I don’t recommend MAC address filtering–it stands for Media Access Control and has nothing to do with Apple computers–as a security measure. It’s too easy to bypass it. But if you want or need to do MAC address filtering in DD-WRT it’s easy to do.
And admittedly, even though MAC filtering won’t help your security, DD-WRT’s implementation of it lets you do some neat tricks that an off-the-shelf router can’t do–like forcing a device to use 5 GHz even if it wants to use 2.4 GHz.
Sign in to your router, then click Wireless, followed by MAC Filter. Next to Use Filter, click Enable.
Note there are two filter modes. There’s both a white list, which is what you normally see, and a black list.
Most routers implement a white list. You enter the MACs of every device you own, and those devices can get on. When your friends and relatives come over, you have to enter their MAC addresses too. Hopefully you know where to find them on all their devices. It might take you five minutes per device to set up, yet only take an attacker a few seconds to defeat, because 802.11 transmits MAC addresses in the clear.
But a black list is easier. If someone gets on your wifi, note their MAC address, and put it in the black list. Then change your password because obviously your password wasn’t good enough. Here’s some password advice if you need it. They can change their MAC address if they ever get through again, but in this case it doesn’t hassle you any more.
It serves another useful purpose too, potentially. Let’s say you have a dual-band device and a dual-band router. Let’s say you want to force that device onto one band or the other. Find the MAC address of the device in question, blacklist that MAC address on the band you don’t want it to use, and then it has to use the other. Most computer operating systems don’t give you a way to force 2.4 GHz vs. 5 GHz, but this feature of DD-WRT gives you a way.
DD-WRT has a few more tricks up its sleeve, so I hope you’ll check out my recommended DD-WRT settings.