Today I picked up one of the new dual-band AirPort Extreme base stations at Best Buy. The reason behind the purchase was so that I could use 802.11n for my iMac and Apple TV while using 802.11g for my iPhone, since this should give me the best wireless throughput for my shared files to the Apple TV.
After getting the DHCP, PPPoE, WiFi and network security configured to mimic the settings of the Linksys router that I replaced, I thought I was through, but then I realized that I still needed to configure an ACL to implement MAC filtering. For those who don’t know, a MAC filter on a typical router lets the admin control which devices will be allowed to talk to the router.
While there are some people who say that having both WPA2 encyrption as well as MAC filtering is unnecessary, I decided that I wanted to do both, since I am allowing the SSID to be broadcast for the convenience of visitors.
On my last two Linksys routers (a WRT54G and a WRT160N) this was simply a matter of checking a box and entering the allowed MAC addresses into a table. On the AEBS it require a little more work.
Necessary items
- an Apple AirPort Extreme base station that is properly configured for your network
- AirPort Utility
- a list of the MAC addresses for the allowed devices
Step 1
Open AirPort Utility. On the main screen, double-click on the connected AEBS listed in the column on the left side of the window.
Main screen for AirPort Utility
Step 2
In the configuration screen that comes up, click on the Access options.
Airport utility access configuration screen defaults
Step 3
Change the default setting for MAC Address Access Control from the default to say Timed Access.
Airport utility access configuration set to Timed Access
Step 4
In the configuration pane click on the default entry, then click the Edit button. This will bring up the Timed Access Control Setup Assistant window.
In the Timed Access Control Setup Assistant window click in the drop down menu that currently reads Everday and select No Access from the list. This will make sure that any computer or device with a MAC address that is not in the list will be denied access to your network. Then click the Done button to save your changes.
Timed Access Control Setup Assistant for default rule
Step 5
Back in the access configuration screen, click on the plus sign in the left below the list of devices. This will bring up the Timed Access Control Setup Assistant window that allows you to add new devices.
In the MAC Address field you will need to enter the MAC address (aka ethernet address, hardware address, ethernet id, etc.) for your device. (Hint: If you are doing this for the computer you are currently using just click the This Computer button.) If you want, you can add a description for each device as well. I use the devices hostname when appropriate.
Then change the time frame that the device is allowed to connect if you need to restrict it to something other than the default of Everday/all day.
When you are finished just click the Done button to save your changes. Repeat this step for each device.
Timed Access Control Setup Assistant add device dialog
Step 6
After adding all your devices you should have a screen that looks similar to the below. (Note: I have obscured my MAC addresses to protect the innocent.)
Airport access configuration screen completed
Step 7
If you have added all your devices and you are sure you are finished, just click the Update button. This will save your configuration changes and restart the AEBS.
Final Notes
Understand that like the Linksys MAC filter, this only affects devices that are connecting over the wireless network. This is useful since it gives you an avenue for fixing any problems that you have run into. Also, if you run into a problem so extreme (pardon the pun) that you need to perform a hardware reset of the AEBS, follow the instructions in the Apple knowledgebase article Resetting the AirPort Extreme Base Station (Article No. HT1406).