NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
How to quarantine new devices on WAX214
Hello, I'm a dad who is trying to set up parental controls on my kids iPads. They are quite clever and until now are able to find ways around my previously tried methods. I'm settling on tryi...
https://www.downloads.netgear.com/files/GDC/WAX214/WAX214_WAX218_UM_EN.pdf
Set up a MAC filter for an SSID, p.84 ff.
https://www.downloads.netgear.com/files/GDC/WAX214v2/WAX214v2_UM_EN.pdf
Manage access to a user WiFi network based on a client’s MAC address, p.56 ff.
Register the physical MAC addresses of all the wireless devices. Knowing the WiFi password alone does not help.
Allow MAC in the List: The MAC addresses that you add to the list are allowed access but all other MAC address are denied access.
Thanks for the response plemans, I can't see a similar option available for the WAX214 as you've detailed sadly.
Your suggestion for the kids might have to be a fall-back - I basically tell them they're not allowed to enable private WiFi on their iPads, but then they'll know how to circumvent (if they want to risk punishment).
https://www.downloads.netgear.com/files/GDC/WAX214/WAX214_WAX218_UM_EN.pdf
Set up a MAC filter for an SSID, p.84 ff.
https://www.downloads.netgear.com/files/GDC/WAX214v2/WAX214v2_UM_EN.pdf
Manage access to a user WiFi network based on a client’s MAC address, p.56 ff.
Register the physical MAC addresses of all the wireless devices. Knowing the WiFi password alone does not help.
Allow MAC in the List: The MAC addresses that you add to the list are allowed access but all other MAC address are denied access.
So I used some of the tips here, but there is no quarantine feature on the WAX214 (v1). As I've got many devices already using established 2.4 and 5 GHz wifi networks, I've taken off the 'private wifi' setting on the kids' iPads and iPhones, exposing their real MAC addresses, and kept the connections to the established networks intact, so the 'private wifi = off' setting is retained and not forgotten.
On the WAX214, I've then set the ACLs on these wifis to 'Deny' against those MAC addresses.I created new wifi networks with the 'Allow' ACL to only their devices, which I now manage under the wifi scheduler.
I can also use the parental controls on the router to which the WAX214s are connected (a Linksys WRT3200ACM) in order to block specific websites against their MAC addresses, which I don't think is a feature on the WAX214.
Can anyone confirm what security risk is avoided by the use of private wifi 'random' MAC addresses? It's a very annoying feature that makes network management for kids' devices hard to maintain.
HappyDaddy007 wrote:
So I used some of the tips here, but there is no quarantine feature on the WAX214 (v1).
As I've got many devices already using established 2.4 and 5 GHz wifi networks, I've taken off the 'private wifi' setting on the kids' iPads and iPhones, exposing their real MAC addresses, and kept the connections to the established networks intact, so the 'private wifi = off' setting is retained and not forgotten.
On the WAX214, I've then set the ACLs on these wifis to 'Deny' against those MAC addresses.The consumer devices have some kind of default allow-all MAC address mode, and add the ability to "quarantine" (== block or disallow MAC addresses of unknown devices).
So there -is- a quarantine feature - you have just configured the essentials of it.
HappyDaddy007 wrote:
I can also use the parental controls on the router to which the WAX214s are connected (a Linksys WRT3200ACM) in order to block specific websites against their MAC addresses, which I don't think is a feature on the WAX214.
Strongly doubt that's the way it really works. There is not MAC address to websites relation, much more that Linksys does monitor the DNS queries coming from the clients in plain text, and return either the correct IP address - or force the Web clients to some portal page saying "no kids, you re not allowed to see this." This works because most of the DNS traffic isn't encrypted or protected. Once your kids figured out on how to configure secured and encrypted DNS, daddy is on it's own alone. In consequence, on top what you implemented with the allowed MAC address list you would have to introduce and end-point-security to all devices. Means -all- mobiles, tablets, home appliances like a Thermomix, ...
HappyDaddy007 wrote:
Can anyone confirm what security risk is avoided by the use of private wifi 'random' MAC addresses? It's a very annoying feature that makes network management for kids' devices hard to maintain.
it's not about security, it's just about privacy - the privacy you wont allow your kids (or for the sake corporate users) on your very own network. That's also why enterprise network admins are actively pushing security policies (and sometimes applications) to all end points.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
