or WPA key is correct, then the problem might be related to MAC address filtering:
    1. From the router settings, locate the "MAC address filter" settings (also known as "access control", "access list", or "network filter" depending on your router model).
    2. If the Mac address filter is set to "enabled", then you must add the Wii's MAC address to the "allowed" list. You can locate the Wii's MAC address from the "console information" page (located under "Internet" in the Wii Settings).
    3. If the Mac address filter was disabled, then continue troubleshooting.
    now, I am not able to access my airport utility, I put in the WEP password its asking for and it keeps coming back for it............so , I cannot access that panel, but I can't find a place to add a Mac address in the network preferences for the airport!???
    Help?
    Thank you,
    Lucia

    Ok, here's the basic step-by-step to get your AX up-and-running to get Internet access from a cable modem ...
    Perform a "factory default" reset of the AX
    o (ref: http://docs.info.apple.com/article.html?artnum=108044)
    Modem/Router Power ReCycling
    o Power-off the Cable modem, AX, & computer(s); Wait at least 5 minutes.
    o Power-on the Cable modem; Wait at least 15 minutes.
    o Power-on the AX; Wait at least 10 minutes.
    o Power-on the computer(s)
    Setup the AX
    Connect to the AX's wireless network, and then, using the AirPort Admin Utility, try these settings:
    AirPort tab
    o Base Station Name: <whatever you wish or use the default>
    o AirPort Network Name: <whatever you wish or use the default>
    o Create a closed network (unchecked)
    o Wireless Security: Not enabled
    o Channel: Automatic
    o Mode: 802.11b/g Compatible
    Internet tab
    o Connect Using: Ethernet
    o Configure: Using DHCP
    o WAN Ethernet Port: Automatic
    Network tab
    o Distribute IP addresses (checked)
    o Share a single IP address (using DHCP & NAT) (enabled)
    Once you verified that you can get Internet access for all of your computers, you should secure your wireless network. To do so, I suggest that you make these changes:
    Change Wireless Security
    o Wireless Security: WPA Personal or WPA2 Personal
    o Encryption Type: WPA and WPA2
    Base Station Options - WAN Ethernet Port
    o Enable Ethernet Port (checked)
    o Enable SNMP Access (unchecked)
    o Enable Remote Configuration (unchecked)
    o Enable Remote Printer Access (unchecked)

Maybe you are looking for

  • Restart number is not in the check file or is not a From-number

    HI! I had  posted  payment Document  but i  got below error while  reprint  check from  FBZ5 Restart number is not in the check file or is not a From-number "Message no. FS562" on that base, I had  check below  settinng  1) I  had check  Cheque no  r

  • JTable Awt -Event Queue problem

    Hi I've been looking everywhere for a solution to this, but can't seem to find one. I've got a JTable with an underlying model that is being continuously updated (every 100ms or so). Whenever I try to sort the JTable using TableRowSorter while the mo

  • OAS 4.0.8.1 Oracle8i r1 patch 2 on RedHat 6.1

    I'm having difficulty with starting HTTP listeners and would appreciate some assistance Using owsctl start shows the following error: snip <<< oassrv is accepting requests OWS-08821: oassrv process 'oassrv' is started up at pid 2532. OWS-08821: wrksf

  • Replication For Partitioned Table

    Well , I have a partitioned Table having partition on Date Field. Table Contains composite primary Key Date Field + Connection Id . Table Contains approx 30 Million Records. Now when i m goin for replication setup , created materialized view on the b

  • No Sound, Tried the Midi Settings, checking volume, nothing works

    Hi, I have checked the forums, and have tried all of the fixes that work for everyone else. My computer was put out pre-garage band, so it is not on this machine. I am using a Digidesign 002 for my sound, and it works with pro-tools, and I-Tunes, but