Feature request: MAC address filtering
Are you planning on implementing MAC address filtering? I love your product and recently started using it (got 2 eeros covering my 2500 sq/ft home). Your security approach is very much appreciated, but I believe having MAC address filtering provides additional level of security, as passwords can be breached. I understand that MAC addresses can also be spoofed, but it is much more difficult. If the password is not designed to be difficult enough to guess, once it is breached, the access to network is wide open, whereas with MAC address filtering, any device without the approved address will not gain access to the network.
On the eero app, (at the point of identification of all devices), it would be helpful to have an option to approve the device's MAC address or reject it if you do not recognize it.
The windows 10 feature to "randomize mac address" makes the eero parental controls useless. It also makes device blocking useless, as the pc will simply reconnect with a new mac adress.
IOS apparently also now has this feature
Even some eero secure features become useless.
MAC filtering is one way to solve the problem.
Yes please add this feature
Use case: Child flips mac to avoid profile restrictions.
If there is only a mac allow then changing the mac will deny. look at this feature
- Once connected you can check allow mac
- If you have the alert with new device and have an approve feature this can work
- Have an option to turn on feature for deny unless mac is listed
- Should work on Guest or main network
This is a critical feature for securing a network against new connections that have not been approved. It's not a failsafe as MAC addresses can be manipulated, but you should absolutely be able to block all new connections by default. Ideally the app would notify you of new connection attempts and have a pop-up for ALLOW or DENY. It would be similar in use to many 2 factor authentication systems.
I really like the simplicity of the Eero products (would love to continue using it), but I will be scrapping your router today and swapping to a device with better parental controls. The controls on the Eero are just too weak. Even a simple default schedule that applies to all connections regardless of whether they have been added to a profile would be better than the current setup.
New devices are not automatically added to a profile, so all you have to do is spoof your MAC and you're back in WiFi business, no time restrictions. I only saw this because I saw my son's computer with about 4 different MAC addresses showing up as separate devices on the log.
I have six eero Pro 6 routers in my network and they have become nearly useless without MAC whitelisting. I have 3 kids and their friends whose devices all use MAC randomization. Now you are trying to promote Secure eero which is absurd until there is better LAN control. I will have to use bridge mode and forego most of the convenient features for which I bought my eero routers. I am not happy!
I use a FingBox with my Eero Pro network to block all MAC addresses automatically until I choose to unblock them.
NOTE: I'm not a Fing shill and don't have anything to do with the company, I just use their device and like it
I hope Eero adds this functionality in the future. I already owned my FingBox for this use, way be fore I switched to Eero. If that were not the case, I'd be more annoyed in spending $100 on a FingBox to add a feature which really should already be in place and free to us on Eero.
Normally FingBox is available on Amazon, but currently out of stock (due to the covid related global chip shortages I assume). It's a $100.00 device, but it works awesome for what I needed. With it in place, you just tell your son and their friends 1) they have to disable MAC randomization on their devices, 2) you then tell FingBox to allow their true MAC address and your done. If they turn randomization back on or try to spoof the MAC address, FingBox auto blocks all new MAC addresses you don't specifically white list, so the moment they try to circumvent it, they are offline again.
No need to scrap Eero, no need to set to bridge mode and get another router. Sucks to have to add $100 device to my network for this functionality, but here is hoping they'll add it in the future.
To my knowledge FingBox is still in production and will be back in stock at some point, but for now its hard to purchase...because covid.
Most devices now come with a feature spoof MAC addresses. A very useful security feature would be to link hardware to security... which you can easily do by MAC address whitelisting. This feature is not just for security.
Profile controls on eeroOS limiting access to the Internet based on MAC address. Spoofing (labelled Private Wi-Fi Address on iOS or Random hardware address on Windows 10) allows for those access controls to be circumvented by turning on the spoofing feature. Then when the admin recognizes that this has happened, that new, random MAC address can be denied access. The operator who has been thwarted at that MAC address need only to generate a new one, use the same password and be back in business. My teens figured this out and I was alerted to it by the new device notifications from the Eero app.