NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Jacob_of-Aus's avatar
Jacob_of-Aus
Aspirant
Jun 09, 2026

RS600 Shows false negative (Blocked) Devices

For years we have had a network that comprises of a gateway on the ground floor and an Access Point on the 3rd level that connected to the ground floor by cable - we control the access to the Internet by an Access Control List (ACL). The total devices connected to the network is 40, give or take.

 

The last configuration (before the current one was RAX50 as the gateway and RAX40 as the access point. All was good until last February.

 

In February we bought an RS600, installed it as the gateway and changed the RAX50 to the Access Point  (replacing the RAX40) when all our problem started.

 

We have found that older devices basically work fine but newer ones  such as iPhone 16 & 17, iPad 11, recent Windows 11 and newer Android devices are giving us grief, particularly those connected to the network via the Access Point.

 

The problem manifests itself  that such devices that are connected to the Access Point, show on the ACL as connected to gateway (which holds the ACL for the whole house) and "Blocked". Repeated attempts to "Allow" them come back as "Blocked".

 

But what is weird is that when we look at "Attached Devices" list of the RS600 those "blocked" devices show as connected by wire (i.e. coming from the Access Point" and "Allowed" and may have Internet  (but not always). The only real blocked devices (MAC address is not on the ACL) are shown correctly as "Blocked" on the Connected Devices" list.

 

Just to make sure that the problem does not come from the Access Point, we put the RAX40 back as Access Point and got the same behaviour.

 

Sometimes (but not always) we can resolve the problem by turning the affected devoices off, remove their MAC address from the ACL and then adding them back manually to the list of "allows devices not connected" list.

 

Talking to Netgear support did not produce any meaningful relief.

 

The RS600 firmware version is V1.0.6.22.

 

I am interested to find out if anyone else has the problem or if there is a solution to it.

 

Thank you.

 

 


 

 

 

 

 

 

rs600

3 Replies

  • StephenB's avatar
    StephenB
    Guru - Experienced User
    Jun 10, 2026

    FYI, you posted this in the ReadyNAS forum.  I moved it for you.

     

    No idea if this will help, but you could try the release candidate firmware here:

    • https://community.netgear.com/discussions/en-home-nighthawk-rs300-beta-firmware/rs600-release-candidate-firmware-v1-2-7-2/2478731

     

  • schumaku's avatar
    schumaku
    Guru - Experienced User
    Jun 10, 2026
    Jacob_of-Aus wrote:

    But what is weird is that when we look at "Attached Devices" list of the RS600 those "blocked" devices show as connected by wire (i.e. coming from the Access Point" ...

     

    Looking from the RS600, devices associated (wireless) to the RAX40 Access Point - these become wired connections, from the RS600 LAN side of course.

     

    Jacob_of-Aus wrote:

    older devices basically work fine but newer ones  such as iPhone 16 & 17, iPad 11, recent Windows 11 and newer Android devices are giving us grief, particularly those connected to the network via the Access Point.

     

    All these newer systems default to using Randomized MAC addresses - Apple misleadingly names this feature Private Wi-Fi Address - unless you explicitly switch to use the effective (physical) device MAC address.

     

    Jacob_of-Aus wrote:

    we control the access to the Internet by an Access Control List (ACL).

     

    MAC address randomization is a privacy feature used by modern devices (like phones and laptops). It hides your physical, factory-assigned MAC address by using fake, temporary addresses when connecting to Wi-Fi. Using this feature on your own managed network, does not make any sense - it's just causing issues, like the inability to reserve an IP address for each device on the DHCP server, typically your router - here your RS600. With the wonderful ***** idea of using Access Control List (ACL) - this is not an ACL for the Internet Access, much more an ACL controlling access to your network, wireless or wired - you create all these issues yourself, perfectly hit this situation, shooting into your own knee: 

     

    Never configure more security than you can deal with!

     

    It is not a false negative - for the Access Control List (ACL), a device with a different MAC address is a different device.

    • StephenB's avatar
      StephenB
      Guru - Experienced User
      Jun 10, 2026
      schumaku wrote:


      All these newer systems default to using Randomized MAC addresses

      Yes, and this should be turned off for your home network, especially if you have more than one wifi network name.

       

      FWIW, Windows 11 defaults the random hardware addresses setting to "off" on private networks.  And normally your home network should be set up as private.  So also make sure  windows 11 is  classifying the home network as "private". 

       

       

      schumaku wrote:

      With the wonderful ***** idea of using Access Control List (ACL) - this is not an ACL for the Internet Access, much more an ACL controlling access to your network, wireless or wired - you create all these issues yourself

      Jacob_of-Aus​:  if you aren't using parental controls, then you could just disable the ACL.  The security benefit is minimal if you are using a good wifi password.   One of many articles on the subject is here:

      • https://smallstep.com/blog/mac-address-filtering-and-hiding-ssid-dont-work/