Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Tanquen]

I know not broadcasting the SSID and using MAC filters aren’t supposed to do much for security but I’m also using WPA2 Only with AES. Anyway...

I let my tenant use the WiFi and the boyfriend has add an Apple Airport Extreme with guest access.  She said she needed a Net Extender to use an IP phone for work and I set that up for her. It looks like he has made a LAN connection to it and it shows up on the D-Link LAN COMPUTERS list. Even though it’s not on the MAC whitelist, I’m guessing the DIR-655 is letting it through because it’s going through the whitelisted Net Extender. Oddly the Net Extender is not on the WIRELESS STATUS page.

This may sound trivial but I’ve seen performance issues and he is blasting full strength over and above my DIR-655 on the least crowded channel and the tenant knows that I’m not cool with just adding stuff to my network.

What options do I have? I’m tempted to just block all the websites he goes to in ACCESS CONTROL. I’ve never used it but I see it also has a Block All Access. Would that work?

Also:
My trusty old DIR-655 still works fairly well. I do have to reboot it once in a great while. I’ve been wanting to upgrade for some time but all or many of the new ones seem to be huge and have a bunch of antennas. Any suggestions would be great.

[FurryNutz]

Link>Welcome!

• What Hardware version is your router? Look at sticker under the router case.
• Link>What Firmware version is currently loaded? Found on the routers web page under status.
• What region are you located?

Does his PC show up as a new MAC address or is it masked by the Airport Extreme repeater? If it shows up as it's own MAC address, can you put this Mac Address in to the black list.

[Tanquen]

DIR-655
Hardware Version: A4
Firmware Version: 1.37NA
U.S.

The Apple Airport shows up with a MAC and IP address in the LAN COMPUTERS list. I've not seen the devices that access the Apple Airport. I think any PC or Phone he is using is masked because I see Facebook and Google IP addresses in the INTERNET SESSIONS log from the Apple Airport IP address.

It looks like you have to choose a White or Black list.
ADVANCED -> NETWORK FILTER -> 24 -- MAC Filtering Rules

Again, there is a Block All Access by MAC address in the ACCESS CONTROL.
ADVANCED -> ACCESS CONTROL

[FurryNutz]

Ya I was afraid of that. The Apple is masking whats connected to it. Probably not much you can do unless you can find a repeater or bridge device that doesn't masks the IP addresses of devices that are connected to it.

You'd have to block the Apple entirely or make a schedule when it can connect and when it's blocked. Not sure how the other party would take that.

Only other suggestion would be to install a LAN wire connection to her apt, then set up the Apple as a LAN to LAN AP mode in her apt. Then the Apple would not mask the MAC and IPs from devices that are connected to it as the LAN to LAN AP is working as a pass thru and gets there IP address from your router. If you want to do it this way. Suggestion only.

[Tanquen]

So again, there is a Block All Access by MAC address in the ACCESS CONTROL.
ADVANCED -> ACCESS CONTROL

Would that not do it?

It odd that the Airport with it's MAC is listed under the LAN devices but the DIR-655 is giving it an IP and letting it on the network but it's not on the list.

Would a newer router let you do white and black lists at the same time?

[FurryNutz]

It would have to be the MAC address of the repeater...which would block all that was connected to that repeater.

[Tanquen]

So all the MAC funcions only work with the device that is directly connected?

I mean the extender is not masking the MAC of the Airport. It's listing it's MAC and IP so why can't I block it and not the Extender?

[FurryNutz]

Yes.

So is the MAC address of the PC being seen or the MAC address of the extender?

If only the MAC address is showing then that can only be blocked if it's masking the MACs from the other devices connected to it. If the other MAC addresses of the offending devices are appearing on the 655, then those can be blocked and you don't need to block the extender.

[Tanquen]

No.

The Apple Airport has been connected to the Net Extender.

Router--> Net Extender --> Apple Airport

The DIR-655 lists the MAC and IP addresses of both in the LAN status. So I can see the MAC and IP addresses of the Apple Airport and the Net Extender it is connected to.

So again, there is a Block All Access by MAC address in the ACCESS CONTROL.
ADVANCED -> ACCESS CONTROL

I just added my phone to an ACCESS CONTROL filter and set it to block all access based on the MAC address and that blocked it. Thinking the same would work for the MAC addresses of the Apple Airport. But I should not have to as the MAC addresses of the Apple Airport is not on the white list.

[FurryNutz]

Then it would be the Apple Airport then you would need to block

[Tanquen]

Right, it's just that the White List is not so I did not know if the ACCESS CONTROL would.

Seems odd that it's not blocking that MAC address even if it's second hand through the Net Extender.

Anyway, I'll try the ACCESS CONTROL option.

[FurryNutz]

Let us know how it turns out.

[Tanquen]

Not looking like it works. I guess you can't add a Net Extender without opening your network to anything that someone connects to it. That seems like a bug.

When I block my phone from the DIR-655 there are no more INTERNET SESSIONS logged for its IP and and there are rejected packets from it's IP in the Logs. But its like I did not even add the Apple Airport. Still has INTERNET SESSIONS logged and no rejected packets.

With the DIR-655 it looks like I'd have to block the Net Extender and everything that is connected along with it. Even though the DIR-655 knows the MAC address it won't do anything with it.

[FurryNutz]

Ok, Yes the Net Extender would need to be blocked I presume as it's the main device thats connected to the 655.

The Net Extender doesn't show up at all on the 655 list any where? If you can get the MAC address of it, you could try to manually input that into the blocked list.

I presume you don't have access to this extender by chance do you?