how do i restrict user from wifi router
- Thread starter bez2ap
- Start date
Someone Somewhere
Titan
- Sep 23, 2012
- 22,291
- 8
- 84,965
You could try blacklisting their MAC address in your router.
However, if they have another device or are even a little bit competent, this won't work.
You really need to change your password or move to a username-password login.
However, if they have another device or are even a little bit competent, this won't work.
You really need to change your password or move to a username-password login.
As an extension of Someone Somewhere's idea you can actually gather all the MAC addresses of devices you want to connect and make those be the only ones the router will talk to. This is more secure, but also adds more work to you when you want to connect a new device to the network.
Someone Somewhere
Titan
- Sep 23, 2012
- 22,291
- 8
- 84,965
As someone somewhere is saying, the whole MAC blacklist thing is only usefull for people that have no networking skills.
The mac address portion is not encrypted even if your web traffic is, thus any knowledgeable person can sniff valid mac's out of your wifi signal and then spoof their mac to allow them in.
Changing the password is the only way to go about.
Also, if your router has WPS button, disable that garbage immediately. Any 12 yr old can get an app for their phone to hack into your router via WPS.
The mac address portion is not encrypted even if your web traffic is, thus any knowledgeable person can sniff valid mac's out of your wifi signal and then spoof their mac to allow them in.
Changing the password is the only way to go about.
Also, if your router has WPS button, disable that garbage immediately. Any 12 yr old can get an app for their phone to hack into your router via WPS.
alexandergc
Distinguished
- Jan 8, 2012
- 193
- 0
- 18,760
People need to start asking the difficult questions like, "Why would you give your wifi password to someone you don't want on your network?" 
In any case, your average user will never be able to bypass MAC filtering, so that's always a good bet.
Otherwise, just kick them off the network by changing the password.
I don't see how that's a problem.
If your question about restricting them actually means reducing the bandwidth they consume, you'll need to implement QoS, preferably on the router for best results.
In any case, your average user will never be able to bypass MAC filtering, so that's always a good bet.
Otherwise, just kick them off the network by changing the password.
I don't see how that's a problem.
If your question about restricting them actually means reducing the bandwidth they consume, you'll need to implement QoS, preferably on the router for best results.
capt_taco
Splendid
- Aug 5, 2009
- 2,567
- 0
- 21,460
alexandergc :
People need to start asking the difficult questions like, "Why would you give your wifi password to someone you don't want on your network?"
In any case, your average user will never be able to bypass MAC filtering, so that's always a good bet.
Otherwise, just kick them off the network by changing the password.
I don't see how that's a problem.
If your question about restricting them actually means reducing the bandwidth they consume, you'll need to implement QoS, preferably on the router for best results.
In any case, your average user will never be able to bypass MAC filtering, so that's always a good bet.
Otherwise, just kick them off the network by changing the password.
I don't see how that's a problem.
If your question about restricting them actually means reducing the bandwidth they consume, you'll need to implement QoS, preferably on the router for best results.
+1 to all of this.
If you're dealing with a sophisticated criminal or someone who REALLY wants to get into your network, then MAC filtering is easy enough to get around. If it's your old roommate, he'll probably just give up and go home. (The same goes for 99% of the general public)
Changing the password would probably be both simpler and more effective anyway, though.
Allowing access but restricting bandwidth is more complicated. You can use QoS to give higher and lower priority to different devices, but that's only partially effective. Assigning a hard bandwidth limit is possible with some devices but admittedly over my head to explain. Again, if it's just some random person and you don't want to lock them out of the network entirely, probably the most effective way to deal with it is to have a polite chat with them about not hogging all the bandwidth.
alexandergc
Distinguished
- Jan 8, 2012
- 193
- 0
- 18,760
Additional Answer:
If you have to share the network with a bunch of people that you're not really close with, you might want to start looking into using something like DD-WRT, OpenWRT, PFsense or m0n0wall as custom router firmware so that you can implement some advanced QoS and bandwidth management.
I'm not gonna go into specifics here because the whole subject takes ages and ages to learn (I'm still learning myself), but as far as my personal experience goes, m0n0wall gives you an easy solution with the "Split Bandwidth Equally Among All Users" option. All the other firmware I've mentioned CAN do the same thing, but without the one-click option that m0n0wall has. (I'm not sure if DD-WRT/OpenWRT has the option now, but PFsense definitely doesn't.)
A big difference about these custom firmwares is that you can install all of them (OpenWRT might not) on an old PC and have THAT run as your router. When you compare the processing power of even a junk PC running a Pentium 4 or Celeron at >2GHz with 2GB of RAM versus a generic router on 200MHz and 16MB of RAM...the difference is crazy.
You'll need to do your homework on configuration and proper routing though!
If you have to share the network with a bunch of people that you're not really close with, you might want to start looking into using something like DD-WRT, OpenWRT, PFsense or m0n0wall as custom router firmware so that you can implement some advanced QoS and bandwidth management.
I'm not gonna go into specifics here because the whole subject takes ages and ages to learn (I'm still learning myself), but as far as my personal experience goes, m0n0wall gives you an easy solution with the "Split Bandwidth Equally Among All Users" option. All the other firmware I've mentioned CAN do the same thing, but without the one-click option that m0n0wall has. (I'm not sure if DD-WRT/OpenWRT has the option now, but PFsense definitely doesn't.)
A big difference about these custom firmwares is that you can install all of them (OpenWRT might not) on an old PC and have THAT run as your router. When you compare the processing power of even a junk PC running a Pentium 4 or Celeron at >2GHz with 2GB of RAM versus a generic router on 200MHz and 16MB of RAM...the difference is crazy.
You'll need to do your homework on configuration and proper routing though!
- Oct 31, 2003
- 5,213
- 0
- 36,960
+1 to changing the password. You should also change the router's password as well, and disable WPS.
Facebook
Twitter
Instagram