NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

jftobolski's avatar
jftobolski
Aspirant
Feb 02, 2023

Orbi RBR850 access control - what does it actually do?

I have an Orbi RBR850.  Everything working well, have >100 devices with IP reservations, hence I have only a small DHCP address range set aside for "other devices".  Recently I've been seen an apple ...
CrimpOn's avatar
CrimpOn
Guru
Feb 02, 2023

Experiment 1 - Partial Success:

 

  • Charged up my old Moto e phone (no SIM card)
  • In the Orbi Access Control, enabled Access Control, changed the MAC address for this phone from Allowed to Blocked (and "Applied" - I nearly always forget that step)
  • Turned on the Moto e.
  • Moto e booted up and reported:
    • Network connected at 5G
    • Connection Excellent
    • Regular IP assigned from the LAN assignment table (192.168.1.31)
    • No Internet
  • Opened a command window on a PC and attempted to ping the Moto e.
    Ping "timed out".  No response.
  • After "undoing" all this, Moto e works normally.  (Now has 29 apps to update - has been in a drawer for quite some time).

So far, this supports the idea that "Blocked" means:

  • The device can connect to the network and get an IP assignment, but
  • The device cannot access (or be accessed by) the local network or the internet.

Hypothesis about iptables* - (meh)

https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/ 

 

My older Orbi can be accessed with telnet, so I attempted to see if turning on Access Control and blocking the Moto e made any change.

  • Before enabling Access Control, I dumped out the iptables rules.
  • After enabling Access Control, dumped the iptables rules again.
  • Put the two results into WinMerge (a program that compares two files for differences).
  • Could not find any difference.  No reference to 192.168.1.31.  No additional rules.  Nada.

This definitely does not support the hypothesis that Netgear uses iptables to block the device.  This could be because:

  • They use some other mechanism to block devices, or
  • I am not sophisticated enough to discover how iptables is working.  (very good chance of that!)

Whatever this rogue device is, it must be plugged into electricity.  (a battery powered device would have gone silent by now.)

Is there a chance that it is not an Apple device?  This business of randomizing MAC addresses has spread to Android and Windows (laptops for sure).

jftobolski's avatar
jftobolski
Aspirant
Feb 10, 2023

Thanks to all for the help - the rogue device is still showing as connected, but packet trace shows no traffic to or from other than the orbi doing name queries.  I'm going to keep an eye on it for now.  It's annoying though - block ought to mean "don't allow connectivity"