MAC filtering
I have been using this modem for some years, mainly without any particular concerns. However it has now come to my notice that the use of MAC filtering to control access to the network has now become problematic.
I have been using Parental Control to manage access times for the children in our care. This relies on identifying their devices by MAC number and applying time restrictions. It has been working OK but I have recently become aware that it no longer works for every device and some devices are now able to get unrestricted access.
It appears that some mobile phones, specifically the latest iPhones and possily Android phones, change the device MAC number when making a connection to a network so are no longer subject to the MAC filter. I was made aware of this when a new iPhone started in use. I checked the MAC number on the device and set up a rule under Parental Control. I then noticed that this number didn't appear in the list of logged on devices but another number did, identified as an iPhone. I changed the rule to this number only to find that at the next time it connected it appeared to be yet another number. It is touted as a 'security' feature by Apple to prevent tracking of mobile phones.
This has now apparently rendered the Parental Control on the router unworkable as it relies on MAC filtering. Is anyone also aware of this, and any suggestions for a solution?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Blame Apple. With IOS 14, they added a feature to help prevent tracking of your iphome/iPad.
See https://support.apple.com/en-us/HT211227
- Copy Link
- Report Inappropriate Content
I had noticed this. But it also seems to be happening with Android. I have another phone which seems to be doing the same.
This must be somewhat dubious, presumably it will allow, say, criminals to hide their movements too.
Since this will make MAC filtering impossible to use I need to find another solution. I am considering using a guest network but can't work out yet how I can set up a time schedule to only allow access at certain times.
- Copy Link
- Report Inappropriate Content
Might try a different way.
ACCESS CONTROL. Only allow MAC addresses to access the router. Should work I'd think? Change the MAC Address, can't connect?
Under Security tab:
- Copy Link
- Report Inappropriate Content
Thanks, I'll have a look at that, set up a white list.
My only question would be - if I use the current MAC address for each device for the white list, access will be denied if the MAc address changes. So that device will have no WiFi access. But I want to allow WiFi access for certain periods of the day. Not sure if this would work.
- Copy Link
- Report Inappropriate Content
The way I read that Apple reply was that it uses a different MAC for each network. If so, then the MAC may not change between networks.
Quote: To improve privacy, iOS 14, iPadOS 14, and watchOS 7 use a different MAC address for each Wi-Fi network. This unique, static MAC address is your device's private Wi-Fi address, used for that network only.
Also it appears the 'Private Address' setting may make the phone keep the MAC the same.
Some routers do allow time settings for the guest network.
- Copy Link
- Report Inappropriate Content
This doesn't appear to be the case here. I changed the MAC address in the filter to the one that was logged in on the WiFi for the device. Next time I checked, next day, it had changed. I am also seeing this with an Android device, a OnePlus Nord N105G.
Regarding the guest network, my router doesn't seem to offer any time settings. It's probably too old. I am reluctant to pay out for a new modem/router without being sure that what I need to do will be possible with it. I'm going to have to give it some more thought.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Mikejd wrote
This doesn't appear to be the case here. I changed the MAC address in the filter to the one that was logged in on the WiFi for the device. Next time I checked, next day, it had changed.
I've seen reports of that happening too. Matter of fact, I think Apple actually changes it every 24 hours on every network?
Look at this link, https://www.techrepublic.com/article/how-to-manage-or-disable-mac-randomization-in-ios-and-ipados-14/ for instance.
I've seen other pages where the 'instructions' fo disable the feature forces you to REJOIN the network, but that never happened when I did it? Possibly why it changed? Might need to both FORGET the network (SSID's used on the same router are on the same network 'name' so that should not be an issue), and also RESTART the device.
I had a problem with my iPhone 12 making calls with it on, had to bet the mobile carrier to do some 'tricks' and I had to reboot the phone with the feature off to make calls.
BTW, even with the feature on it seems it will also change the MAC address every 24 hours, especially if you disconnect from the network. A lot of how that works has not be revealed by Apple.
- Copy Link
- Report Inappropriate Content
This is all very interesting and useful. I think I need to take some time to work on this. That articlw linked above looks to provide some useful information also.
I am pretty sure that the iPhone at least is changing every 24 hours. The individual devices will be logging off the modem at times during the day as the kids go out, so have to log back in. I did turn the feature off in the phone but it seems to be back on, whether by the kid or somehow else. I don't think this is a good way to go because there is nothing to stop them changing it as they have easy access to the settings.
I'm coming round to having the guest network as long as I can find a way to control the time schedule. It would have separate login and password to the main network and only the kids would use it. I will have to try to find a suitable modem for this.
It seems to me that Apple might regard this as a desirable feature but I don't think it has been fully thought through. Some of the implications only appear after its implementation.
Thanks for all your assistance, I will need to take some time now to try to work out my best plan.
- Copy Link
- Report Inappropriate Content
If they are changing the option to change the MAC, with white list, they would need to use the same MAC to connect.
OR
If you have an old modem to could set it up in AP mode. If it has WIFI power controls, use them. If not, have a timer to power it on/off at the desired times. Just do not tell them how it works as that can be bypassed.
OR
Get an inexpensive extender such as the RE220 and put them on it and off of the main router and you can control the time schedule in the extender controls and/or the main router's controls.
OR
Just give up as there are other ways to bypass the controls if they are on the main router.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1608
Replies: 10
Voters 0
No one has voted for it yet.