95

Feature request: MAC address filtering

Are you planning on implementing MAC address filtering? I love your product and recently started using it (got 2 eeros covering my 2500 sq/ft home). Your security approach is very much appreciated, but I believe having MAC address filtering provides additional level of security, as passwords can be breached. I understand that MAC addresses can also be spoofed, but it is much more difficult. If the password is not designed to be difficult enough to guess, once it is breached, the access to network is wide open, whereas with MAC address filtering, any device without the approved address will not gain access to the network.
On the eero app, (at the point of identification of all devices), it would be helpful to have an option to approve the device's MAC address or reject it if you do not recognize it.

68replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Sill looking for this feature.  Even if you cannot outright block, maybe set it so that any new MAC address only gets a very, very small amount of bandwidth until pulled into a profile so it can be managed.  That would be better than having kids easily circumvent these controls..

    Like 1
  • Any status on this feature request?  Issues installing HP printer and I received this message.

    Like
  • The windows 10 feature to "randomize mac address" makes the eero parental controls useless. It also makes device blocking useless, as the pc will simply reconnect with a new mac adress. 

    IOS apparently also now has this feature

    Even some eero secure features become useless. 

    MAC filtering is one way to solve the problem.

    Like 1
  • Yes please add this feature

    Use case:  Child flips mac to avoid profile restrictions.  

    If there is only a mac allow then changing the mac will deny.   look at this feature

    - Once connected you can check allow mac

    - If you have the alert with new device and have an approve feature this can work

    - Have an option to turn on feature for deny unless mac is listed 

    - Should work on Guest or main network

    Like 1
  • Please add a feature to LOCK & UN-LOCK the network to PREVENT an "Unknown Device" from connecting to the network.  This basic security feature would solve the parental issues, and add a much needed layer of security.

    Like 1
  • This is a critical feature for securing a network against new connections that have not been approved.  It's not a failsafe as MAC addresses can be manipulated, but you should absolutely be able to block all new connections by default.  Ideally the app would notify you of new connection attempts and have a pop-up for ALLOW or DENY.  It would be similar in use to many 2 factor authentication systems.

    I really like the simplicity of the Eero products (would love to continue using it), but I will be scrapping your router today and swapping to a device with better parental controls.  The controls on the Eero are just too weak.  Even a simple default schedule that applies to all connections regardless of whether they have been added to a profile would be better than the current setup.

    New devices are not automatically added to a profile, so all you have to do is spoof your MAC and you're back in WiFi business, no time restrictions.  I only saw this because I saw my son's computer with about 4 different MAC addresses showing up as separate devices on the log.

    Like 2
  • Iphones, PCs, and other devices are now all “private”, with changing MAC addresses every time you block them or pause them.

    eero parental controls are now officially useless.

    unless anyone at Eero has any solution i will be scrapping my system and buying another product. 

    Like
  • I have six eero Pro 6 routers in my network and they have become nearly useless without MAC whitelisting. I have 3 kids and their friends whose devices all use MAC randomization. Now you are trying to promote Secure eero which is absurd until there is better LAN control. I will have to use bridge mode and forego most of the convenient features for which I bought my eero routers. I am not happy!

    Like
    • zengeist That's a very high density network.  What sq. footage are you trying to cover, and how many devices?   I'm using 4 pro 6's (previously pros) in 4200 sq ft without issue for over 130 devices.

      Like
      • zengeist
      • zengeist
      • 2 yrs ago
      • Reported - view

      txgunlover I have them spread out over various independent rooms on a 2 acre property.

      Like
  • I use a FingBox with my Eero Pro network to block all MAC addresses automatically until I choose to unblock them. 

    NOTE: I'm not a Fing shill and don't have anything to do with the company, I just use their device and like it

    I hope Eero adds this functionality in the future.  I already owned my FingBox for this use, way be fore I switched to Eero.  If that were not the case, I'd be more annoyed in spending $100 on a FingBox to add a feature which really should already be in place and free to us on Eero.

    Normally FingBox is available on Amazon, but currently out of stock (due to the covid related global chip shortages I assume).  It's a $100.00 device, but it works awesome for what I needed.  With it in place, you just tell your son and their friends 1) they have to disable MAC randomization on their devices, 2) you then tell FingBox to allow their true MAC address and your done.  If they turn randomization back on or try to spoof the MAC address, FingBox auto blocks all new MAC addresses you don't specifically white list, so the moment they try to circumvent it, they are offline again.

    No need to scrap Eero, no need to set to bridge mode and get another router.  Sucks to have to add $100 device to my network for this functionality, but here is hoping they'll add it in the future.

    To my knowledge FingBox is still in production and will be back in stock at some point, but for now its hard to purchase...because covid.

    Like
      • zengeist
      • zengeist
      • 1 yr ago
      • Reported - view

      Thanks, astrokid, I think I can get a FingBox, but I don't understand where it would connect to my eero systems. I am currently using one eero Pro 6 for gateway connected to one eero Pro and two eero Pro 6 on ethernet, and one eero Pro on wifi. For another location I have an eero Pro gateway connected to two eero Pros on wifi. Any help on this would be greatly appreciated.

      Like
      • zengeist
      • zengeist
      • 1 yr ago
      • Reported - view

      astrokid BTW, I tried putting a TP Link router in front of the gateway eero, but it wouldn’t let me white list the eero, saying “device not supported”

      Like
      • zengeist
      • zengeist
      • 1 yr ago
      • Reported - view

      astrokid Is it necessary to put the eero in bridge mode?

      Like
  • Most devices now come with a feature spoof MAC addresses.  A very useful security feature would be to link hardware to security... which you can easily do by MAC address whitelisting.   This feature is not just for security.

    Profile controls on eeroOS limiting access to the Internet based on MAC address.  Spoofing (labelled Private Wi-Fi Address on iOS or Random hardware address on Windows 10) allows for those access controls to be circumvented by turning on the spoofing feature.  Then when the admin recognizes that this has happened, that new, random MAC address can be denied access.  The operator who has been thwarted at that MAC address need only to generate a new one, use the same password and be back in business.  My teens figured this out and I was alerted to it by the new device notifications from the Eero app.

    Like
  • Just installed an eero pro 6 and i can't believe there is no ability to manage the device. All you get is an informational interface. Not even simple MAC address filtering. Being able to block a device after it's already connected to the network is pretty much worthless. I'm returning this POS and getting a secure router.

    Like
      • Sdworman
      • Sr. Eero wireless engineer
      • Sdworman
      • 1 yr ago
      • Reported - view

      G-stow there is mac address filtering.

      Like
      • G-stow
      • Gstow
      • 1 yr ago
      • Reported - view

      Sdworman Great! I hope so. How do you access it? Thanks, -G

      Like
  • Please add a MAC white list. Tired of chasing my children around with spoofed MAC addresses. When can we expect this done?

    Like 2
  • as above...randomised mac addresses are removing any control I have over the Internet usage.

    Like
  • Agree that Eero needs to add MAC address whitelist capability so all new devices are automatically blocked until they've been vetted.  MAC address spoofing renders parental controls useless.

    Like 1
  • Eero definitely needs a feature to either have mac address filtering or automatic deny until approve type feature.  I have someone breaking the WPA2 encryption on the device and logging on, I can see unrecognized device and I can block it but then they just change mac addresses and log right back on.  I have changed my WPA2 password but same thing happens.  Having mac address filtering I could approve only my set of mac addresses or a deny until approve option would remedy this situation instead of me playing a cat and mouse game.

    Like
  • I absolutely agree, having a mac address filter is probably the most important thing to add to this system. This should be an easy addition to add, and release in a update.

    Like
  • Yes, we understand that a sophisticated user can get by MAC filtering.  Yes, we understand this is not a final solution.  That said, it would serve to stop basic abuses.  You can add it to ARP table and DHCP lease limitations to make a genuine service of denying unwanted users/devices.  You can do this.  You know how to do this.  You have heard loud and clear for more than five years that this is desired.  Do it.

    Like
  • Mac address filtering is more of a security risk than anything else.

    This is a high demand request for enterprise networks and not home use.

    Chances of this happening with eero are slim.

    Like
      • Synux
      • Synux
      • 10 mths ago
      • 2
      • Reported - view

      Sdworman Eero could simply apply the same kind of auth we find in any 2FA setups.  When a new device supplies the WPA it sends a request to the owner's phone for approval.  No approval, no access.

      Like 2
  • I let a neighbor's guest hop onto my Wifi as a favor because they couldn't get hold of my neighbor. I'd rather they didn't connect to my Wifi anymore without my knowledge, but since they have an iPhone that has MAC spoofing by default, I have no way to block them.

    I'd really like to be able to block or pause new devices by default, then have a notification they've joined so I can unblock or unpause them.

    This seems like such an obvious feature that I thought it existed already! I was surprised to find out that it doesn't.

    Like
      • Sdworman
      • Sr. Eero wireless engineer
      • Sdworman
      • 4 mths ago
      • Reported - view

      rileyjohngibbs first issue is you gave out the WIFI SSID and password.  Change the SSID and password.  As for MAC address filtering - since both Android, IOS, and now Windows 11 can randomize MAC addresses it's challenging to block.  There is a need more now for an allow list.

      Like
  • This feature request is not worth the time and should be put in the "not planned" category. I'm sure those at Eero know this already. 

    For those of you who are not aware: A wireless network card can be put in monitor mode which allows it to passively listen to network traffic without connecting to your network. You can see the MAC addresses of the authenticated or allowed devices and then spoof that address, allowing you to bypass MAC filtering. The access point will read your MAC address and assume that you are an allowed device.


    Being able to set alerts/notifications when new MACs join the network (or even when known MACs join the network) would be nice to have.

    Like
Vote95 Follow
  • Status Under Consideration
  • 95 Votes
  • 4 days agoLast active
  • 68Replies
  • 5576Views
  • 56 Following

Need Help? We're here for you!

We're big on support, and we want to make sure you always have the best eero experience possible. Here are several resources you can use if you ever need our help!


Quick links

Community Guidelines

Help Center

Contact eero support

@eerosupport

eero.com