cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Access Controls simply do not work

loudart
Newbie
Posts: 2
Registered: Monday

Access Controls simply do not work

Monday

The implementation of access controls on the Hub Two is seriously flawed.

After I've created a group, added a device to that group and set up a schedule for that group (or just done the same on a per-device basis), NOTHING HAPPENS. The device is not blocked on schedule.

The underlying issue is that every time a device boots up, it is not recognised by the router as the same device. It has the same device name, but the IP address is different and the MAC address is different (due, respectively, to DHCP and MAC address randomisation).

Why not assign it a static IP? I hear you say. Yep, that don't work neither, it defaults back to DHCP.

None of which should be necessary anyway because the router should just recognise the device name 'teenager-gaming-laptop' and apply the rules for it accordingly.

But it doesn't. It doesn't control access at all.

The only time this actually works is when I select the device while it is turned on and on the network. Then, it works. But all that's needed to circumvent access controls is a simple reboot to get a new IP and MAC address.

Anyone been able to fix this short of buying a network access point that actually does this properly and putting that in front of the router?

Many thanks,

G

PS - I'll skip over the deeply horrid usability of it, because every router since the beginning of time has had that problem, I've worked in IT since 2002 and have yet to come across a router UI that isn't awful.

 

Message 1 of 4
(169 Views)
Reply
0 Thanks
3 REPLIES 3
Dan_the_Van
Superuser
Superuser
Posts: 4,254
Thanks: 2,553
Fixes: 124
Registered: ‎25-06-2007

Re: Access Controls simply do not work

Monday

@loudart 

Devices IP Address is assigned to a network adapter MAC address not hostname (but you'll already know that?)

If the devices are using 'Randomised MAC addresses" without turning off the randomising feature on the device, there is little you can do as the access rules will use either the MAC, IP Address or both NOT the hostname for the access rule.

The hostname is used to make it easier to find it in the attached devices list, but it is really blocking the MAC or IP. 

 

So with the HUB Two using a WAP would appear to be the sensible approach to your issue. You might want to change the admin password and either turn off the WiFi or change it's password from the default to stop unauthorised  connections

or

Buy your own router which supports a Guest Network which as the option of scheduling. Hopefully you'll get a GUI which suits your needs. 

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Message 2 of 4
(126 Views)
Reply
0 Thanks
loudart
Newbie
Posts: 2
Registered: Monday

Re: Access Controls simply do not work

Monday

I had actually forgotten that static IPs are bound to the MAC address not the hostname, that's a good point.

I'll set up the wifi and ethernet adaptors on the device in question to use a static IP address, and disable MAC address randomisation (the existence of which was news to me until yesterday, in the past you could always depend on them to be a reliable identifier).

If the teenager in question decides to undo all that, then I'll have to spend some money on an access point I suppose.

Many thanks,

G

Message 3 of 4
(115 Views)
Reply
0 Thanks
markhawkin
All Star
Posts: 842
Thanks: 232
Fixes: 18
Registered: ‎17-07-2016

Re: Access Controls simply do not work

Monday

I might look for a router with the facilities that you need and set up an isolated “gaming” WiFi network that can be controlled as needed.

The requirements are a bit beyond what the Plusnet device offers really.

I am the satisfied customer....
Message 4 of 4
(65 Views)
Reply
0 Thanks