MAC filtering adding, etc., ease of use


J

jsmiddleton4

Forum Guru
Member
Good morning,

I've read through the "Wish List" post and wanted to pull these things out.

First, great job. Tomato is a great 3rd party firmware.

Second, do not turn it into DDWRT.

Third, several "wishes" regarding MAC filtering. Yes I know the down fall of MAC filtering. But in my situation it is the best solution. Is there a way to pick up the information for the attached device list and patch that information into the MAC filtering? In a similiar way as the static dhcp option? The adding static dhcp process works GREAT by the way. Thanks for setting it up. I'm guessing the original Linksys firmware does the MAC filtering process in much the same way. It is quite easy to do with the original firmware.

Fourth, if we use it, we should pay for it. Absolutely.

Fifth and lastly, more information on the options, faq, etc. Want to learn what they all do.
 
Hi,

I have a WRT54GS. MAC address filtering is "enabled" and set to "permit only" for wireless connections.

However, I tried with another laptop, and got connected for 20 minutes "for
free". After 20 minutes I was kicked out, but then I could reconnect.

It also seemed to cause IP conflicts on the other computer...

How to set MAC address filtering _really_ permit only those whose address is
listed in my config?

Thanks for your help!
 
All I did was enter my Laptops mac addresses using the Add button, selected "Permit", hit save, then I booted the modem. I haven't had any problems with three laptops getting and staying connected. I read somewhere that sometimes Tomato firmware doesn't fully implement changes until you unplug and plug the router back in. You might try that too.

"It also seemed to cause IP conflicts..."

That usually isn't MAC filtering.
 
jsmiddleton4 said:
All I did was enter my Laptops mac addresses using the Add button, selected "Permit", hit save, then I booted the modem. I haven't had any problems with three laptops getting and staying connected. I read somewhere that sometimes Tomato firmware doesn't fully implement changes until you unplug and plug the router back in. You might try that too.

"It also seemed to cause IP conflicts..."

That usually isn't MAC filtering.
Click to expand...

This is completely incorrect... Tomato is one of the easiest firmwares to work with...
 
Hi,
Thanks for the replies. Adding the MAC address, and letting me use it without IP conflict is OK.
The first part of the question is still a problem. How can I block somebody whose MAC address is not permitted? The "permit only" is on, and an unlisted MAC can still connect for 20 minutes... This doesn't seem to be right for me.
(I don't want to use WAP, WAP encryptions because I also have a couple of Linksys signal amplifiers (repeaters) connected to this router, and I just wanted to config those easily with a press button, instead of software config.)

Thanks a lot.
 
My firmware version is: v1.50.6, Feb. 17, 2006
I don't know about any vegetables in there... :) What is a Tomato?
Cheers.
 
Do you even have Tomato installed? So you want listing for "Permit" and some for "Deny"? Allow these, block those? By permitting you block every other MAC. You don't have to do both.
 
I don't have Tomato. It sounds logical that I don't need to do both: I only want to permit a few MAC addresses, and deny everything else. That's why I used "permit only", and listed the allowed MACs.

Apparently, a MAC that is not listed can access the internet through my router for about 20 minutes (illegally), and cause IP conflict in my MAC registered computers.

So, it seems that the "permit only" is not completely OK, or I'd need to switch on something else too. But this would not be logical, I think.

Any clues about this?

Thanks!
 
irajta said:
I don't have Tomato. It sounds logical that I don't need to do both: I only want to permit a few MAC addresses, and deny everything else. That's why I used "permit only", and listed the allowed MACs.

Apparently, a MAC that is not listed can access the internet through my router for about 20 minutes (illegally), and cause IP conflict in my MAC registered computers.

So, it seems that the "permit only" is not completely OK, or I'd need to switch on something else too. But this would not be logical, I think.

Any clues about this?

Thanks!
Click to expand...

errr, but this forum is for those of us using the Tomato firmware on our routers....
 
This is a Tomato firmware forum. But "apparently, a MAC that is not listed can access the internet through my router for about 20 minutes (illegally), and cause IP conflict in my MAC registered computers. " shouldn't be allowed no matter what. MAC addressing is easy to bypass/break. Maybe that's what is happening?

Deny means deny.
 
Sorry, I didn't realize that this was a Tomato forum. I was looking for topics at linksysinfo that have MAC address issues...
Thanks, and sorry for "off topic".
Bye
 
jsmiddleton4 said:
This is a Tomato firmware forum. But "apparently, a MAC that is not listed can access the internet through my router for about 20 minutes (illegally), and cause IP conflict in my MAC registered computers. " shouldn't be allowed no matter what. MAC addressing is easy to bypass/break. Maybe that's what is happening?

Deny means deny.
Click to expand...

This doesn't make sense, I have been using MAC filtering since I was using the original firmware, and always denied access... what encryption are you using?

I am currently using WPA-AES w/Mac Filtering... because I know mac filtering on it's own is not strong enough... and my WPA key is not a standard word, in fact it not even intelligible to any one else. But Mac filtering should work... have you tried a reboot (although that shouldn't be necessary) otherwise you could try a clear NVRAM and re-config manually.
 
This doesn't make sense...

What doesn't make sense digital? Deny means deny. Permit means permit. There isn't a 20 minute time limit on either. So if its set to deny and someone is getting through, even for 20 minutes, either the MAC filtering is being hacked or the setting isn't right.

Why would you use both MAC filtering AND some other security measure as well? That is like shooting a BB gun, MAC filtering, while you are shooting a .50 caliber machine gun. WPA-ES.

By the way I use MAC filtering with the "Permit" option. That way my router denies all other MAC's. It works well for my setup.
 
Back to my original message intention. Saturday morning and playing with my Linksys. Ran a couple of "other" firmwares through it this morning. And I'm still of the opinion that MAC filtering adding addresses section could be easier in Tomato. The original Linksys firmware would be a great process to model.

I am also still of the opinion that Tomato is the best of the lot. It excels in adding static dhcp addresses. Wow are the others way behind in that regard.

I'm going to post a seperate message but in general here is what I'm seeing and thinking. The current Tomato firmware, all of them for that matter, capture the information that we end up having to input/work with to do some of the extra stuff. So depending on the firmware it is labeled a bit differently but computer name, mac address, ip address, they are captured in the status area/lan information area/attached device information area, etc., are already captured and "in" the firmware. Why not use that data to be able to click on a particular computer's information and add it? Exactly like Tomato does with static DHCP? If the Linksys stock firmware is a good model for ease of adding MAC addresses to filter in wireless setup, then the Tomato firmware adding static DHCP addresses is also a GREAT model for what I'm talking about in regards to other things.
 
jsmiddleton4 said:
Why would you use both MAC filtering AND some other security measure as well? That is like shooting a BB gun, MAC filtering, while you are shooting a .50 caliber machine gun. WPA-ES.
Click to expand...

because it is more secure. You might hate that I run both plus running encrypted apps over VPNs. That is 4 layers of secure. Plus password protection on the apps. And I can easily max out the internet bandwidth if I need it.

This doesn't make sense...
Deny means deny. Permit means permit. There isn't a 20 minute time limit on either.
Click to expand...
and established connection means established. reboot is the easy way to solve that one. or script it...

entering semi permanent data happens too infrequently to be a problem doing manually vs a click click.
 
You might hate that...

Are you kidding me? This is a forum for discussion and asking questions and issues, ideas. You really think that I form an opinion about anything that reacts with "hate" about anything on this forum? Do you look for things in people's posts beyond the actual text?

If you can't discuss a matter without adding whether or not a person "likes", "hates" or otherwise about the topic I suggest you take a break.
 
and established connection means established. reboot is the easy way to solve that one. or script it...

entering semi permanent data happens too infrequently to be a problem doing manually vs a click click.


So what are you trying to say? That he should have a 20 minute "pause" in MAC filtering?
 
You must log in or register to reply here.

Back
Top