4.3 Given a scenario, apply network security features, defense techniques, and solutions
Network Access Control (NAC)
📘CompTIA Network+ (N10-009)
Network Access Control (NAC) – MAC Filtering (CompTIA Network+ N10-009)
MAC filtering is a basic Network Access Control (NAC) method used to control which devices are allowed to connect to a network. It works by checking the MAC address (Media Access Control address) of a device and allowing or blocking it based on rules created by the network administrator.
Although MAC filtering is simple and commonly used, it should NEVER be the only security method because it can be bypassed. However, for the exam, you must understand how it works, where it is applied, and its strengths and weaknesses.
1. What Is a MAC Address? (Quick Review)
Every network device—like laptops, desktops, servers, wireless clients, switches, printers—has a MAC address.
It is a unique 48-bit hardware address assigned to the device’s network interface card (NIC).
It looks like this:
00:1A:2C:4B:9F:20
For MAC filtering to work, the network device (switch, router, or wireless access point) checks a device’s MAC address before allowing access.
2. What Is MAC Filtering?
MAC filtering is a security feature that allows or denies network access based on the MAC address of the device.
It is used to:
- Allow only approved devices onto the network
- Block unwanted or unknown devices
- Create basic NAC rules on switches, routers, or wireless access points
MAC filtering is a Layer 2 security technique because MAC addresses operate at Layer 2 (Data Link Layer) of the OSI model.
3. How MAC Filtering Works
The concept is simple:
- The administrator creates a list of allowed or blocked MAC addresses on a network device (e.g., WAP, switch).
- When a device tries to connect:
- The network device checks the MAC address.
- If the MAC is on the allowed list, access is granted.
- If the MAC is not on the list—or is on a deny list—access is blocked.
MAC filtering can be configured in two modes:
A. Whitelist Mode (Allow List)
Only listed MAC addresses are allowed to connect.
Example in IT context:
Only specific company-owned laptops are allowed to join the office Wi-Fi.
B. Blacklist Mode (Deny List)
Listed MAC addresses are blocked, but all others are allowed.
Example in IT context:
A device that previously caused issues can be manually blocked.
For stronger NAC security, whitelist mode is preferred.
4. Where MAC Filtering Is Used (Exam-Relevant)
MAC filtering is commonly implemented on:
1. Wireless Access Points (WAPs)
- Used to allow only known devices on a Wi-Fi network.
- Often used alongside WPA2/WPA3 security.
2. Managed Switches
- Used to control which end devices can connect to specific switch ports.
- Helpful in LAN security.
3. Routers/Firewalls
Some routers can enforce MAC filtering on LAN or WLAN interfaces.
5. Benefits of MAC Filtering
MAC filtering provides basic protection. On the exam, remember that MAC filtering is:
✔ Easy to configure
Just add MAC addresses to a list.
✔ Useful for small environments
Like small office networks or limited-access Wi-Fi.
✔ Provides device-level control
You decide exactly which devices can join the network.
✔ Works at Layer 2
So, it applies before IP addresses come into play.
6. Limitations of MAC Filtering (IMPORTANT for Network+)
MAC filtering is not strong security and should never be relied on alone.
A. MAC Addresses Can Be Spoofed
An attacker can change their device’s MAC address to impersonate an allowed device.
(You do NOT need to explain how it’s done—only that it’s possible.)
B. Hard to Manage at Scale
If you have dozens or hundreds of devices, adding and maintaining MAC lists becomes slow and prone to mistakes.
C. Not suitable for enterprise-level security
Enterprises typically use stronger NAC tools like:
- 802.1X
- RADIUS server authentication
- Certificates
- Full NAC systems (Cisco ISE, Aruba ClearPass)
D. Device replacements require updates
If a NIC fails or is replaced, the MAC changes, and the admin must manually update the filter list.
7. MAC Filtering in the NAC Context (Exam Focus)
CompTIA Network+ wants you to know:
- MAC filtering is a simple, foundational form of Network Access Control (NAC).
- It is often combined with stronger methods like 802.1X.
- It works by checking MAC addresses before giving network access.
- It is easy to bypass because MAC addresses can be spoofed.
So, MAC filtering is considered “low-level NAC”, NOT enterprise-grade NAC.
8. MAC Filtering Use Cases for the Exam
These are common exam scenarios:
✔ Limiting wireless access
Only authorized devices can connect to the Wi-Fi.
✔ Restricting LAN port usage
Only specific devices can connect to specific switch ports.
✔ Blocking a device
A known problematic device is added to a deny list.
✔ Enhancing layered security
Used along with encryption, authentication, and port security.
9. MAC Filtering vs. Other NAC Techniques
| NAC Method | Security Level | Notes |
|---|---|---|
| MAC Filtering | Low | Easily bypassed; device-based control |
| Port Security (Switch) | Medium | Limits number of MACs per port; can shut down port |
| 802.1X (RADIUS) | High | Enterprise-level authentication |
| Full NAC Systems | Very High | Posture checks, certificates, role-based access |
MAC filtering is often a starting point but not enough for secure environments.
10. Exam Tips for MAC Filtering (Must Know)
- It is a Layer 2 NAC feature.
- It restricts access based on MAC addresses.
- Can be used in whitelist or blacklist mode.
- It is easy to bypass via MAC spoofing.
- Mainly used on wireless access points and switches.
- Should not be relied on as the only security measure.
- Helps enforce basic access control, especially for small networks.
Final Summary (Simple & Exam-Friendly)
MAC filtering is a basic Network Access Control method that allows or denies network access based on device MAC addresses. It is easy to set up but easy to bypass. It provides light security and is used with wireless networks, switches, and routers. It is effective for small environments but not suitable as a full security solution.
For the Network+ exam, understand how it works, where it is used, and its security limitations.
