This article describes how to use the MAC Access Control Table in version 1.2 of the AirPort software thus providing additional security for an AirPort Base Station.

Once you enter the first MAC address, Access Control becomes activated, there is no on/off switch. If you do not enter anything here, all clients will be permitted access. A maximum of 497 computers can be restricted using Access Control.

To set up Mac Access Control follow the steps below:

1. In the Access Control tab for the base station, click Add as shown in Figure 1.

Figure 1 Access Control Tab

Note: The window shown in Figure 3 states that "Access to the AirPort network will be restricted to the clients listed here. If nothing is listed, all clients are permitted upon correctly entering the password." This assumes that WEP encryption has been enabled. If it has not, then no password will be required.

2. The Add Client window opens and prompts you for the AirPort ID and Description. Click OK after entering the appropriate information.

The Description entry is optional. However, if you don't enter one, the Access Control table only lists the numeric AirPort ID which makes it extremely difficult to associate it with a particular Client.

The AirPort ID is the same as the MAC Address. The MAC Address can be found on the AirPort card under the serial number. If you already have the card installed in your computer, use Apple System Profiler or the AirPort application to obtain the Mac (hardware) Address.

Figure 2 AirPort Card Showing AirPort ID

Figure 3 Apple System Profiler Window

3. The Access Control Table shows the AirPort ID and Description entered in the previous step.

4. You can enter additional clients to the table by clicking Add and providing the required information. A more complete Access Control Table with five entries is shown in Figure 4.

Figure 4 Access Control Tab

This particular AirPort Base Station (Ebbetts Field) only permits access to the network(s) (Ethernet, DSL, ISP, or cable modem) connected to the base station by the five Clients listed. In this example, the correct network password is also required.

Should an unauthorized client learn the password for this wireless network, they would still be able to associate with the base station and communicate with its associated Clients. However, because their AirPort ID is not in the Access Control Table, they would not be able to access the Ethernet network or dial-out through the Base Station.

Note: Even with Access Control on, a client whose MAC address is not entered into the table can still use the control strip to select the network. The client can connect to the Base Station, but not access the Ethernet network or the analog connection. (The LED indicators show up in the control strip and the name gets a bullet next to it in list.)

For wireless clients not in the Access Control Table, file sharing access will still be available via TCP/IP and AppleTalk. Access Control offers little protection to the wireless clients that are not following normal security procedures.

5. When you finish making entries to the Access Control table, click Update to save the changes.

6. After clicking Update, the Base Station must be reset to complete the update. Click OK when the following window appears:

Figure 5 Base Station Reset Dialog Box

Note: Wireless Internet access requires AirPort Card, AirPort Base Station, and Internet Access (fees may apply). Some ISPs are not currently compatible with AirPort, including America Online. Range may vary with site conditions.