• December 12, 2019, 01:05:36 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Clarification of MAC Filtering  (Read 8108 times)

hilaireg

  • Level 3 Member
  • ***
  • Posts: 333
Clarification of MAC Filtering
« on: June 02, 2012, 09:42:00 AM »

Hi Folks,

Would like to implement MAC filtering on WiFi-only clients.  I've read the documentation and router help and I get a sense that NETWORK FILTER will filter ALL wired/wifi clients.  Am I reading the info correctly?  If so, is there a WiFi-only MAC filtering workaround or is the option labeled differently?

Advance thanks,
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 47982
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Clarification of MAC Filtering
« Reply #1 on: June 02, 2012, 10:10:33 AM »

I presume it suggests that the filter applies to the MAC addresses that you input for filtering. So if you only input MAC addresses into the filter, then the router will only manage and filter those particular addresses.
Logged
Cable:200mb/10Mb>NetGear C7800>DIR-882>DGS-1100>HP 24pt Gb Switch. COVR-3902/2202/1203,DIR-2680,890L,882,880L,868L,DNR-202L,DNS-345x2,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

hilaireg

  • Level 3 Member
  • ***
  • Posts: 333
Re: Clarification of MAC Filtering
« Reply #2 on: June 02, 2012, 10:15:23 AM »

Appreciate the quick reply ... am I to understand that the MAC Filter option will only manage the WiFi MAC addresses that I provide in the list?

I'm looking to:

- Allow all wired MAC's
- Deny all WiFi MAC's except those specified in the list


Cheers,
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 47982
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Clarification of MAC Filtering
« Reply #3 on: June 02, 2012, 10:20:00 AM »

Should work...Try it and let us know your experiences with it.
Logged
Cable:200mb/10Mb>NetGear C7800>DIR-882>DGS-1100>HP 24pt Gb Switch. COVR-3902/2202/1203,DIR-2680,890L,882,880L,868L,DNR-202L,DNS-345x2,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

hilaireg

  • Level 3 Member
  • ***
  • Posts: 333
Re: Clarification of MAC Filtering
« Reply #4 on: June 02, 2012, 10:24:19 AM »

Should work...Try it and let us know your experiences with it.

OK; well I guess I can't go live with the DIR-857 as I had hoped until I bring into a lab environment now ... which was the purpose of asking here.

Cheers,
Logged

hilaireg

  • Level 3 Member
  • ***
  • Posts: 333
Re: Clarification of MAC Filtering
« Reply #5 on: June 02, 2012, 09:05:28 PM »

Here are the results of my testing in case other folks are wondering about this:

Test #1

DIR-857 DHCP: Enabled
Network (MAC) Filtering: ON /w ALLOW Computers Listed
List of MAC's specified: Only desired WiFi clients
Results: Wired and permitted WiFi MAC's behave as expected


Test #2

DIR-857 DHCP: Disabled
Network (MAC) Filtering: ON /w ALLOW Computers Listed
List of MAC's specified: Only desired WiFi clients
Results: Permitted WiFi MAC's behave as expected, wired MAC's blocked


In summary; those of use who do not use the built-in DHCP on the DIR-857 to provide IP Addresses to clients will not be able to use the Network (MAC) Filtering feature to further protect their WiFi networks from potential external attacks.

Most unfortunate.

:(

REF: http://forums.dlink.com/index.php?topic=42654.0
« Last Edit: June 03, 2012, 06:09:03 AM by hilaireg »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 47982
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Clarification of MAC Filtering
« Reply #6 on: June 03, 2012, 06:38:45 PM »

These routers and options are based on DHCP and most options are tied to the WAN side from the LAN side. So i would expect that the router is behaving correctly in both test cases. If your shutting off DHCP and expect the filter options to continue to work, I don't believe the options are meant to work if the DHCP server is shut off. These routers are meant to have the server running thus handing out addresses and options that depend on the server to work in this manor. I believe we see this in cases where people have turned the DHCP server OFF and turn the router into a wireless AP and connecting the AP via LAN cable to the back of the router using the LAN port and not using the WAN port as server is not shut off and a manual static IP address is assigned an IP address an acts as a pass thru and wireless AP. In this mode of operation, most of the functions are no longer of any use since most of the options are dependent upon the server running and the internet connection connected to the WAN Port, not the LAN port. This is how these routers are deigned from my experiences with them.

These routers are meant to be uses as such and with using the DHCP server and services as the main way of management. Yes DLink offers a way to shut it off however probably doesn't intend for other feature to work as customers expect when it's shut off or have the router work as a AP only platform.

There are maybe a few people running these routers with out DHCP services running, and thats there decision, however these routers are intended to be ran as designed as ROUTERs and nothing more. All other uses outside of there intended designs is at use risk and not offcially supported by DLink.
Logged
Cable:200mb/10Mb>NetGear C7800>DIR-882>DGS-1100>HP 24pt Gb Switch. COVR-3902/2202/1203,DIR-2680,890L,882,880L,868L,DNR-202L,DNS-345x2,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

hilaireg

  • Level 3 Member
  • ***
  • Posts: 333
Re: Clarification of MAC Filtering
« Reply #7 on: June 03, 2012, 08:57:13 PM »

In my home lab environment, I use a server to manage DHCP, DNS, WINS, and other such services - a common occurrence amongst folks in the technology field who use their home environment for continuous learning.  My router serves as a gateway to the Internet as well as a reasonably priced firewall and I typically use WiFi AP's to manage wireless connectivity to my LAN (currently DWL-G700AP /w MAC filtering, WPA2).  This configuration has worked quite well until recently, where my DGL-4100 is exhibiting common signs of hardware failure ... and the reason why I'm looking at the DIR-857 as a reasonable cost alternative.

In early D-Link routing products, router functionality such as MAC filtering was not dependent on DHCP being enabled.  Although a significant number of folks may use the built-in router DHCP sevice daemon, not all do.  Challenges that seem to continously plague D-Link are:

  • Lack of clear (detailed) documentation
  • Quality control
  • Less than satisfactory implementation of standards/features/functionality



I've been using D-Link products since the DI-704, have recommended various models over the years to my clients, and have deployed, configured, and managed home office, soho, and enterprise class D-Link devices.  I have additionally deployed various other networking devices from various other OEM's and can assure you that disabling DHCP shouldn't cripple device functionality.

In the interest of keeping a certain level of decorum; it would appear that our philosophies - and those of D-Link whom you represent - of networking device operation no longer appear to be aligned.

Regards,
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 47982
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Clarification of MAC Filtering
« Reply #8 on: June 04, 2012, 07:26:03 AM »

Have you contacted DLink directly to inquired about your questions and concerns?
Logged
Cable:200mb/10Mb>NetGear C7800>DIR-882>DGS-1100>HP 24pt Gb Switch. COVR-3902/2202/1203,DIR-2680,890L,882,880L,868L,DNR-202L,DNS-345x2,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

Lycan

  • Administrator
  • Level 15 Member
  • *
  • Posts: 5335
Re: Clarification of MAC Filtering
« Reply #9 on: June 04, 2012, 08:25:49 AM »

As D-Link continues to develop new hardware platforms sacrifices are made to allow greater functionality and use-ability for the masses. Sometimes this places us at odds with the techophile that expects our current line to operate like a previous line.
I understand how frustrating this can be, and there is always a need to improve documentation.
The DGL-4100 is a Ubicom based platform. The DIR-857 is Qualcomm. The operating systems of these two units are not the same. I can request that the MAC Filtering feature be looked at and determine if we can change the way it operates to the more normal user expectation.

-Thank you for your feed back.
Logged

KMcCoy33

  • Level 1 Member
  • *
  • Posts: 2
Re: Clarification of MAC Filtering
« Reply #10 on: June 14, 2012, 04:51:34 PM »

In my experience with all D-Link routers I've had, the MAC filtering applies to all MAC addresses, not just wireless devices.  I've worked with some other brands that only use MAC filtering for wireless clients, which is nice if you have a large number of devices because the number of MACs you can enter for D-Link is limited.  This has caused me problems before with so many electronic devices now connecting to the internet.

If you are in an environment like your home where you feel security for wired devices isn't an issue, it would be nice to have the option to just use MAC filtering for wireless devices.  On the other side, if you are in an area where unwanted devices could be plugged in, I can see how some might want/need filtering to apply to wired devices.

Appreciate the quick reply ... am I to understand that the MAC Filter option will only manage the WiFi MAC addresses that I provide in the list?

I'm looking to:

- Allow all wired MAC's
- Deny all WiFi MAC's except those specified in the list


Cheers,
Logged