MAC FilteringPresented Devang Doshi on: Sep 17, 2015

Index• MAC• MAC Address• MAC Filtering

MAC• MAC stands for Media Access Control• In the 7 layer OSI model for computer networking,

Layer Data Unit

Host Layers

7. ApplicationData6. Presentation

5. Session4. Transport Segments

Media Layers

3. Network Packet/Datagram

2. Data link Bit/Frame

1. Physical Bit

Media Access Control (MAC) sub-layer

responsible for controlling how devices in a network

gain access to data and permission to transmit it.

Logical Link Control (LLC) sub-layer

controls error checking and packet

synchronization.

MAC Address• A unique identifier assigned to

network interfaces (for communications on the physical network segment)

• Network address for most IEEE 802 network technologies(including Ethernet and WiFi)

• Most often assigned by the manufacturer• Stored in hardware

(on card's read-only memory or some other firmware mechanism)

Image source: https://en.wikipedia.org/wiki/MAC_address#/media/File:MAC-48_Address.svg

What is MAC Filtering?• Definition, as per wikipedia,

“In computer networking, MAC Filtering refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. “

• Definition, as per TechNet,“MAC address filteringis a feature for IPv4 addresses that allows you to include or exclude computers and devices based on their MAC address”

MAC Filtering

=

GUI Filtering

=Layer 2 Filtering

=

Link-layer Filtering

How to implement MAC Filtering?• When configuring MAC address filtering, you can specify the

hardware types that are exempted from filtering(By default, all hardware types defined in RFC 1700 are exempted from filtering)

• Before configuring MAC address filtering,• Enable and define an explicit allow and deny list

(for DHCP to function smoothly)

• Enable and define an allow list and a block list(the block list has precedence over the allow list)

How to implement MAC Filtering?• Four step process to enable MAC address filtering on

Windows Computer:1. In the DHCP console, double-click the IPv4 node, and then double-

click the Filters node2. Right-click Allow or Deny as appropriate for the type of filter you

are creating, and then click New Filter3. Enter the MAC address to filter, and then enter a comment in the

Description field if you want to. Click Add. Repeat this step to add other filters

4. Click Close when you have finished

Summary

Unique address for each card,

can’t be changed*

Blacklists and Whitelists Devices not Users

Effective in wired networks

Not effective on wireless

networks

Used on Enterprise

Networking

Reference: Websites• https://en.wikipedia.org/wiki/MAC_filtering• https://en.wikipedia.org/wiki/MAC_address• https://en.wikipedia.org/wiki/OSI_models• https://en.wikipedia.org/wiki/Media_access_control• https://technet.microsoft.com/en-us/magazine/ff521761.aspx

Questions?

Thank you for your time