Wireless MAC (Band filter filtering out Guest network)

New Around Here
After 7 days of resetting, reconfiguring, testing, I finally found out the cause of my Guest network woes.

Running 3004.388.6_2 on ASUS AX86U.

I would like to configure Guest Wifi with MAC filter (accept only)


I realised that the Guest Wifi MAC filter will not accept a MAC if the same MAC is not declared as accepted in the Band MAC filter


i.e. the same entry must be found on the 5GHz Band MAC filter otherwise the Guest Wifi will not accept the device.

Looking at the below link, it appears that it is not intended to be like this.

Reason: If I allow a company laptop (used by less IT savvy family) to connect to the Guest Wifi, it should not be able to inadvertently connect to my main LAN. What can happen is
1. initiate Guest Wifi connection (Auto Reconnect)
2. Main Wifi MAC filter allows device
3. Guest Wifi MAC filter allows device but for some reason cannot connect
4. User overrides Guest Wifi Auto Reconnect and manually connects to Main Wifi (said User is household member and privy to all passwords)

Shouldn't the two MAC filters be kept separate?

Of course there is always the option of securing the main Wifi with a password unknown to the User.
Change the password.

Everything else can be spoofed.
I understand where you are coming from. Even firewalls work on the basis of IP addresses which can be spoofed. Regular password change works. I have gone through enough ethical hacking material to know it is all about the determination of the attacker (and automation).

Ultimately, the best is NOT to allow any endpoints that can be compromised onto the network.

