Pin Me

Restrict Network User Activity by MAC Address

written by: •edited by: Aaron R.•updated: 3/31/2011

Rather than block a user by IP address, why not restrict their network activity by MAC address?

  • slide 1 of 5

    Monitoring Your Network Users

    Keeping a watchful eye on the users of your computer network can be difficult, which is why there are various web filter and auditing applications available to corporate users. These can log Internet use, for instance, and give you an idea about who might be spending more time than they should on the World Wide Web. You might then use this information to restrict their Internet access.

    While you may not get the results you want when blocking by IP address, there are other options - for instance you might consider blocking Internet access for workstations by MAC address. This is a useful alternative to blocking by IP address, as we will see, and ensures that you retain control over who connects to the Internet through your network.

  • slide 2 of 5

    What is a MAC Address?

    How to Block Internet Access for Workstations by Mac Address A MAC address is a unique identifier for a piece of networkable hardware, taking the form 01-23-45-67-89-ab, where a portion of the identifier corresponds to the manufacturer, and the remainder to the device itself.

    In a desktop computer the MAC address is stored in the network card or integrated network component. Laptops and network printers also have MAC addresses, as do servers and mobile phones with Wi-Fi functionality.

    You can find this unique identifier on your own computer by querying the IP address. For instance, on a Windows PC you would do this in the command line. Try this out by pressing WINKEY+R, type cmd and click OK and in the command line type ipconfig /all (note the space before the “/”).

    The MAC address is listed as Physical Address.

  • slide 3 of 5

    Why Blocking Internet Access for Workstations by IP Address Might Fail

    Blocking a workstation by MAC address might seem extreme when there is already an IP address assigned to that device. Certainly there is less effort in blocking by IP address, but this might not turn out how you expect it to.

    If you’re using DHCP (dynamic allocation of IP addresses) rather than static IP addresses (ones that can only be changed manually) for your networked devices then the end user whose access you block by IP address might soon find their access unblocked when they logout. While the user you intended to block is out to lunch and their IP address is free another user can login, be allocated the same IP address and have their Internet access blocked.

  • slide 4 of 5

    How to Block Internet Access for Workstations by MAC Address

    As you can see, blocking by MAC address is a far more effective solution. However this is not something you should generally attempt at the software level of your network management software.

    Instead, you should be looking for a solution by editing the settings of your hardware firewall or router. As most of these devices are different, you will need to check the documentation or support forum for your specific model.

    What you should find, however, is that there is some sort of blacklist or exceptions list to which you can add the MAC address of the device you want to block.

  • slide 5 of 5

    References

    Source: Author's Own Experience.

    Screenshot provided by author