looking for router with feature of seperate the mac filter for wireless and wired.
- Thread starter chanwei21
- Start date
I am not sure you are going to find that on a router with factory firmware. The way internally the device is built it really doesn't know if it got traffic from the wireless radio chip or the switch chip.
To accomplish this you would have to define the wireless to be in a different subnet/vlan than the wired ports.
Now there are likely some semi commercial routers that might be able to do this but I don't think any of the consumer ones have that feature. You are somewhat lucky if the router can even filter traffic in the first place.
I would look for something that you can load dd-wrt, many of the tplink and asus routers support it. There are some brands like buffalo that preload dd-wrt but I would still buy a router and load it yourself. Loading the software is the easy part, it will be learning to use it to configure what you need that will take a bit of time.
To accomplish this you would have to define the wireless to be in a different subnet/vlan than the wired ports.
Now there are likely some semi commercial routers that might be able to do this but I don't think any of the consumer ones have that feature. You are somewhat lucky if the router can even filter traffic in the first place.
I would look for something that you can load dd-wrt, many of the tplink and asus routers support it. There are some brands like buffalo that preload dd-wrt but I would still buy a router and load it yourself. Loading the software is the easy part, it will be learning to use it to configure what you need that will take a bit of time.
- Apr 29, 2006
- 29,241
- 437
- 93,590
Every router I've played with puts wireless on a separate subnet. I haven't used any Gigabit ones yet though. Dlink routers are the ones I normal buy so I'd look to them. Read the manual, but I'm fairly certain wireless gets it's own subnet.
Edit: Forgot to mention, what you ask doesn't really make sense. What are you trying to do?
Edit: Forgot to mention, what you ask doesn't really make sense. What are you trying to do?
Spectre694
Dignified
- Feb 28, 2014
- 2,907
- 0
- 13,960
- Apr 29, 2006
- 29,241
- 437
- 93,590
Exactly. MAC filtering is MAC filtering. I've used strict MAC filtering before where unless it's a MAC I've told the router was ok it doesn't allow a device onto the network. Wired or wireless. I get the feeling he wants to do something but isn't looking in the right place.
"Every router I've played with puts wireless on a separate subnet." I'm pretty sure it doesn't unless you are using commercial equipment, if your lan is 192.168.x.x for example wired and wireless will both be on that subnet. You would need a router with 2 interfaces or VLAN capability to have them on diferent subnets. How do your wireless clients talk to wired clients??
Thanks for the feedback guys~
I saw too mcuh DHCP "android devices" connecting to our wifi, wich I need to filtered it. our Lan MAC devices are exceeding 24 mac filters wich I can't use it. But if there is only wifi mac filter it can solve my problem coz the only devices allowed using wifi network is less than 20 devices.
I saw too mcuh DHCP "android devices" connecting to our wifi, wich I need to filtered it. our Lan MAC devices are exceeding 24 mac filters wich I can't use it. But if there is only wifi mac filter it can solve my problem coz the only devices allowed using wifi network is less than 20 devices.
Spectre694
Dignified
- Feb 28, 2014
- 2,907
- 0
- 13,960
Ya you just need a router that that will let you add more than 24 MAC addresses to the filter table. Though are you blacklisting (blocking the addresses in the table) or whitelisting (blocking all addresses except what are in the table)? Just switching from one to the other may solve your problem (assuming your router can do that).
- Apr 29, 2006
- 29,241
- 437
- 93,590
Android devices would be phones, tablets, and TV/cast devices. You might want to comb through the list of known devices, perhaps you can remove old phones or other devices you don't use anymore. The routers I've used block all so you need to provide the router with the list of OK devices. Or turn off MAC filtering?
That was the problem I had. The laptops couldn't connect to the game server I setup. This was a long time ago (802.11a/b, no G or N.) so things have probably changed. It's been awhile since I've tried getting laptops and desktops on the LAN together.
Maybe change the password on your router. Mac filters are not a security feature since end users can change them if they really want to.
There are routers with higher limit I suspect but the reason there are limits is every packet must be scanned though the list which slows data down and burdens the cpu. Some commercial firewalls have special asic chips designed to improve filter speed.
If you use a third party firmware like dd-wrt I don't think there is a actual limit since it uses the iptables commands behind the gui but you will get a performance hit if you add too much.
Still it sound like your problem is your wireless security. If you are getting unauthorized devices even after you change the password make sure you have disabled WPS since that has a large security exposure and is enable on many consumer routers by default.
The real solution to mac level security is called 802.1x. Most consumer routers actually support this on wireless and it is part of the enterprise mode setting on the wifi. Unfortunately you need a external radius server to authenticate each mac/user
There are routers with higher limit I suspect but the reason there are limits is every packet must be scanned though the list which slows data down and burdens the cpu. Some commercial firewalls have special asic chips designed to improve filter speed.
If you use a third party firmware like dd-wrt I don't think there is a actual limit since it uses the iptables commands behind the gui but you will get a performance hit if you add too much.
Still it sound like your problem is your wireless security. If you are getting unauthorized devices even after you change the password make sure you have disabled WPS since that has a large security exposure and is enable on many consumer routers by default.
The real solution to mac level security is called 802.1x. Most consumer routers actually support this on wireless and it is part of the enterprise mode setting on the wifi. Unfortunately you need a external radius server to authenticate each mac/user
Facebook
Twitter
Instagram