MAC address filtering in DD-WRT

Last Updated on July 17, 2017 by Dave Farquhar

I don’t recommend MAC address filtering–it stands for Media Access Control and has nothing to do with Apple computers–as a security measure. It’s too easy to bypass it. But if you want or need to do MAC address filtering in DD-WRT it’s easy to do.

And admittedly, even though MAC filtering won’t help your security, DD-WRT’s implementation of it lets you do some neat tricks that an off-the-shelf router can’t do–like forcing a device to use 5 GHz even if it wants to use 2.4 GHz.

MAC address filtering in DD-WRT
This screen allows you to enable MAC address filtering in DD-WRT. Note there are two filter modes. This is important. It makes a useless feature potentially useful.

Sign in to your router, then click Wireless, followed by MAC Filter. Next to Use Filter, click Enable.

Note there are two filter modes. There’s both a white list, which is what you normally see, and a black list.

Most routers implement a white list. You enter the MACs of every device you own, and those devices can get on. When your friends and relatives come over, you have to enter their MAC addresses too. Hopefully you know where to find them on all their devices. It might take you five minutes per device to set up, yet only take an attacker a few seconds to defeat, because 802.11 transmits MAC addresses in the clear.

But a black list is easier. If someone gets on your wifi, note their MAC address, and put it in the black list. Then change your password because obviously your password wasn’t good enough. Here’s some password advice if you need it. They can change their MAC address if they ever get through again, but in this case it doesn’t hassle you any more.

It serves another useful purpose too, potentially. Let’s say you have a dual-band device and a dual-band router. Let’s say you want to force that device onto one band or the other. My Roku works better on the 5 GHz band, for example. Find the MAC address of the device in question, blacklist that MAC address on the band you don’t want it to use, and then it has to use the other. Most computer operating systems don’t give you a way to force 2.4 GHz vs. 5 GHz, but this feature of DD-WRT gives you a way.

DD-WRT has a few more tricks up its sleeve, so I hope you’ll check out my recommended DD-WRT settings.

If you found this post informative or helpful, please share it!

One thought on “MAC address filtering in DD-WRT

  • January 12, 2018 at 2:41 pm
    Permalink

    MAC address filtering has at least one other use — keeping a smart TV off the internet. Some of those will occasionally connect to your WiFi even if you have told them not to, so long as they have ever had the password. Filtering out the address of the TV will prevent it from doing that; keep it off the net unless you decide to give it permission and thus prevent it from spying on you. (You might occasionally give it permission to get a firmware update.)

    I haven’t yet heard of a smart TV that is devious enough to spoof its MAC address.

Comments are closed.