Orbi RBR850 access control - what does it actually do?

---

@jftobolski wrote:

So, forum, what does access control actually *do*?  Just block internet access? 

---

An opportunity for experimentation

• Does this device respond to ICMP (Ping)?
• If Enable LAN/WAN Packet Capture is done on the Orbi debug page (http://orbilogin.net/debug.htm ) does resulting lan.pcap file show any data packets from this IP address?

My hypothesis is

• the process of associating with the WiFi takes place at the "radio level" (before Orbi code is aware the device exists)
• An IP address is assigned to the device because
• Blocking is done by placing an entry in linux iptables that says, "delete any packets from this device."

Is this device always connected to the same Orbi access point? (i.e. it appears to be in one location?)

Thanks for the reply - it does respond to ping, but only intermittently (meaning there might be 50-100 unsuccessful attempts, then 5-10 replies... repeat.

The log files weren't terribly self explanatory - the IP address in question shows up in the files, but not sure where exactly to look for actual packet traffic - anything you can suggest would be appreciated.

Good thought on the satellite that this device links to.  It does move around.  then again, so does a WEMO in-wall light switch so I wouldn't consider that high-grade information.

Sorry - an addendum.  There is no lan.pcap file.  There is an eth4.pcap and and BR.pcap.  Neither are in plaintext though.

---

@jftobolski wrote:

Sorry - an addendum.  There is no lan.pcap file.  There is an eth4.pcap and and BR.pcap.  Neither are in plaintext though.

---

Oh, joy.  Looks like Netgear decided to change how packet capture works in the AX products. (sigh)

pcap files are indeed binary files that can be displayed using a number of free programs. For Windows, I use Wireshark.

Pcap files are for Wireshark. It is a free download and will decode the file. You like want the BR.pcap info

Scott

Maybe a bit offf topic. But when I have had that happen, if you can get a MAC Address I've put it in "Access Control". Blocked it.

Update - have the packet capture running, and Wireshark installed.  Will let it go for a bit

On the access control, yes I have blocked the MAC - but it's still getting onto the Wifi so want to see what it's talking to, if anything.  I'd prefer if Access Control MAC filtering disallowed access to Wifi entirely.

On a side note, I foolishly turned on parental controls and not Access Control went away.  Is there an easy fix?

Experiment 1 - Partial Success:

• Charged up my old Moto e phone (no SIM card)
• In the Orbi Access Control, enabled Access Control, changed the MAC address for this phone from Allowed to Blocked (and "Applied" - I nearly always forget that step)
• Turned on the Moto e.
• Moto e booted up and reported:
  • Network connected at 5G
  • Connection Excellent
  • Regular IP assigned from the LAN assignment table (192.168.1.31)
  • No Internet
• Opened a command window on a PC and attempted to ping the Moto e.
  Ping "timed out".  No response.
• After "undoing" all this, Moto e works normally.  (Now has 29 apps to update - has been in a drawer for quite some time).

So far, this supports the idea that "Blocked" means:

• The device can connect to the network and get an IP assignment, but
• The device cannot access (or be accessed by) the local network or the internet.

Hypothesis about iptables* - (meh)

*  https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/ 

My older Orbi can be accessed with telnet, so I attempted to see if turning on Access Control and blocking the Moto e made any change.

• Before enabling Access Control, I dumped out the iptables rules.
• After enabling Access Control, dumped the iptables rules again.
• Put the two results into WinMerge (a program that compares two files for differences).
• Could not find any difference.  No reference to 192.168.1.31.  No additional rules.  Nada.

This definitely does not support the hypothesis that Netgear uses iptables to block the device.  This could be because:

• They use some other mechanism to block devices, or
• I am not sophisticated enough to discover how iptables is working.  (very good chance of that!)

Whatever this rogue device is, it must be plugged into electricity.  (a battery powered device would have gone silent by now.)

Is there a chance that it is not an Apple device?  This business of randomizing MAC addresses has spread to Android and Windows (laptops for sure).

Try to disable SPC using the Orbi app under Settings from the top left menu in the app...

Power off the RBR for 1 minute then back ON after applying the setting...should make the controls re-appear in the UI again? 

---

@jftobolski wrote:

Update - have the packet capture running, and Wireshark installed.  Will let it go for a bit

 

On the access control, yes I have blocked the MAC - but it's still getting onto the Wifi so want to see what it's talking to, if anything.  I'd prefer if Access Control MAC filtering disallowed access to Wifi entirely.

 

On a side note, I foolishly turned on parental controls and not Access Control went away.  Is there an easy fix?

---

Thanks to all for the help - the rogue device is still showing as connected, but packet trace shows no traffic to or from other than the orbi doing name queries.  I'm going to keep an eye on it for now.  It's annoying though - block ought to mean "don't allow connectivity"