Orbi Access Control List
Orbi Access Control List
I am running into an odd issue when setting up my Access Control List in the Orbi GUI. I am logging on through my laptop and selecting "Turn On Access Control" and "Block All New Devices". When I scroll down, I see the carrot that is collapsed which states "Allowed Devices Currently Not On Network". I want to add some of them back in, easy enough; check the bock and hit "Add". Takes me to adding a new device. Check the box and hit "Edit". Edits the current device which doesn't do anything. "Remove Device from List", thinking I can delete it and once I add it, it'll go into the current ACL. It does delete and then goes right back to the "Allowed Devices Currently Not On Network". The only thing that seemed to really work was turning off ACL, connecting the device, and then turning ACL back on. This can't be the right way to do it.
I have to say, I am a little disappointed in NETGEAR if this is the case. First I wanted to set up VLANs and was informed that wasn't really an option on consumer grade products, and now the ACL is completely convoluted. Security is top of mind for me, and I don't mind putting in the effort to get the network all set up, but this seems ridiculous. Might have to return this equipment. Any thoughts/help?
Re: Orbi Access Control List
"Convoluted" is an apt description because the terminology does not mean what we think it should mean.
Block does not mean "Do not let this thing connect to the network. Do not give it an IP address."
What it means is, "Do not let this device communicate through the router." *
When the setting is Block all new devices, then the way to let something communicate through the network is to:
- Connect the device, either with Ethernet or via WiFi.
- Discover that the device reports, "No Internet" and cannot do anything useful.
- Go into Access Control.
- Select the device (which shows the status "Blocked"
- Click Allow.
- Click Apply.
Orbi maintains a list of every device that has been connected so that when (and if) they return sometime in the future, it will know whether to allow them to communicate or not.
If a device is on the Allowed but not connected list, then when it does connect to the network, it will move from that table to the table of connected devices without the user doing anything. The act of connecting it is enough. Something that may have led to the confusion is that Orbi display tables do not update immediately. It can take easily five minutes for some internal process to complete a scan and update the display.
Just personally, I find the whole Access Control feature more trouble than it is worth. My WiFi password is estimated to take about 4 billion years to crack, and that's assuming that NSA cares enough about me to attempt it.
* There have been several discussions lately about the fact that Access Control does not apply to devices which are connected to the router with Ethernet if they communicate with each other through the Ethernet switch module on the router. This is a feature of the switch module which recognizes that communication between two Ethernet devices does not need to leave the switch module.