Feature request

[fryedchikin]

I truly don't see such a feature offering any security benefit. There are simple steps we can take to prevent a casual unauthorized user from connecting to our networks. Anyone smart enough to know how to bypass those measures will know how to clone a MAC address and bypass this method anyway. Anyone allowing non trusted users physical access to their network has much bigger issues to address IMO.

 

[dr_lucas]

We are not talking about blocking professional hackers here, but blocking the occasional user who knows your wifi login credentials and is not authorized to connect to your network.
Besides, there are some implementations of this feature with preventing MAC address spoofing. TP-LINK has one (Enable ARP spoofing defence): http://www.tp-link.us/faq-170.html

 

[ColinTaylor]

We are not talking about blocking professional hackers here, but blocking the occasional user who knows your wifi login credentials and is not authorized to connect to your network.

If you're only talking about wi-fi clients then that feature is already there with the Wireless MAC Filter. I thought you were talking about physical access to wired connections.

 

[dr_lucas]

The feature available is not for the strict binding but only enabled binding, as explained in the OP

 

[ColinTaylor]

The feature available is not for the strict binding but only enabled binding, as explained in the OP

The mechanism is different but the end result is the same. You want to whitelist Wi-Fi devices by their MAC address. Rather than doing it on the DHCP screen it is done on the Wi-Fi screen.

 

[dr_lucas]

@ColinTaylor - absolutely right, don't know how I missed it
still hope the same white-listing for LAN MACs can be implemented

 

[RMerlin]

I am a bit confused. Do you mean it's impossible to do it or you just don't have the time to?

Both.

It's impossible to do without having access to the Broadcom SDK, which costs thousands of dollars, and is only available to manufacturers. And it wouldn't work on the RT-AC87U and RT-AC88U, because these two routers use two separate switches, with no way to isolate clients between the two.

And even IF the documentation were available, it's not something I would devote time to either.

 

[L&LD]

I am a bit confused. Do you mean it's impossible to do it or you just don't have the time to?
I will gladly pay for a development of this feature, I am sure many others would be happy to as well.

Seems like a bit of both, but with a closed source drivers and documentation and the need for managed switch capabilities it doesn't even seem possible with currently available consumer router hardware and firmware .


Edit: Sorry, not only did RMerlin respond but some others did too (I thought I was responding to the last post).

 

[Carlos M.]

I came from Tomato looking a "friendly" GUI and tablet apps offering to manage the router. If you need this feature, you can move to Tomato.
You will find a Static "DHCP/ARP/IPT" graphic rule with binding and a "Ignore DHCP requests from unknown devices" option.