NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Access Control not blocking Apple devices
I'm trying to figure out whats going on here with my issue. If this is not the right area, then can someone re-direct me to the right place or solution? I'd like to understand why is it that in a Wi...
@sunnyorlando wrote:I'd like to understand why is it that in a WiFi system that has 'access control' turned on to' block all new devices from connecting', any apple device can connect without authorization.
Definitively something very wrong or not working as expected if this is true. What magic WiFi system model and firmware are we facing here?
@sunnyorlando wrote:Interestingly... yesterday I ttried to disallow '(block)' one of these, and the router responded that I 'cannot block using the same device I'm logged in with' - an android! Yet the device I was blocking was an iPhone identified by MAC association to vendor.
Netgear (and other WiFi device makers!) have either a white list or a black list implemented. If a WiFi system is configured to require a management action on the first connection - allowing a device - it's in white list mode.
Thus you can't block any individual device (resp. whatever MAC address was used) into a black list.
@sunnyorlando wrote:But that aside, I cant seem to block any Apple devices using access control.
Not related to be an Apple device, as explained above. There should be a way to remove it from the white list of allowed devices instead.
sunnyorlando wrote:My setup: WNDR4300 v2 V1.0.0.58 + repeater WN2000RPTV3
Have both the router and the repeater the white list configured - essentially _three_ times because clients coming in over the repeater get a translated MAC address? Oh and in case the repeater is operating as access point these would bypass such a control (for WiFi!) on the router.
The repeater is set up to mimic the settings of the actual router. I do not have seprate controls for SSID, passwords or Access Control for the repeater - its all based on whatever the settings ar for the router. That is an option you can select when you set up the repeater.
I kind of figure its not an apple issue per se, but it only happens with Apple. All other devices that access the WiFi need to be arpproved via Access Control. And that what Im truing to figure out.
The set up is a WNDR4300 v2 on version V1.0.0.58, with aWN2000RPT v3 on the other side of the house.
sunnyorlando wrote:The repeater is set up to mimic the settings of the actual router. I do not have seprate controls for SSID, passwords or Access Control for the repeater - its all based on whatever the settings ar for the router. That is an option you can select when you set up the repeater.
Agree the SSID are taken over from the router, by default with the added _EXT postfix.
Strongly doubt there is any integration when it comes to white- and black-list ACLs (as available on the router), while the extender does only support ACL as a back list as per the NETGEAR N300 WiFi Range Extender Model WN2000RPv3 User Manual p.36 "Deny Access to a Computer or WiFi Device".
The N300 WiFi Range Extender Model WN2000RPTv3 Quick Start Guide does have a section "I enabled a WiFi MAC filter, WiFi access control, or access control list (ACL) on my router. What should I do when installing the extender?" on p.18. it also explains that the extender does make use of translated MAC addresses which require to be added if using the white list feature on the router.
sunnyorlando wrote:
I kind of figure its not an apple issue per se, but it only happens with Apple. All other devices that access the WiFi need to be arpproved via Access Control. And that what Im truing to figure out.
Somewhere between very unlikely (any kind of overflow on the MAC ACL white list?) and impossible.
Please show the example based on the disabled Private Address (read random MAC) "feature" on an Apple (what is very broad), the connected device information on both the router and the extender, and any white list entries on the router - screenshots and more would help.
Attached PDF with screenshots:
> '1' is whats connected right now - iPhones are not here now
> '2' is what is not connected, but iPhones show as allowed
> '3a and 3b' - is what the blocked list - shows the same iPhones that are also in the 'allowed but not connected' list '2'.
Thosie iPhones have been blocked several times, then they sho up with differnte MAC and automatically get connected without approvals. I'll have to wait until it happnes again to see them connected to the router AND show up in the not allowed list - by name, not MAC because it changes.
And BTW - when connected, its to the main router (wireless3.2.4_OF), not the EXT. You can see the extender listed in the connected devices Image 1 at the bottom. So whatever the EXT functionality is, I don't see it affecting the rules of the main router if nto connected to the EXT. Right?
And an iPhone shows a wired??
And I don't get how that one IP that shows with 192 IP range. Its a 6c:B:CE MAC and it comes up as a Netgear product but I cant figure what it is, how is that getting a 192 when my private range is 172?
