Devices reconnecting after being blocked

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Devices reconnecting after being blocked

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Devices reconnecting after being blocked
Devices reconnecting after being blocked
2024-03-20 14:06:13
Model: Deco M5  
Hardware Version:
Firmware Version: 1.7.3 Build 20230906 Rel.59213

When a device has been blocked on my Deco app they have found a way to reconnect to the WiFi by 'forgetting' the connection on their phones and reconnecting to the internet. Is they a way to stop people connecting unless they have been 'approved' on the app? 

  2      
  2      
#1
Options
4 Reply
Re:Devices reconnecting after being blocked
2024-03-20 14:26:34

  @Dee_Evans it sounds like their devices are using a random MAC address to bypass your blacklist/blocking. The only way to prevent them joining the network is for TP-Link to update the firmware of the router to create a whitelist of approved devices instead of a blacklist (which in a world where most mobile devices have random MAC addresses by default should be a standard feature).

 

Assuming the devices aren't owned by friends or family, you should also come up with a better wifi password and change your network SSID after hiding it to improve your security.

XE75 V1.0 3-pack / Wired backhaul / Router mode / UK
  1  
  1  
#2
Options
Re:Devices reconnecting after being blocked
2024-03-20 15:08:07 - last edited 2024-03-20 15:10:21

  @Dee_Evans 

 

To add to what was said by @Wrayman  

 

This feature is called "Allow List" and is documented here: How to configure Wi-Fi Access Control on your Deco

 

This feature is not available for Deco M5, and might never be as M5 is reaching or already reached End of Sale status. It is unlikely TP-Link will release firmware update with new features for M5.

 

If you need "Allow List" feature, you may need to buy Deco that supports it, from those most compatible with M5 is going to be Deco X50 or Deco X55. If I am correct, you only need Main Deco with that feature to have it for all of your Deco mesh, which means buying single X50 or X55 and making it Main Deco.

 

If you think it is also time to upgrade your Deco mesh from WiFi5 (M5) to WiFi6 (X50/X55), you can just replace all M5s you have with X50/X55s.

  2  
  2  
#3
Options
Re:Devices reconnecting after being blocked
2024-08-16 00:57:37

  @Wrayman 

Wrayman wrote

  @Dee_Evans it sounds like their devices are using a random MAC address to bypass your blacklist/blocking. The only way to prevent them joining the network is for TP-Link to update the firmware of the router to create a whitelist of approved devices instead of a blacklist (which in a world where most mobile devices have random MAC addresses by default should be a standard feature).

 

Assuming the devices aren't owned by friends or family, you should also come up with a better wifi password and change your network SSID after hiding it to improve your security.

Hi - somewhat of a novice question here but I better ask BEFORE I do something dumb.

 

OK - I think I understand the business with random MAC addresses, and how a Block List can be bypassed simply because the Block List relies on MAC address for identification, and those can be faked. Now suppose I change to Allow List mode. Won't random MAC addresses cause exactly the same problem, but in reverse? My wife's iPhone may be on the whitelist now, but if she travels and then comes back home and reconnects, her phone will generate and identify itself with a different random MAC address. Which is NOT on the whitelist, so her connection request will be rejected. Right?

 

One potential solution is to disable the generation of random MAC addresses; but while this solves one problem, it may generate worse ones - those that led to the idea

of "generating random MAC addresses" in the first place. Or am I misunderstanding this?

  0  
  0  
#4
Options
Re:Devices reconnecting after being blocked
2024-08-16 07:34:50

  @mathguy you've pretty much got it, but I wouldn't worry too much about the MAC address randomisation for your wife's phone. You can disable it on a network-by-network basis, so if you go to a cafe it will still randomise the address, but at your home the phone will know to use the same address because it's a trusted network. All you need to do is disable the randomisation for the connections you are using the "Allow List" for. On Android it's usually under WiFi settings and you just click the settings icon for your network and look for the "Privacy" settings and you can choose to use a random MAC address or the device MAC address. On iPhone they try to dumb down the language but make it more confusing to find what you're after because they don't call it a MAC address! Uncheck this box if your wife has an iPhone and you'll be able to use the same MAC address every time:

 

XE75 V1.0 3-pack / Wired backhaul / Router mode / UK
  1  
  1  
#5
Options