× Introducing the Orbi 970 Series Mesh System with WiFi 7 technology. For more information visit the NETGEAR Press Room.
Orbi WiFi 7 RBE973
Reply

Re: How do you whitelist MAC addresses on the XR500

nonnumericdave
Initiate

How do you whitelist MAC addresses on the XR500

I just purchased the XR500, and after performing the basic setup, I'm trying to figure out how to whitelist MAC addresses.  I see I can blacklist a MAC address from the "Device Manager", but that is not even remotely useful.  On page 51 of the documentation, it states that you can setup a WiFi Access Control List from "Settings > Advanced Settings > Advanced Wireless", but I don't see the "Wireless Card Access List" section that is specified.  The "Advanced Wireless" page appears to have more on it, but a huge portion of the page disappears the second after it loads.

 

Is there an option I am missing to enable this?  Or did I just fall victim to a documentation bait-and-switch and spend $300 on a router that can't even perform basic functionality that existed in routers 15 years ago?

Model: XR500| Nighthawk Pro Gaming Router
Message 1 of 5

Accepted Solutions
Killhippie
Prodigy

Re: How do you whitelist MAC addresses on the XR500

ACL was removed in the latest firmware, I believe it had some stability issues. MAC address filtering provides no real security, rather like hiding your SSID,  but it does provide a false sense of security in my view. It is so easy to spoof by someone using say kali linux and Wireshark for instance. There are even videos on youtube to show how to do it! You really are better off using something like a 8-16 character ASCII WPA2 password. Also some operating systems use MAC address randomisation, like Apple for instance and MAC filtering can actually make connection to the router more problematic.

View solution in original post

Model: XR500| Nighthawk Pro Gaming Router
Message 2 of 5

All Replies
Killhippie
Prodigy

Re: How do you whitelist MAC addresses on the XR500

ACL was removed in the latest firmware, I believe it had some stability issues. MAC address filtering provides no real security, rather like hiding your SSID,  but it does provide a false sense of security in my view. It is so easy to spoof by someone using say kali linux and Wireshark for instance. There are even videos on youtube to show how to do it! You really are better off using something like a 8-16 character ASCII WPA2 password. Also some operating systems use MAC address randomisation, like Apple for instance and MAC filtering can actually make connection to the router more problematic.

Model: XR500| Nighthawk Pro Gaming Router
Message 2 of 5
Netduma-Fraser
NetDuma Partner

Re: How do you whitelist MAC addresses on the XR500

When Smart Connect is disabled you should be able to see those options that load then disappear.

ACL was removed due to some issues, I think they'll be working to fix those so it can then be reintroduced but not 100% certain. Also agree with the advice given above.
Message 3 of 5
nonnumericdave
Initiate

Re: How do you whitelist MAC addresses on the XR500

Thanks for clarifying what happened to this feature.  

 

I totally agree that MACs are easy to spoof.  But I would not downplay the security of MAC whitelists.  An attacker would either have to identify a whitelisted MAC that is currently not is use or attempt to take the resource from an already-authed whitelisted MAC, at which point the original device would probably attempt a reauth.  The additional element of timing in both cases makes this attack difficult in practice.

 

 

But really, I am super disappointed that Netgear would remove a documented feature due to a bug, rather than address it with a fix.  There are two or three pages in the manual dedicated to this feature.  From the sounds of it, it may never be reintroduced.

Message 4 of 5
Netduma-Fraser
NetDuma Partner

Re: How do you whitelist MAC addresses on the XR500

I don't work for the Netgear Development team which covers settings, I can only speak for the Netduma team for DumaOS features. Likely it was removed for the last firmware as it was too late to fix for that release.
Message 5 of 5
Discussion stats
  • 4 replies
  • 9383 views
  • 2 kudos
  • 3 in conversation
Announcements

Orbi WiFi 7