Configure AirPort Extreme MAC filter ACL

Posted on April 3, 2009 by arfore

Today I picked up one of the new dual-band AirPort Extreme base stations at Best Buy. The reason behind the purchase was so that I could use 802.11n for my iMac and Apple TV while using 802.11g for my iPhone, since this should give me the best wireless throughput for my shared files to the Apple TV.

After getting the DHCP, PPPoE, WiFi and network security configured to mimic the settings of the Linksys router that I replaced, I thought I was through, but then I realized that I still needed to configure an ACL to implement MAC filtering. For those who don’t know, a MAC filter on a typical router lets the admin control which devices will be allowed to talk to the router.

While there are some people who say that having both WPA2 encyrption as well as MAC filtering is unnecessary, I decided that I wanted to do both, since I am allowing the SSID to be broadcast for the convenience of visitors.

On my last two Linksys routers (a WRT54G and a WRT160N) this was simply a matter of checking a box and entering the allowed MAC addresses into a table. On the AEBS it require a little more work.

Necessary items

an Apple AirPort Extreme base station that is properly configured for your network
AirPort Utility
a list of the MAC addresses for the allowed devices

Step 1

Open AirPort Utility. On the main screen, double-click on the connected AEBS listed in the column on the left side of the window.

Main screen for AirPort Utility

Step 2

In the configuration screen that comes up, click on the Access options.

Airport utility access configuration screen defaults

Step 3

Change the default setting for MAC Address Access Control from the default to say Timed Access.

Airport utility access configuration set to Timed Access

Step 4

In the configuration pane click on the default entry, then click the Edit button. This will bring up the Timed Access Control Setup Assistant window.

In the Timed Access Control Setup Assistant window click in the drop down menu that currently reads Everday and select No Access from the list. This will make sure that any computer or device with a MAC address that is not in the list will be denied access to your network. Then click the Done button to save your changes.

Timed Access Control Setup Assistant for default rule

Step 5

Back in the access configuration screen, click on the plus sign in the left below the list of devices. This will bring up the Timed Access Control Setup Assistant window that allows you to add new devices.

In the MAC Address field you will need to enter the MAC address (aka ethernet address, hardware address, ethernet id, etc.) for your device. (Hint: If you are doing this for the computer you are currently using just click the This Computer button.) If you want, you can add a description for each device as well. I use the devices hostname when appropriate.

Then change the time frame that the device is allowed to connect if you need to restrict it to something other than the default of Everday/all day.

When you are finished just click the Done button to save your changes. Repeat this step for each device.

Timed Access Control Setup Assistant add device dialog

Step 6

After adding all your devices you should have a screen that looks similar to the below. (Note: I have obscured my MAC addresses to protect the innocent.)

Airport access configuration screen completed

Step 7

If you have added all your devices and you are sure you are finished, just click the Update button. This will save your configuration changes and restart the AEBS.

Final Notes

Understand that like the Linksys MAC filter, this only affects devices that are connecting over the wireless network. This is useful since it gives you an avenue for fixing any problems that you have run into. Also, if you run into a problem so extreme (pardon the pun) that you need to perform a hardware reset of the AEBS, follow the instructions in the Apple knowledgebase article Resetting the AirPort Extreme Base Station (Article No. HT1406).

Unbrand the Google Search box in Firefox

Posted on March 4, 2008 by arfore

One of the small annoyances I have with Firefox is the default URL used for the Google search plug-in. While I generally just type in a search term and hit enter, I do sometimes just hit enter without a corresponding search term just to get sent to the main Google page. Why do I do this? Mainly so that I can view the updated Google logos when they change for holidays.

With a default installation of Firefox the default Google page is the Mozilla Firefox Start Page. While this is nice from a corporate branding sense, this special page does not have the links to either iGoogle or the Google Accounts login page, nor does is feature the often customized Google logo. Also, none of the other search plug-ins that I have tested in Firefox exhibit a similar “feature”, they all dump you at the default page for that particular service.
Here’s how to change all of that.

Firefox 2.x for Mac OS X

Quit Firefox.
In the Finder, navigate to /Applications
Right-click (or control-click) on Firefox.app and select Show Package Contents from the context menu
In the window that comes navigate to Contents -> MacOS -> searchplugins
Open the file named google.xml in your favorite text editor
Change the value for the XML attribute named SearchForm as follows:

Default: <SearchForm>http://www.google.com/firefox</SearchForm>
Changed: <SearchForm>http://www.google.com</SearchForm>
Save the file and start Firefox.

Firefox 2.x for Windows

Quit Firefox.
In Windows Explorer open the following directory C:\ -> Program Files -> Mozilla Firefox -> searchplugins
Open the file named google.xml in your favorite text editor
Change the value for the XML attribute named SearchForm as follows:

Default: <SearchForm>http://www.google.com/firefox</SearchForm>
Changed: <SearchForm>http://www.google.com</SearchForm>

Voila! Now you have what many of my friends would have logically concluded as the expected action for the Google search plugin for Firefox.

Note that this mod will have to be changed for each successive update of the Firefox application, so it may not be to your taste.

Passing Browser Check on Luminis 3 with Firefox 2

Posted on September 22, 2007 by arfore

Those of you out there who are running an installation of SCT Luminis 3 may have noticed that the browser check always comes up warning you that the browser is unsupported when using Firefox 2, even though all the features seem to be completely supported.

This is due to the fact that the browsercheck javascript does not know about the new agent string that was introduced with Firefox 2. Generally a new release, or service pack to Luminis fixes this for newer browsers.

In order to change this you will need to alter a couple of files in you Luminis install.

The two files that need to be altered are:

webapps/luminis/js/clientsniffer.js
/webapps/luminis/WEB-INF/templates/portal/browserchk.thtml

clientsniffer.js

In this file you will need to alter the conditional of the big if-statement that follows the assignment for the variable is_nav5.

The problem is that the if checks for the existence of a revision number of 1.8. What you need to do is add an additional check for a revision number of 1.8.1.6. So the if-statement conditional becomes:

if (is_nav5 || agt.indexOf(“rv:1.7.12″) != -1 || agt.indexOf(“rv:1.8″) != -1 || agt.indexOf(“rv:1.8.1.6″) != -1)

The next thing to do is to add an additional Firefox variable that is set to true if the major number is 2. I added this after the existing variable is_fox1_5.

var is_fox2 = (is_fox && (is_major == 2));

browserchk.thtml

In the browsercheck file you need to alter if-statement that sets the variable supported to have a true value. This if-statement should follow immediately after the one that checks for whether java is enabled in your browser.

What you need to add is an additional OR check, so that the if-statement conditional looks like the following:

if ((is_nav8) || (is_nav7) || (is_moz1_7) || (is_win && is_ie5up) || (is_win && is_ie6) || (is_saf1_3) || (is_fox1_5) || (is_fox2) || (is_win && is_fox1))

I have tested this change with Firefox 2.0.0.6 on the following browsers:

Mac OS X 10.4.10
Windows XP SP2
Windows Vista
Ubuntu 6.10

Resources

Browser UserAgent string information can be found at the Browser ID Strings page hosted by the folks over at ZYTRAX.
Information on the files related to the Luminis browser checker can be found on a post at the Luminis Developer Network.

Bad uninstaller, bad!

Posted on April 14, 2007 by arfore

So, I hate developers. Wait, let me clarify: I hate developers who can’t think through the user experience.

When an uninstaller is written it really should remove all file associated with the application.

Case in point, recently I moved to a Windows Mobile-based smartphone, so I needed to cross-grade to Missing Sync for Windows Mobile from the PalmOS version.

When I run the uninstaller it removed a lot of stuff, but the following data was left behind:

Missing Sync under the home library Application Support

Palm Hotsync under the home library Application Support

com.markspace.missingsync.ConduitManager.plist under the home library Preferences

com.markspace.missingsync.palmos.plist under the home library Preferences

com.markspace.MemoPad.plist under the home library Preferences

Palm under the home Documents directory

Palm Hotsync under the system library Application Support

Admittedly, some of these files/directories might be valuable if you want to re-install your software for some reason, but at the very least the installer should ask you if you want to remove it.

Also, in the Hotsync folder(s) there are sometimes conduits that are not part of the Missing Sync software, so it was actually nice that those were left behind.

Missing Essential Tools

Posted on April 12, 2007 by arfore

Why is it that some of the essential tools that are used on a daily basis are missing from OS X?

Today I wanted to use wget and found that it was missing.

Fortunately, this is a very easy thing to fix. All you have to do is download the source code from the GNU page on the wget project, then follow the standard compile steps:

unpack the source
./configure
make
sudo make install

Note: The compiled binary is placed in /usr/local/bin so you will need to add this to your path. This process varies depending on what shell you are using, but the default shell in 10.4.9 is bash.

arfore dot com

welcome to the foremind

Tag Archives: mac os x