NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Jacob_of-Aus's avatar
Jun 09, 2026

RS600 Shows false negative (Blocked) Devices

For years we have had a network that comprises of a gateway on the ground floor and an Access Point on the 3rd level that connected to the ground floor by cable - we control the access to the Internet by an Access Control List (ACL). The total devices connected to the network is 40, give or take.

 

The last configuration (before the current one was RAX50 as the gateway and RAX40 as the access point. All was good until last February.

 

In February we bought an RS600, installed it as the gateway and changed the RAX50 to the Access Point  (replacing the RAX40) when all our problem started.

 

We have found that older devices basically work fine but newer ones  such as iPhone 16 & 17, iPad 11, recent Windows 11 and newer Android devices are giving us grief, particularly those connected to the network via the Access Point.

 

The problem manifests itself  that such devices that are connected to the Access Point, show on the ACL as connected to gateway (which holds the ACL for the whole house) and "Blocked". Repeated attempts to "Allow" them come back as "Blocked".

 

But what is weird is that when we look at "Attached Devices" list of the RS600 those "blocked" devices show as connected by wire (i.e. coming from the Access Point" and "Allowed" and may have Internet  (but not always). The only real blocked devices (MAC address is not on the ACL) are shown correctly as "Blocked" on the Connected Devices" list.

 

Just to make sure that the problem does not come from the Access Point, we put the RAX40 back as Access Point and got the same behaviour.

 

Sometimes (but not always) we can resolve the problem by turning the affected devoices off, remove their MAC address from the ACL and then adding them back manually to the list of "allows devices not connected" list.

 

Talking to Netgear support did not produce any meaningful relief.

 

The RS600 firmware version is V1.0.6.22.

 

I am interested to find out if anyone else has the problem or if there is a solution to it.

 

Thank you.

 

 


 

 

 

 

 

 

25 Replies

  • StephenB's avatar
    StephenB
    Guru - Experienced User

    FYI, you posted this in the ReadyNAS forum.  I moved it for you.

     

    No idea if this will help, but you could try the release candidate firmware here:

    • https://community.netgear.com/discussions/en-home-nighthawk-rs300-beta-firmware/rs600-release-candidate-firmware-v1-2-7-2/2478731

     

  • schumaku's avatar
    schumaku
    Guru - Experienced User
    Jacob_of-Aus wrote:

    But what is weird is that when we look at "Attached Devices" list of the RS600 those "blocked" devices show as connected by wire (i.e. coming from the Access Point" ...

     

    Looking from the RS600, devices associated (wireless) to the RAX40 Access Point - these become wired connections, from the RS600 LAN side of course.

     

    Jacob_of-Aus wrote:

    older devices basically work fine but newer ones  such as iPhone 16 & 17, iPad 11, recent Windows 11 and newer Android devices are giving us grief, particularly those connected to the network via the Access Point.

     

    All these newer systems default to using Randomized MAC addresses - Apple misleadingly names this feature Private Wi-Fi Address - unless you explicitly switch to use the effective (physical) device MAC address.

     

    Jacob_of-Aus wrote:

    we control the access to the Internet by an Access Control List (ACL).

     

    MAC address randomization is a privacy feature used by modern devices (like phones and laptops). It hides your physical, factory-assigned MAC address by using fake, temporary addresses when connecting to Wi-Fi. Using this feature on your own managed network, does not make any sense - it's just causing issues, like the inability to reserve an IP address for each device on the DHCP server, typically your router - here your RS600. With the wonderful ***** idea of using Access Control List (ACL) - this is not an ACL for the Internet Access, much more an ACL controlling access to your network, wireless or wired - you create all these issues yourself, perfectly hit this situation, shooting into your own knee: 

     

    Never configure more security than you can deal with!

     

    It is not a false negative - for the Access Control List (ACL), a device with a different MAC address is a different device.

    • StephenB's avatar
      StephenB
      Guru - Experienced User
      schumaku wrote:


      All these newer systems default to using Randomized MAC addresses

      Yes, and this should be turned off for your home network, especially if you have more than one wifi network name.

       

      FWIW, Windows 11 defaults the random hardware addresses setting to "off" on private networks.  And normally your home network should be set up as private.  So also make sure  windows 11 is  classifying the home network as "private". 

       

       

      schumaku wrote:

      With the wonderful ***** idea of using Access Control List (ACL) - this is not an ACL for the Internet Access, much more an ACL controlling access to your network, wireless or wired - you create all these issues yourself

      Jacob_of-Aus​:  if you aren't using parental controls, then you could just disable the ACL.  The security benefit is minimal if you are using a good wifi password.   One of many articles on the subject is here:

  • @ Shumaku and @ Stephenb,  I am well versed in using ACL:

     

    1.ACL, at least as Netgear devices are concerned denies access to the Internet, not to the router(s) 

    2. All the devices which have MAC randomisation, which are all of them, except one or two, have their MAC randomisation disabled.

    That said, I will check out the one Windows 11 that plays up to see how the network is defined, albeit it has MAC randomisation turned off by default.

    • StephenB's avatar
      StephenB
      Guru - Experienced User
      Jacob_of-Aus wrote:

      1.ACL, at least as Netgear devices are concerned denies access to the Internet, not to the router(s) 

      No.  See page 54 here:

      • https://www.downloads.netgear.com/files/GDC/RS600/RS600_UM_EN.pdf

       

      You can use the network access control list (ACL) on the router to block or allow access
      to your network and the Internet. The ACL identifies a WiFi or wired device by its MAC
      address. The router detects the MAC addresses of the devices on the network and either
      allows or denies access.

       

      Parental controls can be used to manage internet access of connected devices.  But the basic ACL either allows or blocks access to the network itself.

       

      Jacob_of-Aus wrote:

      I see that this thread is marked as solved

      Sometimes other users will do that.  No idea who in your case, but someone reversed it, since there is no solution marked now.

      • Jacob_of-Aus's avatar
        Jacob_of-Aus
        Tutor

        StephenB Wrote:

        No.  See page 54 here:

        • https://www.downloads.netgear.com/files/GDC/RS600/RS600_UM_EN.pdf

        You can use the network access control list (ACL) on the router to block or allow access
        to your network and the Internet. The ACL identifies a WiFi or wired device by its MAC
        address. The router detects the MAC addresses of the devices on the network and either
        allows or denies access

        Yes I am ware of it, it is identical to the the user guides of all previous routes that I also have or had.

        With great respect Stephen, I have a big problem on my hand and I am not interested in debating semantics.

         

        In practice owners of blocked device see their devices as connected (t a router) with a note: "No Internet";

        this is what I ment in my comment.

         

        Also under the top list of all ( connected devices) , allowed and blocked there are two tables headed:

         View list of allowed devices not currently connected to the network and 

         View list of blocked devices not currently connected to the network

        Although the top list does not have a name, by sheer deduction one can conclude the top list it must

        a list of all devices that are connected... to what?

         

        This was my point.

         

        Now can we back and try to solve  my problem?

         

  • I see that this thread is marked as solved - I certainly did not do it. Unfortunately the problem is far from solved what is the meaning of this phenomena?

  • StephenB's avatar
    StephenB
    Guru - Experienced User

    I don't have the router, so I can't try to reproduce your symptoms.

     

    If I am understanding your symptoms correctly, then the problem devices are all connected via the AP (whether RAX50 or RAX40).  Is that correct?

     

    If so, I am wondering what happens if you connect the problem devices directly to the RS600.

     

    Also, do both the RAX50 and the RS600 have the same network name and password?

     

    Jacob_of-Aus wrote:

    With great respect Stephen, I have a big problem on my hand and I am not interested in debating semantics.

    With great respect, you started that sidebar with your earlier reply.  

    • schumaku's avatar
      schumaku
      Guru - Experienced User

       

       

      Jacob_of-Aus wrote:

      Just to make sure that the problem does not come from the Access Point, we put the RAX40 back as Access Point and got the same behaviour

       

      The first Access Point you talk of is the Wi-Fi of the RS600?

       

      StephenB wrote:

      If I am understanding your symptoms correctly, then the problem devices are all connected via the AP (whether RAX50 or RAX40).  Is that correct?

       

      It looks to me the OP Jacob_of-Aus has re-added RAX40 in AP mode to isolate the RS600 Wi-Fi part - operating as a kind of Access Point - direct on the router.

       

      And the issue is the same in my reading: The RS600 router appears not working correctly, regardless of the wireless devices are connecting direct to the RS600 Wi-Fi or the RS600 LAN.

      • StephenB's avatar
        StephenB
        Guru - Experienced User
        schumaku wrote:

        It looks to me the OP Jacob_of-Aus has re-added RAX40 in AP mode to isolate the RS600 Wi-Fi part - operating as a kind of Access Point - direct on the router.

        Agree the RS600 is the router.  The way I understand the first post is that Jacob_of-Aus​ has always had a router+AP setup.  That was RAX50 (router) and RAX40 (AP). 

         

        Then he upgraded to the RS600, so the configurations that aren't working are the RS600 (router) + RAX50 (AP) and also RS600 (router) + RAX40 (AP).  

         

        I am thinking he went back to the RAX40 as the AP to rule out the RAX50 as the problem.  I don't see anything about the RS600 wifi - whether that the RS600 wifi is turned off, or whether the AP network has the same name as the router wifi or not. 

         

        I agree that the RS600 router appears to be the problem, but thinking that connecting the problem devices directly to the router would be a useful test.  From the first post, it looks to me like the problem devices are all connected to the AP.  But I am not certain of that, so wanted to confirm.

         

         

  • Thanks StephenB , I am now away from my computers on my iPad in which I   am very slow in writing, let alone using this platform. I will give  you sa detailed reply in 

    about 30 hours ie 10am to 12 noon Friday Sydney time (8-10 pm Thursday Eastern)

    Jacob

  • StephenB's avatar
    StephenB
    Guru - Experienced User

    Did you double-check that you didn't somehow end up with an Armor trial subscription or with parental controls enabled?

    • Jacob_of-Aus's avatar
      Jacob_of-Aus
      Tutor

      No, StephenB, I know for certain that the Armor is disabled on all router as is parental control.