MAC Address Filtering

[netsider]

So... let me confirm this. MAC address filtering basically makes your router/switch only communicate with the MAC addresses on the table that you specified? Is there any drawback, besides the obvious?

 

[BlueLineSwinger]

Yeah, basically.

Though MAC addressing is generally useless given how easy it is to spoof an address.

 

[Lain542]

Not necessarily, you would need to find out a legitimate MAC address; however if someone was determined to get into your network and MAC white lists are the only thing stopping them, they'll get in.

 

[Apachez]

If its wifi then its not that hard to find out a valid mac address.

Same goes with a lan unless there is some kind of filtering such as private vlan or similar to separate clients from each other.

 

[RocketTech]

MAC filtering is also more Admin overhead- a guest comes over and wants WiFi access, you need to add their MAC address.
I would suggest MAC filtering as a temporary measure- even after all else fails.

 

[Apachez]

Or use dynamic mac-filtering. For example only allow one mac per interface (which will be relearned when user disconnects) along with dhcp-snooping so only the ip address the DHCP server told the user to use will be allowed as srcip for incoming traffic on this interface. This is of course somewhat tricky to get working with wifi =)