DNSFilter Exclusion "Not Working"

[DroidST]

what type of client does she have and have your verified her mac? Verify and compare on DNSFilter's list.

 

[Toot4fun]

So the global rule is working then since it’s intercepting all 53/udp dns traffic, ignoring your laptops ipconfig settings.
But why not the exceptions that precede it? Is your laptop MAC near the end of the list as well? Maybe tinker with reducing the client list to see if there’s some unintended limitation (backup router settings first).

Yeah, both are towards the bottom so maybe I'll clear out the list and add everything back in. I have to sign off for the night, so I turned DNSFilter off, flushed DNS, and my laptop worked (no OpenDNS) immediately.

 

[Toot4fun]

what type of client does she have and have your verified her mac?

She's using an iPhone and I'm using a Windows 10 laptop with a USB LAN adapter.

 

[DroidST]

So, on her iPhone, you set DNS (static) to the non OpenDNS IP's and also have her in DNSFilter's Client List config'd w/'No Filtering', correct? And, rebooted 68U and iPhone?

 

[DroidST]

How about remove the last entry in the DNSFilter Client List (her's?) and one more.

Then add her's.

 

[Toot4fun]

So, on her iPhone, you set DNS (static) to the non OpenDNS IP's and also have her in DNSFilter's Client List config'd w/'No Filtering', correct? And, rebooted 68U and iPhone?

I noticed the same behavior on my laptop so I was using that for testing, but basically. I did not reboot the laptop or router after making the changes. But I had what I thought was an epiphany this morning, but I wasn't able to replicate it as I thought.

In addition to the ASUS, I have an Archer C7 wired directly to the ASUS that runs in Access Point mode to extend my wireless range. It seemed as though devices connected to the Archer were not filtering correctly on the ASUS, while those connected to the ASUS were fine. My thought was that for some reason, the MAC of the Archer was being passed to the ASUS and there was no rule in the filter list for the Archer (nor would I want one for my particular situation). In order to test this, I changed the SSIDs on the Archer so that I could control which AP I was connected to. My testing on the ASUS worked as expected and the exceptions did what they should. When I switched over to the Archer, the exceptions on the Archer continued to work, which debunks my original theory. However, maybe something in my troubleshooting temporarily "fixed" this and it will happen again, but at least now I have a place to start looking.

 

[ColinTaylor]

AFAIK the Archer C7 doesn't have an "access point mode". So you're either using it as a router (in which case the client's MAC address will be changed), or you're connecting it LAN to LAN with DHCP turned off.

 

[Toot4fun]

AFAIK the Archer C7 doesn't have an "access point mode". So you're either using it as a router (in which case the client's MAC address will be changed), or you're connecting it LAN to LAN with DHCP turned off.

Here's what it looks like:

 

[ColinTaylor]

Here's what it looks like:

Thanks for that. I guess they must have updated the firmware at some point because all the discussion I've ever seen on the internet for this model was about how to do it manually because it didn't have an explicit AP mode.

 

[Toot4fun]

Thanks for that. I guess they must have updated the firmware at some point because all the discussion I've ever seen on the internet for this model was about how to do it manually because it didn't have an explicit AP mode.

If it helps:
Firmware version: 1.0.7 Build 20180425 rel.62587(5553)
Hardware version: Archer C7 v4.0

 

[dave14305]

I don’t have access points so I’m not much help, but run the arp command on your router to observe how the MAC addresses appear from those clients connected to the AP when all is working well and when it isn’t.

 

[DroidST]

should have posted about the AP in first post.

I also have a 68U in Repeater mode and if a client connects to the Repeater, clients manually entered into DNSFilter Client List won't happen as the MAC address of that client won't come through, it will be the MAC of the 68U.

I may be able to run DNSFilter on the Repeater and setup clients their too (more work though) but I am going to change the SSID's on the Repeater, not matching my Primary. I have a couple clients that will connect to the Repeater at times and really don't have to.

Maybe Asus AP mode and AiMesh will pass the client's MAC, I don't know but will stay with Repeater for the time being as all default clients go to OpenDNS Home which works for me.

Is anyone here running AiMesh or a Asus AP and if so, does it pass the client's mac if client is connected to a remote node/ap? I am more interested in AiMesh, may go that route in the future.

 

[ColinTaylor]

@DroidST Your questions are rather off-topic for this thread as we're not talking about AiMesh or Asus AP's.

 

[DroidST]

yes understood. From the tp-link AP Description in that post above (Parental Controls and QOS are not supported in this mode), the tp-link is probably translating the client mac as well.