According to the DGL-4300 manual (found the pdf online) the Filter settings
section (Advanced -> MAC Address Filter) lets you pick from filtering
wireless and wired clients separate from each other p.39).
John is right that some routers usually only let you do it for wireless
clients, but as it turns out yours definitely let's you do it for both.
Oh and btw, your understanding of the MAF you wrote below is completely
wrong (just fyi). What you described was NAT (Network Address
Translation)-that's what takes the PCs on the private address space of your
home network and translates them into the public IP that gives them access
to the internet. And it's NOT 2-way; i.e. just b/c the PCs can access the
internet, that doesn't mean that things on the internet can access your PCs.
So the MAF restricts who can get ONTO your network in the first place.
Typically it's more interesting/useful for wireless networks since anyone
can try and connect to your network that way, whereas it's a little harder
for random people to get the physical access to plug a cable into your
router/switch! ;)
But you can also use it for wired connections just to be uber-safe/paranoid,
but it's almost kind of useless at that point-like I said if people have the
physical access to plug cables into your router/switch ports, you kind of
have bigger problems than worrying about whether you've got MAF enabled, you
know? ;)
BINO
P.S. I haven't been getting any HWG emails to my hotmail.com account since
4/12/09--none at all. Anyone else on hotmail having this problem? I also
have it sent to my gmail account and that's how I even saw this message...
-----Original Message-----
From: hardware-boun...@hardwaregroup.com
[mailto:hardware-boun...@hardwaregroup.com] On Behalf Of DHSinclair
Sent: Friday, April 24, 2009 2:58 PM
To: hardware@hardwaregroup.com
Subject: Re: [H] MAC Address Filter
John,
I so appreciate your share. BUT, it seems to be focused at
Wire-less/AccessPoint/WLAN business.............?
I do get this for a LAN that has WLAN access. I do NOT. Still moderately
confused.......
Is MAC Address Filter really ONLY good for WLAN?
I freely accept that my current router is totally focused toward
WLAN! And, Gaming! Neither of which I use it for. I bought it on the
recc from HayesElkins.............
Best,
Duncan
At 14:22 04/24/2009 -0700, you wrote:
>Most Wi-Fi access points and routers ship with a feature called hardware
>or MAC address filtering.
>This feature is normally turned "off" by the manufacturer, because it
>requires a bit of effort to set up properly.
>
>However, to improve the
>security of your Wi-Fi LAN (WLAN), strongly consider enabling and using
>MAC address filtering.
>
>Without MAC address filtering, any wireless client can join (authenticate
>with) a Wi-Fi network if they know the network name (also called the SSID)
>and perhaps a few other security parameters like encryption keys.
>
>
>When
>MAC address filtering is enabled, however, the access point or router
>performs an additional check on a different parameter. Obviously the
>more checks that are made, the greater the likelihood of preventing
>network break-ins.
>
>To set up MAC address filtering, you as a WLAN administrator
>must configure a list of clients that will be allowed to join the
>network. First, obtain the MAC addresses of each client from its
>operating system or configuration utility. Then, they enter those
>addresses into a configuratin screen of the wireless access point or
>router. Finally, switch on the filtering option.
>
>Once enabled, whenever the wireless access point or router
>receives a request to join with the WLAN, it compares the MAC address
>of that client against the administrator's list. Clients on the list
>authenticate as normal; clients not on the list are denied any access
>to the WLAN.
>
>MAC addresses on wireless clients can't be changed as they are
>burned into the hardware. However, some wireless clients allow their
>MAC address to be "impersonated" or "spoofed" in software. It's
>certainly possible for a determined hacker to break into your WLAN by
>configuring their client to spoof one of your MAC addresses. Although
>MAC address filtering isn't bulletproof, still it remains a helpful
>additional layer of defense that improves overall Wi-Fi network
>security.
> --
>JRS
>stei...@pacbell.net
>
>
>Facts do not cease to exist just
>because they are ignored.
>
>
>
>----- Original Message ----
> > From: DHSinclair <dsinc...@bellsouth.net>
> > To: Hardware Group <hardware@hardwaregroup.com>
> > Sent: Friday, April 24, 2009 1:42:04 PM
> > Subject: [H] MAC Address Filter
> >
> > I use a d-link dgl-4300 router. I have disabled the wire-less
> section. I only
> > do wired LAN business.
> > The router is currently at F/W v1.8. I do know that F/W 1.9 is
> available, but
> > as I read the docs, it seems to only deal with wire-less
> > business/bug-fixes........
> >
> > Can anyone point me to some reading about MAC Address Filters? I do
> have one;
> > and, I DO use it.
> > But, now have questions................ :)
> >
> > MyCurrentUnderstanding: I 'think' that my router's MAF is what allows
> my LAN
> > objects to gain access to the WWW (thru my router) via my Service
> > Provider.....(when enabled!)... Is this correct?
> >
> > AND, I accept that this MAF access is completely 2-Way, with agreed
> > comprehension of non-routeable IP-Addy's?
> >
> > I feel like I am walking into a black hole here. .... :)
> > Best,
> > Duncan
>
>__________ NOD32 4034 (20090424) Information __________
>
>This message was checked by NOD32 antivirus system.
>http://www.eset.com
