Access Control (MAC whitelist) being bypassed

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Access Control (MAC whitelist) being bypassed

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Access Control (MAC whitelist) being bypassed
Access Control (MAC whitelist) being bypassed
2022-02-01 19:05:57
Model: Archer C80  
Hardware Version: V1
Firmware Version: 1.10.0 Build 210716 Rel.51301n(4555)

Hello everyone,

 

I currently have an Archer C80 and another router connected to it via the LAN port to extend the range.

This other router is set to wired repeater mode and doesn't have its own mac filter settings.

In the C80, I have the Access Control set to whitelist mode to increase my network security (Which should also filter out wired connections).

I have also added the other routers Mac Address to the C80's whitelist.

 

The problem is when I test the Mac filter by removing my phone's Mac address from the whitelist, I can still connect to the network from the other router's wifi. (Both routers share the same wifi name)

 

I expected the C80 to refuse the connection since it has a DHCP server and the other router doesn't but the only thing that happens is I can not access the internet from the phone while connected to through the other router. I can still access internal devices such as printers and computers (even ones connected to C80 directly) which isn't very secure.

 

Is there a setting I can change in the Archer C80 or do I need to fiddle with the other router to also have a mac filter?

 

Thanks.

 

  0      
  0      
#1
Options
5 Reply
Re:Access Control (MAC whitelist) being bypassed
2022-02-01 22:50:35 - last edited 2022-02-01 22:57:00

@erdemozor 

 

Have you tried to reboot the C80 after removing your phone's MAC from its whitelist and test if it still behaves the same ?

Also check if you're using a private MAC address on your phone - details here.

 

If this was helpful click once on the arrow pointing upward. If this solves your issue, click once the star to mark it as a "Recommended Solution".
  0  
  0  
#2
Options
Re:Access Control (MAC whitelist) being bypassed
2022-02-01 23:28:14

@terziyski 

I tried rebooting and I can still connect via the other router.

The curious thing is it takes a long time for the phone to connect.
It looks as if it's stuck getting an ip address but after a short time it connects.

 

I've also discovered that the local ip the phone gets from the other router is the same as another client's ip (both 192.168.0.101).

These devices have completely different mac addresses. Also, I checked and I'm not using a private MAC address.

  0  
  0  
#3
Options
Re:Access Control (MAC whitelist) being bypassed
2022-02-02 01:01:50 - last edited 2022-02-02 04:08:48

@erdemozor 

 

If you have two different devices with the same IP address this would lead to an IP conflict in your LAN.

What's the make and model of the extended router ?

May be on the extended router there's a mechanism of restricting devices by a MAC address as well.

Also you can set an Address Reservation in C80 for your phone and watch if its IP address changes when connected to C80 or the extended router.

If this was helpful click once on the arrow pointing upward. If this solves your issue, click once the star to mark it as a "Recommended Solution".
  0  
  0  
#4
Options
Re:Access Control (MAC whitelist) being bypassed
2022-02-02 15:41:25

@terziyski 

 

The other router is a Xiaomi AX1800 which can change between AP mode and base station mode. But while in AP mode, it doesn't have a mac filter option.

I think I can get it to work if I set the AX1800 to base station mode and use a LAN to LAN connection but I wanted to give it a shot thinking the C80 would sort the network out.

  0  
  0  
#5
Options
Re:Access Control (MAC whitelist) being bypassed
2022-02-02 17:21:03

@erdemozor 

 

This is what I was going to suggest - using the Xiaomi AX1800 as your main router and C80 in AP mode - Case 1.

Maybe this scenario would be better in your environment.

If this was helpful click once on the arrow pointing upward. If this solves your issue, click once the star to mark it as a "Recommended Solution".
  0  
  0  
#6
Options