Feature request: MAC address filtering
Are you planning on implementing MAC address filtering? I love your product and recently started using it (got 2 eeros covering my 2500 sq/ft home). Your security approach is very much appreciated, but I believe having MAC address filtering provides additional level of security, as passwords can be breached. I understand that MAC addresses can also be spoofed, but it is much more difficult. If the password is not designed to be difficult enough to guess, once it is breached, the access to network is wide open, whereas with MAC address filtering, any device without the approved address will not gain access to the network.
On the eero app, (at the point of identification of all devices), it would be helpful to have an option to approve the device's MAC address or reject it if you do not recognize it.
I use a FingBox with my Eero Pro network to block all MAC addresses automatically until I choose to unblock them.
NOTE: I'm not a Fing shill and don't have anything to do with the company, I just use their device and like it
I hope Eero adds this functionality in the future. I already owned my FingBox for this use, way be fore I switched to Eero. If that were not the case, I'd be more annoyed in spending $100 on a FingBox to add a feature which really should already be in place and free to us on Eero.
Normally FingBox is available on Amazon, but currently out of stock (due to the covid related global chip shortages I assume). It's a $100.00 device, but it works awesome for what I needed. With it in place, you just tell your son and their friends 1) they have to disable MAC randomization on their devices, 2) you then tell FingBox to allow their true MAC address and your done. If they turn randomization back on or try to spoof the MAC address, FingBox auto blocks all new MAC addresses you don't specifically white list, so the moment they try to circumvent it, they are offline again.
No need to scrap Eero, no need to set to bridge mode and get another router. Sucks to have to add $100 device to my network for this functionality, but here is hoping they'll add it in the future.
To my knowledge FingBox is still in production and will be back in stock at some point, but for now its hard to purchase...because covid.
Most devices now come with a feature spoof MAC addresses. A very useful security feature would be to link hardware to security... which you can easily do by MAC address whitelisting. This feature is not just for security.
Profile controls on eeroOS limiting access to the Internet based on MAC address. Spoofing (labelled Private Wi-Fi Address on iOS or Random hardware address on Windows 10) allows for those access controls to be circumvented by turning on the spoofing feature. Then when the admin recognizes that this has happened, that new, random MAC address can be denied access. The operator who has been thwarted at that MAC address need only to generate a new one, use the same password and be back in business. My teens figured this out and I was alerted to it by the new device notifications from the Eero app.
Just installed an eero pro 6 and i can't believe there is no ability to manage the device. All you get is an informational interface. Not even simple MAC address filtering. Being able to block a device after it's already connected to the network is pretty much worthless. I'm returning this POS and getting a secure router.
Please add a MAC white list. Tired of chasing my children around with spoofed MAC addresses. When can we expect this done?
as above...randomised mac addresses are removing any control I have over the Internet usage.
Agree that Eero needs to add MAC address whitelist capability so all new devices are automatically blocked until they've been vetted. MAC address spoofing renders parental controls useless.
Eero definitely needs a feature to either have mac address filtering or automatic deny until approve type feature. I have someone breaking the WPA2 encryption on the device and logging on, I can see unrecognized device and I can block it but then they just change mac addresses and log right back on. I have changed my WPA2 password but same thing happens. Having mac address filtering I could approve only my set of mac addresses or a deny until approve option would remedy this situation instead of me playing a cat and mouse game.
I absolutely agree, having a mac address filter is probably the most important thing to add to this system. This should be an easy addition to add, and release in a update.
Yes, we understand that a sophisticated user can get by MAC filtering. Yes, we understand this is not a final solution. That said, it would serve to stop basic abuses. You can add it to ARP table and DHCP lease limitations to make a genuine service of denying unwanted users/devices. You can do this. You know how to do this. You have heard loud and clear for more than five years that this is desired. Do it.
Mac address filtering is more of a security risk than anything else.
This is a high demand request for enterprise networks and not home use.
Chances of this happening with eero are slim.
I let a neighbor's guest hop onto my Wifi as a favor because they couldn't get hold of my neighbor. I'd rather they didn't connect to my Wifi anymore without my knowledge, but since they have an iPhone that has MAC spoofing by default, I have no way to block them.
I'd really like to be able to block or pause new devices by default, then have a notification they've joined so I can unblock or unpause them.
This seems like such an obvious feature that I thought it existed already! I was surprised to find out that it doesn't.
This feature request is not worth the time and should be put in the "not planned" category. I'm sure those at Eero know this already.
For those of you who are not aware: A wireless network card can be put in monitor mode which allows it to passively listen to network traffic without connecting to your network. You can see the MAC addresses of the authenticated or allowed devices and then spoof that address, allowing you to bypass MAC filtering. The access point will read your MAC address and assume that you are an allowed device.
Being able to set alerts/notifications when new MACs join the network (or even when known MACs join the network) would be nice to have.
- Status Under Consideration
- 3 mths agoLast active