MAC Filtering Issue

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Author Message
Herbaldew
DD-WRT Novice


Joined: 21 Sep 2021
Posts: 11

PostPosted: Thu Sep 23, 2021 16:15    Post subject: MAC Filtering Issue Reply with quote
I just started exploring dd-wrt yesterday. All has went fine except wifi speed on iPhone and MAC filtering. I just saw the wifi setup guide and will explore the speed issue later (it is drastic, 600 Mbps stock, 100 Mbps dd-wrt).

The MAC filtering issue I don't see anything about. I have around 15 devices and have setup MAC filtering to only allow them. Again, my iPhone is at issue - all the devices connect fine with these settings, my iPhone will not connect at all.

I have tried several versions, the latest being r47474 all with the same results. This was with a full reset between versions. I am on stock firmware right now so can't look to get the verbage exact, but there is a button to show clients on the screen where you list the MACs to be filtered. The iPhone shows up there and whether I check the box there, list the MAC manually or both, same results, the iPhone will not connect.

Netgear R7500v2

Any ideas?

Thanks
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Thu Sep 23, 2021 16:21    Post subject: Reply with quote
Is said iPhone configured to use MAC randomization in it's settings or no?
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Herbaldew
DD-WRT Novice


Joined: 21 Sep 2021
Posts: 11

PostPosted: Thu Sep 23, 2021 16:31    Post subject: Reply with quote
No, it is not.

I use MAC filtering on stock firmware also, no problem there.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Thu Sep 23, 2021 16:50    Post subject: Reply with quote
Hi and welcome,
there are few other ways how to let only those clients that you need...either via IPTABLES rules or via DNSmasq rules...

so, the easiest one is to add static leases for each client...
add rules in this format in advanced DNSmasq box

dhcp-host=11:22:33:44:55:66,zinc,192.168.1.30,infinite

-change zinc to whatever name and make sure it does not contain spaces or special symbols
-change 192.168.1.30 to whatever IP's you are running in your network

Than on Basic set up page >Maximum DHCP Users select the number of hosts down to the count you have only lets say 15 and all those have a line in advanced DNSmasq with ip and name

---------------------------------------------
here is another approach

Use dnsmasq and additional options:
Code:
dhcp-host=11:22:33:44:55:66,set:known
dhcp-ignore=tag:!known

First directive will send extra options tagged as "known" to machine with Ethernet address 11:22:33:44:55:66.
The other directive will ignore any clients which are not specified in dhcp-host lines. Equivalent to ISC "deny unknown-clients".
This relies on the special "known" tag which is set when a host is matched.
On linux (!) means NOT.

regarding your Iphone not connecting it could be various reasons...
1.try to give it a short name without spaces and symbols like iPhone13
2.give it a static IP...but make sure you turn off the private address option in it wi-fi settings as it scrambles the mac address on every connection..
3. have a good read and use those settings from here
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324014

----------------------------------------------------------------
you can also use a iptables rules to do the same
https://wiki.dd-wrt.com/wiki/index.php/Iptables_command

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Thu Sep 23, 2021 17:02    Post subject: Reply with quote
Interestingly enough, I just tested this on an anemic antique TL-WA901NDv2 on 47474 to only permit my cheapo Samsung J727A Android phone without issue. I just added the config and applied; no reboot to test whether or not that is a factor. You may need to "forget network" on iPhones; they are a little quirky about these things. From what I understand, iOS/iPadOS 15 is out now... more Apple nonsense to troubleshoot!
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Herbaldew
DD-WRT Novice


Joined: 21 Sep 2021
Posts: 11

PostPosted: Thu Sep 23, 2021 18:22    Post subject: Reply with quote
kernel-panic69 wrote:
You may need to "forget network" on iPhones; they are a little quirky about these things.

Bingo! That took care of that issue - off to see what I can do about the speed now.

Thanks to you and Alozaros for your input.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Thu Sep 23, 2021 18:54    Post subject: Reply with quote
You're welcome; the Apple nuances are old hat for me. That one in particular is not a DD-WRT specific issue, though. It's been around since 2007 and doesn't care what firmware the AP is running it connects to.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Herbaldew
DD-WRT Novice


Joined: 21 Sep 2021
Posts: 11

PostPosted: Mon Sep 27, 2021 22:53    Post subject: Reply with quote
Herbaldew wrote:
Bingo! That took care of that issue - off to see what I can do about the speed now.

Ooops! Un-"Bingo" that.

The speed was easy - changing channel width to VHT80 increased speed from ~100 Mbps to 500+ Mbps.

I thought re-adding the network info fixed the MAC filtering issue, but when I starting playing with dd-wrt again, I just couldn't get it to consistently work.

I started from scratch again today and it worked fine again...until I quit broadcasting the SSID.

I waited for all three IOS devices in the household to be home and played some more and found consistency.

My 17 other wifi devices work fine without the SSID broadcast, neither of the three IOS devices do.

I know there is no security advantage in hiding the SSID, I just have always done so and prefer to. That said, if I want to stay using dd-wrt I guess I will have to unhide it. There are plenty of posts on the internet about this problem, but no other solution that I have found.

Odd that this has was never an issue on either of my Netgear routers with stock firmware.
Herbaldew
DD-WRT Novice


Joined: 21 Sep 2021
Posts: 11

PostPosted: Mon Oct 04, 2021 19:31    Post subject: Reply with quote
I acquired an R7800 over the weekend and played with this some more. Both the R7500v2 and the R7800 behave the same as far as this issue goes.

To clarify my previous postings on this (referring to IOS devices)...for both routers I can hide the SSID and all is fine. I can restrict access by MAC and all is fine. However, if I hide the SSID and restrict access by MAC the IOS devices will no longer connect (all other devices do connect).

Not asking for this to be addressed, just wanted to clear up what I had already posted.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Mon Oct 04, 2021 19:43    Post subject: Reply with quote
You're not making anything any more secure by hiding the SSID. I can connect (or attempt to connect) to any Wi-Fi in my neighborhood without the SSID being broadcast fairly easily. I would rely on MAC filtering before relying on hiding the SSID... but MAC addresses can be spoofed. No perfect solution.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Herbaldew
DD-WRT Novice


Joined: 21 Sep 2021
Posts: 11

PostPosted: Mon Oct 04, 2021 19:54    Post subject: Reply with quote
Herbaldew wrote:
I know there is no security advantage in hiding the SSID, I just have always done so and prefer to.


Yep - I am aware, but thanks anyway.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum