How to Disconnect a Connected Device from WiFi on Your Computer: A Complete Guide

When your internet speed suddenly drops for no apparent reason, it often indicates that someone else has connected to your network. This not only slows down page and video loading, but also puts your personal data stored on your home PC at risk. Modern routers and operating systems provide powerful tools for controlling connections, but not all users know where to look for these settings.

There are several proven methods deactivation Unwanted clients: from a simple password change to fine-tuning MAC address filtering directly in the router's web interface. The choice of a specific method depends on your goal: whether you need to temporarily disconnect a guest or permanently block an intruder. In this article, we'll explore the technical nuances of each approach so you can instantly regain control of your network.

Don't ignore signs of unauthorized access, as your bandwidth is limited. If you notice that the router's activity indicators are flashing even when your devices are turned off, this is a sure sign to take action. Below, we'll detail the steps to take for various scenarios.

Analyzing current connections via the router's web interface

The first step is always to log into your router's control panel, which displays a complete map of your local network. To do this, you need to enter the gateway IP address, which is usually 192.168.0.1 or 192.168.1.1, in the address bar of any browser. After authorization (the login and password are often indicated on a sticker on the bottom of the device), you will need to find a section that may be called Client List, Attached Devices or "Client List".

This list displays all active connections, along with their IP address, MAC address, and sometimes the network adapter manufacturer name. Look carefully for devices with names like Unknown Any codes or incomprehensible alphanumeric codes require verification. If you don't have appliances of the brand listed in the Manufacturer field at home, this is cause for concern.

Some advanced router models, for example, from Keenetic or MikroTik, allow you to see not only wired but also wireless connections separately. This simplifies the search for intruders, as you can immediately see who's using WiFi and who's connected via cable. Remember or write down the MAC address of the suspicious device, as it serves as its unique identifier on the network.

⚠️ Note: Firmware interfaces are constantly updated by developers. If you can't find the menu item you need, check the official documentation for your specific router model, as section names may vary.

It's important to understand that simple monitoring doesn't solve the problem, but it does provide the necessary data for further action. Without the exact MAC address, it will be impossible to configure filtering. Therefore, the identification stage is critical to successful blocking.

📊 How do you most often manage your router?
Via a browser on a PC
Via a mobile app
Via the command line
I don't know how to enter settings

Blocking via MAC address filtering

The most effective and reliable method of disabling a specific device is to use MAC filteringThis mechanism allows the router to check the physical address of each connecting device and compare it to a list of allowed or blocked devices. To implement this rule, go to the wireless network security section, often called Wireless MAC Filtering.

Here you will be offered two operating modes: Allow (allow onlylisted) and Deny (Deny listed). For a one-time block, it's more convenient to use Deny mode. Enter the previously recorded MAC address of the intruder in the appropriate field, add a description (e.g., "Neighbor Phone"), and save the settings. From now on, the router will ignore any connection requests from this device, even if it knows the correct WiFi password.

An alternative, more restrictive approach is to switch to the "Whitelist" mode (Whitelist). In this case, only devices whose addresses you manually enter into the table will be able to connect to the network. This is the ideal option for maximum security, but it requires re-entering the addresses of all your personal devices (smartphones, laptops, TVs) every time you buy new equipment.

Filtration type Operating principle Difficulty of setup Security level
Blacklist Blocks only selected addresses Low Average
Whitelist Allows only selected addresses High Maximum
Disabling WPS Blocks vulnerable protocol Average High

Using whitelists ensures that even if your WiFi password is leaked, strangers won't be able to use the internet. However, if you frequently host guests, this mode can be inconvenient, requiring constant tinkering with your router settings to gain temporary access.

Force shutdown via Windows command line

If you don't have access to your router settings but urgently need to disconnect from a specific node on your local network, you can use the operating system's tools. This method won't prevent the device from reconnecting, but it will temporarily disconnect the connection. Open a command prompt with administrator privileges by pressing Win + X and selecting the appropriate item.

First, find out the IP address of the target device if it is known, or find it using the command arp -a, which will display a table of IP and MAC address mappings on your network segment. Once you find the desired line, use the ARP cache flush command to force a connection termination at the protocol level.

arp -d 192.168.1.45

Replace the example above with the actual IP address of the attacker. This command removes the entry from the cache, causing the system to forget the path to the device, although the device itself may attempt to reconnect after a few seconds. For more aggressive attacks on corporate networks, use the following commands: netsh to reset network interfaces, but for a home user this may be overkill.

You can also use PowerShell for more flexible network connection management. PowerShell commands not only allow you to view active connections but also temporarily disable a network adapter if you suspect a threat originating from within your system (such as a virus).

⚠️ Warning: Commands in the console are executed instantly and without confirmation. Be extremely careful when entering IP addresses to avoid disconnecting critical system services or your own computer from the network.

This method is good as a temporary, quick fix until you can access your router settings to permanently block it. It doesn't replace full-fledged network perimeter protection.

What to do if the arp -d command does not work?

If the command executes, but the device immediately returns to the list, it's actively trying to reconnect. In this case, the only solution is to block it at the router level or temporarily disable the WiFi module on the victim computer (if it's your device).

Managing guest networks as an isolation method

Modern routers support the creation function Guest network (Guest Network). This is a separate wireless channel with its own name (SSID) and password, isolated from your main home network. If you have friends or family over, don't give them the password for your main WiFi network; instead, invite them to connect to the guest network.

If you suspect a guest is hogging your network, you can disable guest access at any time with a single click in the router app or through the web interface. This will instantly disconnect everyone connected to the guest SSID without affecting your personal computers, smart home devices, or NAS storage.

Setting up a guest network also allows you to limit speeds and set time limits. For example, you can set up automatic shutdown of guest WiFi at 11:00 PM. This is a great way to control access for children or tenants without having to constantly change complex passwords for your main network.

AP Isolation is another useful feature, often included with guest mode. It prevents devices connected to the same access point from seeing each other. Even if a hacker connects to your WiFi, they won't be able to scan your laptop's ports or attempt to transmit a virus over the local network.

Changing password and encryption protocols

A radical, but most effective way to “throw out” all uninvited guests is a complete change password on WiFi. Once you change the security key in your wireless network settings (Wireless Security), all connected devices will be immediately disconnected. They will be forced to re-enter the new password, and an intruder who doesn't know the new key will not have this opportunity.

When changing your password, be sure to check the encryption type. Make sure the standard is selected. WPA2-PSK (AES) or the newest WPA3Using an outdated protocol WEP or WPA/TKIP makes your network vulnerable to hacking in minutes, even using smartphones. Modern encryption algorithms ensure that your password can't simply be intercepted over the air.

After changing the password on all your personal devices, you'll need to forget the old network and reconnect. This is a minor inconvenience, but worth it for security. It's recommended to use complex passwords consisting of more than 12 characters, including uppercase and lowercase letters, numbers, and special characters.

Keep in mind that after changing the router password, the computer you used to configure it will also lose connection. You'll need to reconnect to the WiFi using the new credentials to continue working or verify the results.

☑️ WiFi Security Checklist

Completed: 0 / 4

PC monitoring software

For users who prefer visual control, there are specialized programs for network monitoring, such as Wireless Network Watcher or Angry IP ScannerThese utilities scan the entire address range and provide a detailed report on who is currently online. They often display the network card manufacturer, which helps identify the device (e.g., Apple, Samsung, Intel).

Some antivirus programs, for example, Kaspersky or ESET, have built-in network monitoring modules. They can alert the user in real time about the appearance of new devices. This allows for immediate response to intrusions, without waiting for a scheduled scan.

Using software is especially useful if your router's web interface is slow or malfunctioning. Scanners operate independently of the router, analyzing data packets passing through your network adapter. However, it's important to remember that they only see the portion of traffic passing through your computer, unless ARP spoofing is enabled.

Regular network audits using such programs help you stay on top of things. Get into the habit of running a scan once a month to ensure the list of connected devices is accurate.

How to find MAC address on Windows?

Open command prompt (cmd) and enter the command ipconfig /allFind the section corresponding to your network adapter (Ethernet or Wireless). The "Physical Address" line is the MAC address you're looking for, consisting of 12 hexadecimal characters.

Can my neighbor steal my internet if I changed my password?

If you've changed your password to a strong one and are using WPA2/WPA3 encryption, your neighbor won't be able to steal your internet connection easily. The only risk is if you gave someone the password, and they, in turn, passed it on, or if the WPS function, which is easily hacked, was enabled.

What is WPS and why should it be disabled?

WPS (Wi-Fi Protected Setup) is a technology that allows you to connect to a Wi-Fi network by pressing a button or entering a PIN. The problem is that the PIN can often be brute-forced within a few hours. Disabling WPS in your router's settings eliminates this vulnerability.

Does the number of connected devices affect the speed?

Yes, the channel's bandwidth is shared among all active users. If your neighbor is downloading torrents at full speed, your video call may be interrupted or delayed. Blocking unnecessary devices is guaranteed to improve network performance.