NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
How to quarantine new devices on WAX214
Hello,
I'm a dad who is trying to set up parental controls on my kids iPads. They are quite clever and until now are able to find ways around my previously tried methods.
I'm settling on trying to deny their MAC addresses on all wifi networks I have set up (all broadcast via 2 shared WAX214 devices), and only grant them access to a dedicated network using a scheduler.
Problem is that the pesky Apple iOS system encourages private Wifi usage which randomises their MAC address, meaning they can eventually get onto other networks if I haven't changed the passwords for them (I'm not keen on password change as I've got a lot of other wifi devices using them, but I guess this is something I could do if no other option)
I will encourage the kids to ensure their private wifi is turned OFF for our home networks so their unmasked MAC addresses are exposed, but this could still be circumvented in the long run.
A forum I read suggested quarantining new devices that try to log onto networks. However I am uncertain on how to achieve this on a WAX214? I'm hoping it doesn't involve setting up VLANs - this sounds complicated to do and set up correctly, but if anyone can give advice on doing this easily, I'm happy to try it.
Many thanks in advance for any help or guidance.
https://www.downloads.netgear.com/files/GDC/WAX214/WAX214_WAX218_UM_EN.pdf
Set up a MAC filter for an SSID, p.84 ff.
https://www.downloads.netgear.com/files/GDC/WAX214v2/WAX214v2_UM_EN.pdf
Manage access to a user WiFi network based on a client’s MAC address, p.56 ff.
Register the physical MAC addresses of all the wireless devices. Knowing the WiFi password alone does not help.
Allow MAC in the List: The MAC addresses that you add to the list are allowed access but all other MAC address are denied access.
9 Replies
There isn't a way to "quarantine" new devices.
Not sure how it works since I don't have an WAX214 but the nighthawks have the ability to block new devices from accessing.
Another option might be a "if you violate this rule, you lose access for a week" to the wifi. If they're circumventing the security you have in place, it can put you in jeopardy (if they're looking up nefarious things) so they need to be aware of that and judge whether getting caught is worth the risk. Kids are going to try and get around security, we can only do the best we can.
What I have on mine is a pihole that I can put custom blocking lists. It can still be circumvented but it makes them work at it a bit and I can see when they're doing it.
Have an eye on the Chapter "Set up a MAC filter for an SSID" with a MAC address that allows access: An ACL with a policy that allows access functions please.
Thanks schumaku, I've got 'deny' set on the ACLs for the WAX214 against their iPads, but they just have to know the passwords and switch on private wifi to circumvent this, as this changes the iPad MAC address and allows them in, hence why I was looking for a 'new device' quarantine option.
Thanks for the response plemans, I can't see a similar option available for the WAX214 as you've detailed sadly.
Your suggestion for the kids might have to be a fall-back - I basically tell them they're not allowed to enable private WiFi on their iPads, but then they'll know how to circumvent (if they want to risk punishment).
https://www.downloads.netgear.com/files/GDC/WAX214/WAX214_WAX218_UM_EN.pdf
Set up a MAC filter for an SSID, p.84 ff.
https://www.downloads.netgear.com/files/GDC/WAX214v2/WAX214v2_UM_EN.pdf
Manage access to a user WiFi network based on a client’s MAC address, p.56 ff.
Register the physical MAC addresses of all the wireless devices. Knowing the WiFi password alone does not help.
Allow MAC in the List: The MAC addresses that you add to the list are allowed access but all other MAC address are denied access.
plemans wrote:
Not sure how it works since I don't have an WAX214 but the nighthawks have the ability to block new devices from accessing.
This describes the available ACL on the Netgear Wirless Access Points How do I apply a MAC Access Control List to a wireless network (SSID) on my WAC505, WAC510, or WAC540 access point? - this is very similar on the Essential Wireless APs like the WAX214, WAX218, and WAX220.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
