It's funny to enable Mac filtration on cheap consumer routers. Sniff Mac addresses, then spoof a mac and connect it to a router with mac filtration so there are 2, 3 even 4 clients all using the same mac address. That's another area where cheap routers fail, they don't have proper authentication in many cases. Mac filtration, SSID hiding and standard SPI FW inspection aren't considered valid security measures in the modern age unless they are part of an overall security profile. With multiple macs being the same ARP collisions are inevitable, but functionality won't be destroyed, especially with just one mirrored mac.
You 'may' have a consumer router that does some base level mac validation (doubt it). Easiest way to test this is to turn on mac filtration, set a specific mac address as 'permitted' by your router. Then change the mac address on another device to spoof the primary allowed mac device and you'll usually find the device is allowed by the router.
How to Change a Computer's Mac Address in Windows
Corporate/Enterprise/Prosumer gear does Device ID, Mac Validation, Rad Authentication, etc. So when you combine mac filtration with mac validation or rad auth, then you have a good level of security from mac filtration.
The best defense for consumers is a strong SSID+Password, disabling extraneous services, prohibiting admin access from WAN, enabling admin access on specific internal IP address, and changing router login credentials to non-default (both username and password). Above that, placing your SSID's into guest restricted zones will serve you well for security.
The reason having a good strong SSID and Password is that many WiFi attacks rely on the attacker finding your rainbow table. Once that is found it's game over for you controlling your WiFi, which includes MiTM, DNS Redirection, etc.. An attacker can pineapple your network and MiTM all of your traffic. We've seen a wide range of these types of WiFi attacks, and most recently the use of the ever prevalent Xfinity SSID's used to MiTM targeted networks.