In my router, which is a Belkin, I create my list of MAC addresses, (the Allow list) and when I wish to deny network connection I simply put a check mark in the Deny box in front of the computers MAC address I wish to deny access. I am not sure how your router handles this feature.



Do you have an option for, "More Info", beside certain features in your router? If you do, click on that link and a new box should open with a description of the feature, and information on how to use it properly.



MAC address filtering is a powerful tool for securing and controlling access to your network. Any MAC address not on this list will not be allowed access.



Creating a Deny list is for too difficult. In order to do this the network admin would have to go around the neighborhood and request the MAC address of every network node in each household, and this action would not endear anyone who choose to attempt this to the neighbors. lol



So, instead, the Allow list is enough to control who access the network.



Now, there is another feature most routers have more frequently too, called Client IP filter. An network admin can deny Internet, email, and other access types, connection to a specific computer, a range of computers or a group of computers, using this feature. All you do is add the computers IP address to the list, type in 80, and 80 again, select TCP, UDP or Both, select Always, or enter a specific period of time, such as setting up office computers to only have access between the time of 8am to 5pm, Monday through Friday, etc. The admin can go in at any time and change these settings. It is a cool feature which used with the MAC address filtering provides strong network and Internet Connection security.



The only issue I have with Client IP Filtering is that if the IP addresses are assigned dynamically, which is on a first come first serve basis, and are released when a system is shut off, or for some reason there is connection problems, the IP address which is used to disallow connection can be released into the pool and reasigned to another computer at a later date.



Somebody with advanced knowledge of these features would be able to simply turn off a computer which is allowed to connect to the Internet, then quicky turn their computer on and aquire that address.



However, there are certain settings within Group Policy which allows an Admin to stop console logoffs and shut downs. The problem with this is that the computers have to be running, XP Media Center Edition, XP Pro, Vista Business or Vista Ultimate, in order to set these Group Policy settings.



I was deeply dissapointed in Microsoft when they did not include Group Policy in Vista Home Premium. It is difficult to setup good security without Group Policy.



While use of Group Policy is easiest when in a Domain which of course has the abiliity to centrally manage all the computers in the network from the Server, Group Policy can still be utilized in a Workgroup network enviroment, but each computer must be configured at the local level and at each computer seperately. However, it is worth the time and effort if one has the need.



Now, Static IP addressing can fix this issue with IP addresses being released back into the pool. My router allows the use of both Dynamic and Static IP addressing. I can use dynamic for most computers and setup a Static IP address in those computers where I have a need to have more fine tuned control over access to the network and Internet.



Use of Static IP address requires advanced experiance, but it can be easily learned. If you use one of the range of IP address that is assigned by the DHCP Server, which is much higher than the number of computers in the network, both can be used without having to turn off the DHCP functionality of the router.



Basically, all you do is choose an IP address from the range high up the list. For example, if your router has the IP address: 192.168.1.1, then your IP range is from 192.168.1.2 to 192.168.1.254. Each router has a range of 250 IP addresses which can be assigned, or setup Statically.



When an address is Static, it never changes. So, if you have a certain need to have fine tuned control over a computer connecting to the Internet through your router, you can give it an Static IP address, and then that User would not have a method of circumventing that Client IP Filter.



You would need to go into the Properties of that computers connection. Click on Internet Protocol (TCP/IP) to highlight it, then click on Properties below the box. When the new dialog box appears, you uncheck the box in front of, "Obtain an IP address automatically", and "Obtain DNS server address automatically".



Then, you check, "Use the following IP address", and enter the IP address in the correct spot, add the Subnet Mask and Default Gateway.



You obtain the Subnet Mask and Default Gateway by right clicking on the connection first, before making these changs, and selecting Status, then click on the Support tab. The Subnet Mask is 255.255.255.0 and the Default Gateway if the IP address of your router.



Next, you must check the radial dial in front of, "Use the following DNS server addresses", which you might need to obtain from your ISP. However, I get my information from my routers front page which lists all of my information. Your DNS is from your ISP, and my router lists this on my front summery page.



I can also obtain this information because I know my IP address to my modems setup pages. It is accessed the same as my routers configuration pages, only I use my ISP information, which I happen to have because I set this up manually. However, this information is also on my routers summery page, as mentioned before.



I locate it under the lable, Internet Settings, and my DNS addresses, (there should be two) are listed at the bottom of that area. So. if you are interested in Static IP addresses, check out your router's summery page for this information, or contact your ISP.



You enter the first DNS server address listed in the first box, adn the Alternate DNS server which is listed second on my router summery under Internet Settings.



Then, you simply click on Apply, then OK, and you just setup an Static IP address for a computer you need fine tuned control over, and you can now be assured that when you enter that IP address in the Client IP filter, it will not be able to be circumvented by some smart kid, or employee. lol



Now, using the MAC address filtering is an all or nothing proposition. When I put a check mark in front of the Block box, I have just completely stopped that computer from accessing the network. There isn't any way for me to setup certain times or dates. That is what the Client Filter feature is for.



There are other uses for Static IP addresses too, such as when you need to allow certain types of connections through your routers firewall. I have what is called Virtual Servers, with a list of popular applications and server types such as FTP, and Messenger, games, etc, and I just click on one in the list, click Add, and it fills the fields automatically, for me. I can quickly open ports for a certain application, and quickly close it when I am finished using it. The less you allow through the firewall the better, so the Virtual Server allows for quick opening and closing of ports for specific applications.



However, there comes a time when a certain program, or Internet function, is not on the list. When this occurs it becomes harder to allow access through the firewall. In this situation a admin would need to contact the vendor for the appropriate ports and protocols. I use this website for assitance with this type of configuration:



http://www.portforward.com/default.htm



Port Foreward has dozens of routers listed with help on configuration and Static IP assignment. It really helped me out a few times when I had to allow a app through the firewall and it wasn't on my list in the Virtual Server.



I hope this helps out. Here is some information on what different types of protocols are. It helped me understand what my router is, what it does, and how to work with it. While it isn't a User Manual, together they really helped me out.



http://en.wikipedia.org/wiki/Static_routing



http://en.wikipedia.org/wiki/Media_Access_Control



http://en.wikipedia.org/wiki/IP_address



I hope this is of some help, please have a nice day.

It might be called Access List and would be under the Wireless Settings option. As stated above, your router might not support it



Every router is different



**Edit**

What kind of router is it? Make/Model/Firmware version



You should be able to add any number of MAC address to be allowed to connect wirelessly to the router, and anything not on the list would be "banned"

MAC address filtering does not provide any security beyond what encryption already provides. And you cannot use MAC address filtering without encryption because someone can spoof your access point to your computer and get your computer to switch to another channel. Imagine if you used MAC filtering without encryption. An attacker could snoop to get your channel, SSID, router MAC, and computer MAC. Now the attacker sends a very strong signal to your computer on another channel pretending to be the same access point. Your computer switches to the attacker's signal because it's stronger. Now your computer thinks it's talking to the access point but it's actually talking to the attacker. And now your computer is not on the same channel as your access point. So the attacker can impersonate your computer to the real access point without your computer detecting it. Then the attacker connects to the access point on its normal channel as your computer. The attacker is now between your authorized computer and your access point, able to filter all your traffic, inject his own, use your WiFi, or do whatever he wants. All you will see if your computer connected to your access point. (When actually, your computer is connected to his spoofed access point and his computer is spoofing yours to your access point.) MAC address filtering is for preventing accidental connections. It provides no actual security against a malicious attacker.

If there is no option you can't unless you can find an updated firmware that allows this.