Block unknown devices on Deco M9 - user changes MAC address to fool parental controls
Hi all,
I've been using the Deco M9 Plus for a couple of days now and I'm very pleased with it. The wi-fi is excellent in whole our house. And especially the parental controls are very valuable too to control the extensive use of internet of some of the users.
I have a question however. Is there an option to (automatically) block unknown devices on the network? I'm familiar with the blacklist option but I wouild like to see a whitelist for devices as well. The problem is that one user in our home is smartass enough to change the MAC address of his computer each time the parental control blocks his internet. Ofcourse the Deco notifies me that a new device is noticed on the network and than I can manually block the device but is there anyway it can be done automatically?
The Deco acts like a router and is directly connected to my ISP modem.
Is there any other option to block unknown MAC addresses from the internet should there be no possibility to achieve this with the Deco?
Thanks for your replies.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@Mihu it's not even a hard fix, there's multiple ways this could be fixed easily. Clearly this has been labeled a wontfix
It's also worth noting many Android phones have begun shipping with this turned on by default.
It's a major pain with the constant stream of devices coming through the house with five kids I can't setup a default profile.
- Copy Link
- Report Inappropriate Content
@mfisch Agreed, this is like buying a firewall and discovering that it has every port open by default.
- Copy Link
- Report Inappropriate Content
Mihu wrote
@mfisch Agreed, this is like buying a firewall and discovering that it has every port open by default.
And that you have to add explicit deny rules for every single remote IP address that might try to connect.
MAC randomization on client devices is a good thing, and TP Link needs to address this somehow -- whether it's having to approve connections by new MAC addresses, having new devices default to having no local network or Internet access (like defaulting to a specific Parental Control group, but without the very unfortunate ~32 16 [!?!] device per group limit), or something like "enterprise" authentication rather than every device having the same PSK.
I'm intrigued by the possibilities of Wifi 6E, but I won't buy another TP Link unless this is fixed, and, despite the excellent radio performance, I warn others that parental controls on Deco are effectively worthless for actual parental supervision. (There's still some utility for limiting Internet Of Things devices, and prioritizing devices, just not in trying to limit what people can do.)
- Copy Link
- Report Inappropriate Content
@7dwergen
But your kid on the guest WiFi and just turn off the entire guest Wifi at night...
Also, this thread is 2 years old - how is something so basic still not a thing?
- Copy Link
- Report Inappropriate Content
Serpenio wrote
@7dwergen
But your kid on the guest WiFi and just turn off the entire guest Wifi at night...
Also, this thread is 2 years old - how is something so basic still not a thing?
@Serpenio Guest wifi isn't good enough:
- It has no "default parental controls". My kid's friends come over and they're like, hey, we can visit this forbidden website on your iPad on the Guest wifi, I guess dad hasn't blocked it.
- I want my kids on the main network so they can do stuff like screencast and AirPlay.
How is this not a thing -- exactly! It sounds like Asus ZenWiFi might be a good alternative, that it offers default filtering so devices would be useless until their MAC was recognized as qualifying for more access, and would lose access if they used a randomized MAC address.
Yes, TP Link, I've begun to shop around...
- Copy Link
- Report Inappropriate Content
@TP-Link Please, look up this thread !!! It doesn't make any sense at all the way it's now. We (owners of the local network) don't own every device surrounding us, like a neighbor phone or people close to the SSID. People can keep faking/spoofing as many MAC addresses as they want and bypassing this useless stupid feature called "Deco MAC Blacklist" and we have to play an endless cat-and-mouse game by blocking newer MACs every day.
We need a statement, a roadmap, or something, it's been too long since people are asking this simple feature that already exists in thousands of older and weaker devices from many different vendors, including old TP-Link devices..
Again, a blacklist is useless e doesn't make sense. We need something like WHITELIST MAC address so we can specify ONLY the MACs that belong to our home/family connect and nobody else can connect.
- Copy Link
- Report Inappropriate Content
layer4dad2 wrote
It sounds like Asus ZenWiFi might be a good alternative, that it offers default filtering so devices would be useless until their MAC was recognized as qualifying for more access, and would lose access if they used a randomized MAC address.
Yes, TP Link, I've begun to shop around...
If you do buy it, please report back. I had to resort to having an old Netgear I had; connect to the Decos and have the kids on the Netgear Wifi...Completely unncesssary if TP-Link would address basic security issues.
hasin27 wrote
@TP-Link Please, look up this thread !!! It doesn't make any sense at all the way it's now. We (owners of the local network) don't own every device surrounding us, like a neighbor phone or people close to the SSID. People can keep faking/spoofing as many MAC addresses as they want and bypassing this useless stupid feature called "Deco
@hasin27 Two things:
- You aren't helping the case; since your issue can easily be solved by placing a password on your SSID as any responsible network owner would do.
2. They don't care since there is a request about this every other week
MAC address filtering in Deco
MAC adress filtering
Whitelist MAC filtering, please!
Deco is the #1 best seller on Amazon, how is it missing basic security features?
These devices are missing some features that are in most devices (Also noticed, moderators will pick and choose what they move to the Feature Request Forum like they did with this post)
- Copy Link
- Report Inappropriate Content
You nailed it, TP-Link just don't care about the issue.
It's sad really, when other vendors can push out meaningful updates in response to concerns raised by their user base but TP-Link just ignores it.
I'll be choosing a different vendor to replace my Deco hardware, and exclusively because of this issue.
- Copy Link
- Report Inappropriate Content
I’ve just bought the Deco as I had this problem with the eero.
Looks like it’s being returned to Amazon.
Anyone know a decent mesh system that does do this ?
edit: I've started a return of this item to Amazon and ordered a Netgear Orbi, which apparently has a 'Block New Devices' option.
- Copy Link
- Report Inappropriate Content
Hi, I see Deco could do the same thing.
Go to Deco APP>More>Advanced>connection alerts for new devices.
Once you got the notification in the message, you could block this device.
It is not convenient but would be a nice workaround.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 36
Views: 38485
Replies: 133