1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Wireless MAC Filter bug or feature?

Discussion in 'Asuswrt-Merlin' started by Rumboogy, May 26, 2019.

  1. Rumboogy

    Rumboogy Occasional Visitor

    Joined:
    Jun 21, 2017
    Messages:
    38
    I found a foible in the "Wireless MAC Filter" capability. I would call it a bug but perhaps it was done on purpose. I have only tested this in the "reject" mode. What I found is that "Wireless MAC Filter" only seems to reject MAC address when they are on the main (as opposed to guest) SSIDs. For guest SSIDs "Wireless MAC Filter" has no effect. And it does not matter if the guest SSID has "Access Intranet" turned on or off (in case you were wondering).

    I have been using "Wireless MAC Filter" for years to block a few unknown devices on my network (I know it seems crazy that I have stuff plugged in and connected to my network for years and I can't figure out: what it is, where it is, or who connected it). I had assumed that these rogue device were being blocked. But I did some testing over the weekend and discovered that for guest SSIDs the "Wireless MAC Filter" has no effect (as I said above). I have two guest SSIDs that have "Access Intranet" turned on so these rogue devices could be connected via those SSIDs. If that was the case then these rogue devices have full access to my main network. There is no easy way for me to find out which SSID they are on so I don't know if they have access or not.

    It seems much preferable that the "Wireless MAC Filter" would block a MAC regardless which SSID it is connected to. This seems to be much more intuitive to me.
     
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,547
    Location:
    UK
    Router model?
    Firmware version?

    Just to be clear - you are setting the MAC filter list in the guest network's settings and not in the primary wireless settings?
     
  3. Rumboogy

    Rumboogy Occasional Visitor

    Joined:
    Jun 21, 2017
    Messages:
    38
    Router: RT-AC86U
    Firmware: 384.11_2
    I guess I should put that in my signature.

    The only place I know to set the wireless MAC Filter is at: Wireless -> Wireless MAC Filter. I have not seen anyway to set these specifically for the guest networks.
     
  4. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    9,362
    Go to any Guest network you've configured or not and click the bottom option 'Enable MAC filter'. ;)
     
  5. Rumboogy

    Rumboogy Occasional Visitor

    Joined:
    Jun 21, 2017
    Messages:
    38
    Thanks. I never noticed that. So I guess that answers the question - its a "feature" not a bug.
     
    L&LD likes this.
  6. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,547
    Location:
    UK
    In John's firmware there are individual MAC filter lists for each guest network. I have a vague recollection that John added them a year or so ago. I thought the same change had been made by Merlin but I might have been imagining that. If you don't see the options then you might have to set them through NVRAM variables.

    https://www.snbforums.com/threads/r..._2-is-now-available.35561/page-11#post-290191

    Untitled.png

    EDIT: I see @L&LD has provided the answer :).
     
    L&LD likes this.
  7. Rumboogy

    Rumboogy Occasional Visitor

    Joined:
    Jun 21, 2017
    Messages:
    38
    The setting was there in Merlin, I just did not notice them before. I added my "rogue" device in and now it is finally gone.
     
    L&LD likes this.