Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Hub 3 Rogue 5ghz WiFi Client

Go to solution
Radar1968
On our wavelength

on ‎01-01-2022 21:32

I had call today to check my Hub 3 connected clients and then noticed a 'unknown' client attached to the 5ghz network.  It had been assigned an IP address so is connected to the WiFi at around 70mbs.

The MAC address begins CA:95:13 and is not identifiable anywhere on MAC lookup websites.

If I use the Hub 3 ping tool then the IP address has 100% failures.  If I ping from my laptop I get intermittent replies.

If I block this MAC address then the entire WiFi collapses and nothing on the WiFi side of things works.  On either 2.4 or 5ghz. I have to unblock via an ethernet connected device to get things working again on WiFi.

I'm concerned as to what this device is but it would, from the above, appear to be some internal WiFi loopback type connection???  It only appears on the 5ghz WiFi.

I may try changing the connection password tomorrow to see if, as I expect, that the connection reappears, regardless.

Anyone able to assist or advise???  Any help appreciated.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Radar1968
On our wavelength
In response to goslow

on ‎02-01-2022 01:04

OK, so its 00:50 in the morning and I've finally solved my issue.

Suffice to say it was 50% a technical issue and 50% human 'error' 😒

I won't go into any details to save my embarrassment but all is now fine and 'fixed' but I will say this......

If you are experiencing 'rogue' devices on your network that you don't recognise and they are up to date Apple devices running iOS or WatchOS, check your 'rogue' MAC addresses against the 'Private Address' your device may actually be using.  This is different to it's default MAC address. 

If you don't know what this is:  https://support.apple.com/en-gb/HT211227 

It could be a device is using a 'Private Address' and you didn't know 😉  Also don't 'fiddle' with MAC address blocking 🙄

I'd like to thank anyone who took the time to look at my post and especially to goslow for replying and making me not give up.

See where this Helpful Answer was posted

10 REPLIES 10

Go to solution
goslow
Alessandro Volta

on ‎01-01-2022 22:24

@Radar1968 wrote:

I had call today to check my Hub 3 connected clients and then noticed a 'unknown' client attached to the 5ghz network.  It had been assigned an IP address so is connected to the WiFi at around 70mbs.

<snip>

What does, "I had call today to check my Hub 3 connected clients ... " mean? Sounds like the opening line for a scam call.

0 Kudos

Go to solution
Radar1968
On our wavelength
In response to goslow

on ‎01-01-2022 22:30

Perhaps I should have said "I had a requirement today to check....." 

I was checking the connections for another reason when I noticed this 'rogue' client.

I wasn't called by anyone so no scam involved.

 

0 Kudos

Go to solution
goslow
Alessandro Volta
In response to Radar1968

on ‎01-01-2022 22:34

Are you using the default passwords from the sticker on the bottom of the VM hub or your own unique passwords?

0 Kudos

Go to solution
Radar1968
On our wavelength
In response to goslow

on ‎01-01-2022 22:39

My own unique 25 character password.

I have split 2.4 and 5ghz networks, though they share the same password.  I also have a network extender to reach the far corner of the house.

The rogue client only ever connects to the Hub 3 5ghz network and if I disable that 'rogue' MAC address ALL wifi functionality ceases for ALL devices (including the extender) across both 2.4 and 5ghz networks until the 'rogue' MAC is reinstated.

 

0 Kudos

Go to solution
goslow
Alessandro Volta
In response to Radar1968

on ‎01-01-2022 23:19

A 25 character password should be secure enough!

Does the rogue MAC have any link to the extender? Is your network extender a 'powerline' type of device (connecting across your home electrical wiring). If so, have you set up a unique encrypted password for the powerline link from the hub to extender? There have been some mentions in past topics of customers seeing rogue devices on their network (from neighbouring properties) using powerline connections and default passwords, which are being linked by a common electrical power connection.

Go to solution
Radar1968
On our wavelength
In response to goslow

on ‎01-01-2022 23:36

Thanks for the reply.

The MAC is unrelated to the extender and I have confirmed the extender MACs on the Hub 3 so they are all accounted for.  They also show up on the MAC address lookup website as belonging to the company that made them.

The extender is WiFi based so doesn't use powerline.  I have disabled a couple of clients previously on it which appear to be the neighbours Sky Q and Sky extenders trying to connect.  They never get as far as IP addresses so I know they aren't actually connected like the current rogue one is.

I'm obviously concerned about the rogue device as it is unlikely my password was ever compromised.  Only 2 poeple know it and all my devices are up to date with security patches etc, so not sure how it would ever get out.  I'm going to try and change it temporarily in the morning to see if the rogue device reappears.  That way I'll know if its a some sort of internal thing at least.  The strange thing is the MAC prefix is unknown and like I said if I disable it's MAC my entire WiFi (Hub 3 and Extender) networks collapse.  The 2 WiFi networks for 2.4 nd 5ghz stay active and visible (my iphone is still connected) but nothing works on the internet.  Its like the outbound functionailty just stops for WiFi ONLY as my Philips Hue lights, on Hub 3 ethernet, carry on working.

So to reiterate:  Hub 3 5ghz wifi only.  Happens with extender off.  Unknown MAC prefix.  Disabling causes all outgoing WiFi traffic to fail.  

0 Kudos

Go to solution
Radar1968
On our wavelength
In response to goslow

on ‎02-01-2022 01:04

OK, so its 00:50 in the morning and I've finally solved my issue.

Suffice to say it was 50% a technical issue and 50% human 'error' 😒

I won't go into any details to save my embarrassment but all is now fine and 'fixed' but I will say this......

If you are experiencing 'rogue' devices on your network that you don't recognise and they are up to date Apple devices running iOS or WatchOS, check your 'rogue' MAC addresses against the 'Private Address' your device may actually be using.  This is different to it's default MAC address. 

If you don't know what this is:  https://support.apple.com/en-gb/HT211227 

It could be a device is using a 'Private Address' and you didn't know 😉  Also don't 'fiddle' with MAC address blocking 🙄

I'd like to thank anyone who took the time to look at my post and especially to goslow for replying and making me not give up.

Go to solution
legacy1
Alessandro Volta
In response to Radar1968

‎02-01-2022 01:47 - edited ‎02-01-2022 01:51

This feature in the hub for displaying MAC's just makes people paranoid.😰 

---------------------------------------------------------------

BQM, Test for outgoing ports and SSL/L2TP VPN test

0 Kudos

Go to solution
Tudor
Very Insightful Person
Very Insightful Person
In response to legacy1

on ‎02-01-2022 11:15

You can turn off this facility for iPhones and iPads, don't know about the watch. It does not turn it off for every connection because it's per SSID. 


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2
0 Kudos
Top