Connection problem with MAC filter on router activated
I am using as router ASUS RT-N66U and have successfully set up my AC750 RE200 extender (only for 2.4G). LED shows on extender OK. My ASUS router sees the extender connected and shows a MAC address for it: XX:XX:XX:XX:XX:39 (anonymised by me). I am using a MAC filter on on my router to restrict 2.4G WiFI access to it, but had deactivated the MAC filter during installation of the RE200 as per user guide. Upon activation of the MAC filter on the router, with the newly found MAC XX:XX:XX:XX:XX:39 included, the LED on the extender switches off and the MAC address disappears from the connection list on the router. Rebooting the RE200 at that stage does not help. Switching off the MAC filter on the router re-establshes the connection. I have not yet connected any device yet to the extender. I checked on the GUI of the extender that the client list is indeed empty. I will appreciate your help.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Further to my reply of March 4th, I am happy to let you know I have been able to resolve the connection problem. It turned out that my ASUS router RT-N66U has a "Wireless Log" which sits under the tab "System Log". The wireless log shows which MAC addresses are connected to the router. With the MAC filter switched off, this log had one entry more than what was shown in the Wireless Client list of the Network Map that I had been using (which shows MAC and related IP addresses). The additional MAC address apparently is not bound to an IP address and disappeared when I switched off the RE200. So, this must be the extra MAC address that HenryC was referring to in 2018 on this forum. I noticed that the extra MAC address was quite different from the RE200 one that did connect with an IP address.
I have now added this undocumented MAC address to the MAC filter list. With the filter activated, connection with the RE200 works normally.
Finally, I noticed that the extra MAC address showing in the wireless log for 2.4G is not showing in the log for 5G. Rather, yet another undocumented MAC address appears in that log. Upon adding that other address to the 5G MAC filter, 5G connectivity with the RE200 works also normally with the filter activated.
It would have saved quite some time if tp-link had chosen to make this information available to the users through the user guide.
Please mark my post as SOLVED. Thank you.
- Copy Link
- Report Inappropriate Content
Hello, considering the mac filtering entries you need add, it is not suggested to enable MAC filtering feature on the router. Reasons are listed below: first, the extender connects to the router, to make the extender work, MAC address of the extender need to be added into the whitelist; on the other hand, for those devices which connect to the RE200, we also need to add their mac addresses into the whitelist to allow them access internet; besides, considering these devices may connect to the main router directly, and there will be a new MAC address for them due to the proxy mode, we need to add the virtual MAC addresses into whitelist as well. It is very complicated, and with more and more devices connected to the extender, more entries we need to create under the MAC filtering page to make them work.
Therefore, if you want to limit the access of devices which connect to the RE200, you can use the access control feature on the extender itself to block/allow specific device.
https://www.tp-link.com/support/faq/1404/
May it help.
- Copy Link
- Report Inappropriate Content
@Kevin_Z ,
Thank you very much for your detailed answer. However, this will not solve my problem. I will explain below.
I use the extender precisely as it is designed for: to extend my WiFi coverage at home to a location far from my main router. This means I have already several devices connected through WiFi in several places in the house where the router has sufficient signal strength. I need security on my WiFi network, so I use the whitelist MAC filter on my router for these devices. This works perfectly OK, and needs to continue to work.
The RE200 extender is needed to add a device that is farther away in my house and WiFi signal quality of the router is low at that location. With the whitelist MAC filter switched off I have a good WiFi connection to the RE200 that I put at an intermediate location in the house, as per guidelines. Subsequently, I have now connected the far-away device to the RE200, after that I disconnected it from the router WiFi network. This device will not reconnect to the router network again, because I changed the settings. I have activated the whitelist on the RE200 and included the original MAC address of the far-away device. This also works perfectly OK. With the extender connected to router WiFi network and the MAC whitelist filter on the router still switched off, I picked up the virtual MAC address of the far-away device as now registered on the router. The virtual address was generated by the RE200 precisely as was documented in your documentation on the tp-link website, so it was easy to recognise. As per your documentation, I have added the virtual address to the whitelist MAC filter on the router. However, when I re-activate the whitelist MAC filter on my router, the Wifi connection to the RE200 breaks: my router does not list the RE200 (nor the far-away device virtual MAC) and at the same time the Wifi connection LEDs on the RE200 are switched off.
When I de-activate the whitelist MAC filter on the router, the RE200 re-appears on the router and the virtual MAC address is also again visible on the connection list of the router. You will understand that leaving the MAC filter deactivated on my router just to facilitate connection of one far-away device, with many more devices already on my WiFi router network would mean a serious security exposure. I still hope that Tp-Link provides the right technology to facilitate my RE200 connecting to my main WiFi network in a secure manner.
Also, please note the original post is about the connection problem I already have without any devices connected to the RE200. Virtual MAC addressses should not have played a role there. I then went ahead assuming the absence of a device connecting to the RE200 could possibly have triggered my problem. This has now turned out to be not the case.
Finally, I noticed on the forum a suggestion to add to the whitelist MAC filter an undocumented extra MAC address for the RE200. I tried this, but was not lucky in identifying the correct additional MAC address for my own RE200. I also used Wireshark to monitor WiFi traffic on my router, but was not able to detect which additional MAC address could be in play.
I will appreciate you help!
- Copy Link
- Report Inappropriate Content
Further to my reply of March 4th, I am happy to let you know I have been able to resolve the connection problem. It turned out that my ASUS router RT-N66U has a "Wireless Log" which sits under the tab "System Log". The wireless log shows which MAC addresses are connected to the router. With the MAC filter switched off, this log had one entry more than what was shown in the Wireless Client list of the Network Map that I had been using (which shows MAC and related IP addresses). The additional MAC address apparently is not bound to an IP address and disappeared when I switched off the RE200. So, this must be the extra MAC address that HenryC was referring to in 2018 on this forum. I noticed that the extra MAC address was quite different from the RE200 one that did connect with an IP address.
I have now added this undocumented MAC address to the MAC filter list. With the filter activated, connection with the RE200 works normally.
Finally, I noticed that the extra MAC address showing in the wireless log for 2.4G is not showing in the log for 5G. Rather, yet another undocumented MAC address appears in that log. Upon adding that other address to the 5G MAC filter, 5G connectivity with the RE200 works also normally with the filter activated.
It would have saved quite some time if tp-link had chosen to make this information available to the users through the user guide.
Please mark my post as SOLVED. Thank you.
- Copy Link
- Report Inappropriate Content
Thanks for your reply, glad to hear that you figured it out.
Cause the extender works in proxy mode, the MAC address will be different from the original one, and we need to add those MAC addresses into the MAC filtering list to make the extender work.
And thanks for sharing it again.
Good day.
- Copy Link
- Report Inappropriate Content
@jgm I just bought the RE205 to extend my Archer C9. I had the same problems as you and almost gave up.
I managed to find all the seven (7!) MAC addresses for the RE205 that needed to be added to the Archer whitelist. I turned off the access control of the router and after having connected several times from the extender I eventually found four MAC adresses for 5GHz, two for 2.4GHz, and one for the RE205 extender itself. I added these to the whitelist of the router, turned on access control, and voilá - I had connection between extender and router on both 5GHz and 2.4GHz and all blue leds are shining. But no Internet!
I found the solution to that problem here: https://community.tp-link.com/en/home/forum/topic/198516. I used the solution for case 3. And voilá I had Internet connection! But my gadgets were not let through! It turns out that the RE205 extender takes the MAC adresses of the gadgets in its whitelist and changes them. The last three groups of digits are the same, but the first three are exchanged for the first three of the extender itself.
So if we have an example made-up MAC address like this for the extender - A1-B2-C3-E4-F5-08 - and - A2-B3-C4-E5-A6-D8 - for e.g. your mobile phone, the extender will send A1-B2-C3-E5-A6-D8 for the phone to the router. This means that you need to add these MAC addresses to your router's whitelist. For each gadget that needs to connect to your router, you need to have the gadget's own MAC address and the gadget's MAC address generated by the extender in the router's whitelist. In the whitelist of the extender you need to add the gadget's own MAC address.
This solved the problems for me and I now have 5GHz and 2.4GHz connection to the router using whitelists for both router and extender. And I have Internet connection for both.
I hope this will help you.
- Copy Link
- Report Inappropriate Content
31st of October 2020... The story goes on...
The SAME problem with AC750 RE190! Unfortunately, I have just read this topic, but good to know, to go back and buy something else, better and more simple than TP-Links with no limited hidden MACs...
Question for @Kevin_Z: Are you serious??? Have you heard about Cyber Security and Cyber Attacks? I don't understand why you recommend not to use the MAC filter under the current circumstances... I have some options in settings and it is my option to choose what to do with my router. No more comment...
@OTS What programmes did you use to find out the MAC addresses?
Thank you!
- Copy Link
- Report Inappropriate Content
I used no special programs, I just turned on and off mac filtering on both the router and the extender systematically to find all mac addresses of connected devices. It took a while...
Unfortunately, my TP router recently crashed permanently and I had to by a new one. Of variuos reasons I bought an Asus router and there should be no problem to make that and the TP extender cooperate - haha, funny! That did of course not work of reasons I don't know. Luckily, the Asus router has better range and I don't need the extender any more.
So, I solved the extender mac filtering problem and it worked well - for a couple of months...
I hate to fiddle with network stuff like this. It happens rarely enough that I never have active knowledge of it. And I believe that there is something wrong in the business when consumer products and household devices are so complex and poorly designed that the makers of them urge you to not protect your network just because it is so complicated. The err is not on the consumer side I say...
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 4461
Replies: 7
Voters 0
No one has voted for it yet.