A firewall can filter access to resources for various source objects like IP addresses, MAC addresses, users or group of users.
In certain cases restricting access per source IP addresses or per users is not a feasible option.
Consider the case of a WLAN(Wireless LAN) segment. A transparent method to end users of filtering may be needed.
DHCP is used to provide IP configuration; configuring the DHCP server to assign certain IP addresses per machine MAC address mean administrative overhead, so filtering per source IP addresses is not an option since IP addresses are dynamic.
Additionally some users may be able to change easily their IP addresses.
Filtering per users can also be difficult due to the source machines being unmanaged or due to the application used.
A solution to this would be to filter per source MAC address. This provides the following benefits:
It's transparent to users.
The source machine can have any IP address; less administrative overhead compared to filtering per IP address if DHCP is involved.
The source machine can have multiple IP addresses(multi-home node) and so a single MAC address to resolve to multiple IPs; the filtering will still apply.
The filtering works meaningless of the OS or application used by the source machine.
MAC addresses are somewhat difficult to change by users compared to IP addresses.
See How It's Done
Did you find this video helpful? Please give it a Google