How to quarantine new devices on WAX214

schumaku
Guru - Experienced User
Feb 20, 2024
Have an eye on the Chapter "Set up a MAC filter for an SSID" with a MAC address that allows access: An ACL with a policy that allows access functions please.
- HappyDaddy007
  Tutor
  Feb 20, 2024
  Thanks schumaku, I've got 'deny' set on the ACLs for the WAX214 against their iPads, but they just have to know the passwords and switch on private wifi to circumvent this, as this changes the iPad MAC address and allows them in, hence why I was looking for a 'new device' quarantine option.
  - plemans
    Guru - Experienced User
    Feb 20, 2024
    The wax214 is an access point with a router mode(as far as I recall). Any chance you're actually using them as access points that is managed through a different router? Or is one of them in router mode?
    
    If you have a different router acting as gateway, many times that has its own parental controls, access control list.
HappyDaddy007
Tutor
Feb 20, 2024
Thanks for the response plemans, I can't see a similar option available for the WAX214 as you've detailed sadly.

Your suggestion for the kids might have to be a fall-back - I basically tell them they're not allowed to enable private WiFi on their iPads, but then they'll know how to circumvent (if they want to risk punishment).
- schumaku
  Guru - Experienced User
  Feb 20, 2024
  https://www.downloads.netgear.com/files/GDC/WAX214/WAX214_WAX218_UM_EN.pdf
  
  Set up a MAC filter for an SSID, p.84 ff.
  
  https://www.downloads.netgear.com/files/GDC/WAX214v2/WAX214v2_UM_EN.pdf
  
  Manage access to a user WiFi network based on a client’s MAC address, p.56 ff.
  
  Register the physical MAC addresses of all the wireless devices. Knowing the WiFi password alone does not help.
  
  Allow MAC in the List: The MAC addresses that you add to the list are allowed access but all other MAC address are denied access.
  - HappyDaddy007
    Tutor
    Mar 04, 2024
    So I used some of the tips here, but there is no quarantine feature on the WAX214 (v1). As I've got many devices already using established 2.4 and 5 GHz wifi networks, I've taken off the 'private wifi' setting on the kids' iPads and iPhones, exposing their real MAC addresses, and kept the connections to the established networks intact, so the 'private wifi = off' setting is retained and not forgotten.
    
    On the WAX214, I've then set the ACLs on these wifis to 'Deny' against those MAC addresses.
    
    I created new wifi networks with the 'Allow' ACL to only their devices, which I now manage under the wifi scheduler.
    
    I can also use the parental controls on the router to which the WAX214s are connected (a Linksys WRT3200ACM) in order to block specific websites against their MAC addresses, which I don't think is a feature on the WAX214.
    
    Can anyone confirm what security risk is avoided by the use of private wifi 'random' MAC addresses? It's a very annoying feature that makes network management for kids' devices hard to maintain.
schumaku
Guru - Experienced User
Feb 20, 2024
plemans wrote:

Not sure how it works since I don't have an WAX214 but the nighthawks have the ability to block new devices from accessing.

https://kb.netgear.com/24830/How-do-I-use-access-control-to-allow-or-block-devices-from-accessing-the-Internet-on-my-Nighthawk-router

This describes the available ACL on the Netgear Wirless Access Points How do I apply a MAC Access Control List to a wireless network (SSID) on my WAC505, WAC510, or WAC540 access point? - this is very similar on the Essential Wireless APs like the WAX214, WAX218, and WAX220.

Forum Discussion

How to quarantine new devices on WAX214

Related Content

https://www.netgear.com/support/product/wax214/

WAX214 - Connect Scanner Using WPS

WAX214 poe voltage/wattage

WAP Wax214 speeds are too slow

WAX214 AX1800 No Internet

NETGEAR Academy

ProSupport for Business