major security problem: new Orbi RBK50 router + wireless : SSID does not ask for login or password

Maybe I'm not quite understanding your issue but...what are you talking about?

For normal operation you just need the SSID and the password (hopefully WPA2-PSK) unless you disabled encryption. Once a client is connected it's free to access all the resources including going to the internet. The client won't have access to your router admin page without providing a username and password.

If you want to set up access controls you would do that in Advanced -> Security -> Access Control.

Hello and thaks for taking time to consider my question.

You said: For normal operation you just need the SSID and the password (WPA2-PSK): yes, that it what I did, and I therefore expect any new device to ask for a password the first time I pick the Orbi SSID.

Just so there is no misunderstanding I am very familiar with computers (MAC), routers, etc. Just to let you know, my level is (usually) quite advanced.

The problem is the following: i went through the complete installation procedure as I have done many time in the past.

I also checked all the parameters: encryption on, NO guests allowed, etc

I obviously configured the router so that the SSID requires a password (with letters and numbers for security purposes) and rechecked the configuration multiple times before posting in this forum.

 The problem is the following:

- I take my iPhone,  ➤ settings  ➤  WiFi  ➤ tap on the SSID ... and I log in AUTOMATICALLY without entering the password. I tested the browser and yes, I have full speed Internet via WiFi (not 4G). I am sure that it is the WiFi, if only the fact that it is much faster than 4G.

-As a second step, I take my iPad which does not even have a SIM (WiFi access only). I go to settings, WiFi, click on the SSID (Orbi857) and presto I have full access again without entering a password.

I checked the configuration, reset the router, updated the firmware, etc which did not solve the problem

thanks again

dorindon

If you replaced an old wifi setup that had the same SSID and password as the Orbi, your devices have it cached, which is why you aren't being prompted - clients can't tell what hardware they are talking to, only the (B)SSID.

I do strongly recommend WPA2-PSK only, as TKIP was broken some time ago.

Rodney

Once you enter an SSID/password combination on one of your IOS devices, it is shared with all your other IOS devices. It's working just as designed as has nothing to do with Orbi.  If you don't like that behavior, you can probably disable it via iCloud or something.

Hello,

The SSID and password are completely different.

thanks for your input,

dorindon

Thank you for your answer.

You make an interesting point. 

1- In other words, is the SSID and password are different from that of my old router, you are confident that all the people in my building are not going to login to my SSID without a password?

I read that Netgear had some security issues. Can I be confident that this is not a security issue, or some configuration glitch that makes my wifi public (given that I clearly defined a password) ?

2- do you selectively allow devices or is that overkill?

thanks again very much

I can't thank you enough for your most intelligent answer and patience

No problem.  You're welcome.

Hi,

Very sorry to bother you again. 2 questions have popped up since my last message:

1- I configured the router so that in addition to the password only allowed devices can access.

Orbilogin  ➤ advanced ➤ security ➤ access control  ➤ Turn on access control + Block all new devices from connecting boxes checked.

Funny thing: I had an old iPad lying around in my closet. I turned it on  ➤ wifi  ➤ chose orbi network  ➤ it logged automatically into the Orbi Network, and I could freely browse the internet. If I understand correctly, iCloud Keychain  access overrides Netgear Orbi access control (block new devices).

2- My orbi is plugged into my cable modem. I cannot turn my cable modem WiFi off because according to my ISP contract, I must allow for guest login via their cable modem (not just any router) (long story short: they want all customers to have city wide access). So I end up with 2 wireless networks: my cable modem and that of orbi. Could that cause any problems?

thanks again very much

1. iCloud would not be able to override Orbi access control.  The access control takes place at a lower level. I use Orbi in Access Point mode, so that feature is not available to me.  However, the manual says you need to enable this feature before a device has ever connected to Orbi.  So, if you have ever connected the old iPad to Orbi then Orbi might be remembering it.  On the Orbi GUI Access Control page, try clicking "View list of allowed devices not currently connected to the network" and see if your iPad is listed there.

2. If it's Comcast, I've read that some people have called them and had that feature turned off. If you cannot turn off the cable modem WiFi, then you need to manually set the 2.4G and 5G WiFi channels on both the cable modem and Orbi to ensure they are not using the same channels.  You should use only channels 1, 6, or 11 on 2.4G.  Also, if you can lower the WiFi radio power on the cable modem WiFi, do that. You should also look into buying your own cable modem, which would save you rental fees.

thank you very much