Block unknown devices on Deco M9 - user changes MAC address to fool parental controls
Hi all,
I've been using the Deco M9 Plus for a couple of days now and I'm very pleased with it. The wi-fi is excellent in whole our house. And especially the parental controls are very valuable too to control the extensive use of internet of some of the users.
I have a question however. Is there an option to (automatically) block unknown devices on the network? I'm familiar with the blacklist option but I wouild like to see a whitelist for devices as well. The problem is that one user in our home is smartass enough to change the MAC address of his computer each time the parental control blocks his internet. Ofcourse the Deco notifies me that a new device is noticed on the network and than I can manually block the device but is there anyway it can be done automatically?
The Deco acts like a router and is directly connected to my ISP modem.
Is there any other option to block unknown MAC addresses from the internet should there be no possibility to achieve this with the Deco?
Thanks for your replies.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Yes, and it's the default behavior (even for pre-existing WLANs) on upgraded IOS devices. You can turn it off (on the client device) on a per SSID basis of course (if you can stop the "children" from turning it back on).
The real problem here of course is that since virtual MAC is the "default value" ... that means IOS automatically evades parental controls and you need advanced networking skills to even understand how to solve the problem. The easiest way to deal with this would be to create a default profile for new devices, and let the user tune the default group policy.
I'm going to guess over the next several weeks as the vast majority of IOS devices are upgraded to IOS 14 -- parents are going to be really confused why none of their parental controls are working -- with no guidance on how to solve the problem. A KB entry on how to turn of virtual MAC for the ios wifi interfaces would be a good start.
- Copy Link
- Report Inappropriate Content
The parental controls are useless now
- Copy Link
- Report Inappropriate Content
@Kevin_Z I am a brand new Deco 9 user but will unfortunately have to return this product if there is no indication when the whitelist functionality is coming. As a parent of teens, the Deco 9 parental controls are completely useless without it. And parental controls was the main reason I bought the product. This feature has been in your dev team's hands for two years now based on this forum's comments, so unless you can give us a delivery timeframe, I'm not hopeful.
Too bad, good product otherwise. I will have to update my Amazon review with the bad news for parents.
Matt
- Copy Link
- Report Inappropriate Content
@7dwergen Yes this is a serious flaw in the design of the system. At anytime my kids can change their MAC address and get complete access to the internet - with NO parental controls. The black list is useless. What needs to happen in that all new devices get put into a special "waiting room" - or Purgatory. And they can wait for me to assign them to a person.
- Copy Link
- Report Inappropriate Content
@Kevin_Z I do understand we're in a pandemic. And companies are feeling the strain. But on the flipside, we are even more reliant on our online family presence.
kids homeschooling. Working from home. Managing the network has become even more important. As the kids are online far longer. And its becoming harder to police them
my son works off a spoofed mac address and is up until 5am most mornings.
yes it is possible for kids to spoof mac addresses of already approved devices. But some sort of control is a start. And it would be up to the development team to find a way around it.
changes that would inprove the functionality of the parental controls include:
- approve all new devices. Even if they have joined before
- whitelist
- parental control temp override. The ability to override a parental control for a period of time. So extend for say 30 min. 1hour. 2 hour. Half a day. All day. As a one off. This will mean you don't have to alter your PC settings for a one off situation (eg. daughter needs internet access to do her homework for an hour during her internet down time)
i actually have a M4. But the principals still apply
Apparently, this is being worked on by the developers according to deco support. But it's taking forever with no estimated roll-out date. Ive had quite a few parents looking for a similar set up ask me how effective the deco is with parental controls and I've had to give them the pros and cons.
- Copy Link
- Report Inappropriate Content
@TheBuzzard I'm also noticing one of the kids constantly changing the Mac address on his laptop and thus circumventing the parental controls.
I don't want to keep manually blocking the new addresses so a whitelist or default profile for new devices would be very very useful. (the default profile would then indeed include no access at all or parental control for 3 year olds :P)
For now this resulted in him having to put his laptop downstairs when it's bedtime because teenagers seem to forget their promises a few seconds after they made em...
- Copy Link
- Report Inappropriate Content
Well I've no "smart-ass" kids as yet, but I'm sure they will figure it out soon.
I've gone to great pains to ensure I kept router functionality for the parental controls (as opposed to access point mode, which would have been an easier setup). I noticed this flaw in the system on one of my own devices, which is Android 10, which like iOS 14 has randomised MAC addresses by default.
I don't want to be 'watching' for new devices on my Deco, in fact, I don't want any new devices added by default, if it's a MAC address it's not seen before it should be treated differently. Many of the suggestions on this thread are good, anything would be better than the current setup.
- Copy Link
- Report Inappropriate Content
@EDuff Does anyone know an alternative wifi mesh network that implements a whitelist. I have had enough and need a solution.
- Copy Link
- Report Inappropriate Content
@EDuff I believe Netgear Orbi has a whitelist option, but I moved away from Orbi to Deco because of the inferior mesh performance and overall crappy firmware so don't really want to advise you that...
Still hoping/waiting for TP-Link to fix this :-(
- Copy Link
- Report Inappropriate Content
Information
Helpful: 37
Views: 39292
Replies: 133