The experience of an uninvited guest connecting to your wireless network is familiar to many TP-Link equipment owners. Internet speeds drop sharply, pages load slowly, and unfamiliar devices appear in the client list. This isn't just annoying, it also poses a real security threat to your personal data stored on computers and smartphones connected to the same network.
TP-Link router owners have a powerful tool at their disposal - MAC address filteringThis feature allows you to either allow access only to trusted devices (whitelist) or, conversely, create a blacklist for those you want to block. Modern models, such as the Archer C6 or C80, feature an intuitive interface, but even on older firmware versions, this feature works reliably and effectively.
Before taking decisive action, it's essential to accurately identify the "intruder." Simply disabling the device using the "Block" button in the Tether mobile app is often a temporary solution, as savvy users can change their device's MAC address. Therefore, we'll look at the most reliable method using the web interface, guaranteed to permanently block access to unwanted users.
Preparing for blocking and searching for the offender
The first step to securing your network is to identify the device that's stealing your traffic. You can't block everyone, or you risk disabling your Smart TV or printer. Log into your router's admin panel at 192.168.0.1 or tplinkwifi.net and go to the section that may be called Wireless or Wireless mode, and then select Wireless Statistics (Wireless statistics).
Here you will see a table with all active connections. Pay attention to the column MAC Address — is a unique identifier for a network card. If you see a device you don't recognize, you should write down its MAC address. For convenience, modern TP-Link interfaces, especially those with the Green UI design, often display the device manufacturer's name, which helps identify, for example, a neighbor's iPhone or an unknown laptop.
⚠️ Caution: Before making any changes to security settings, make sure your device is connected to the router via an Ethernet cable or that you know its MAC address to avoid accidentally locking yourself out of the management system.
There is also an alternative way to check via a mobile app. TP-Link TetherIt displays a real-time list of clients and allows you to quickly check the number of connections. However, for more detailed filtering, you'll still need access to the web interface, which offers more advanced functionality and allows you to create complex rules.
MAC Filtering Setup: Blacklist
The most common method for combating "freeloaders" is creating a Blacklist. Unlike a Whitelist, which requires manually adding each new device, a Blacklist allows you to block only specific offenders, while allowing others free access (as long as the password isn't too simple). To activate this feature, find the section in the router menu. Wireless MAC Filtering (MAC address filtering).
By default, the filtering function is disabled. You need to click the button Enable (Enable). Next, it's critical to select the correct operating mode. In older TP-Link firmware versions, these are radio buttons; in newer versions, they're a drop-down list. Select the option. Deny (Prohibit) or BlacklistThis will tell the router: "Everyone can pass except those listed below."
☑️ Blacklist settings
After selecting the mode, press the button Add New (Add new). In the window that opens, enter the MAC address of the intruder that you copied earlier. Field Description (Description) is optional, but helpful for memory, for example, write "Phone Neighbor". Make sure the rule status is set to Enabled, and save the changes.
The effect of applying these settings is almost immediate. A device whose address is blacklisted will lose connection to the Wi-Fi network and will be unable to reconnect, even if it knows the correct password. However, it's worth remembering that an experienced user can attempt to clone the MAC address of your trusted device, so this method is most effective when combined with a strong WPA2/WPA3 password.
White List Mode: Maximum Network Protection
If you want to ensure the highest level of security and be sure that no one else can connect to your Wi-Fi except you, use the mode White List (Whitelisting). This method operates on the principle of "denying everything that isn't explicitly permitted." No device whose MAC address isn't included in the router's database will be able to access the network, even with the correct password.
To configure, return to the menu Wireless MAC Filtering. This time, select the mode Allow (Allow) or WhitelistOnce you activate this mode and save the settings, all current connections may be lost. This is why it's critical to first add the MAC addresses of all your devices (smartphones, laptops, TVs, IoT gadgets) to the allowed list.
| Parameter | Blacklist (Deny) mode | Whitelist (Allow) mode |
|---|---|---|
| Operating principle | Blocks only specified addresses | Allows only the specified addresses |
| Guest convenience | Guests are free to connect | Guests are not allowed to access |
| Security | Medium (depending on password) | Maximum |
| Difficulty of setup | Low | High (you need to know all the devices) |
Using a whitelist is ideal for office networks or apartments where you don't plan on hosting guests. However, if you frequently host friends or have a lot of smart devices that are difficult to reconfigure, this method can be inconvenient. Each new device purchased will have to be manually added to the router interface.
What to do if you've blocked yourself?
If you enabled the White List but forgot to add your phone, you'll lose Wi-Fi access. The only solution is to connect to the router via a LAN (Ethernet) cable from your computer and delete the rule or add your MAC address. If a cable is unavailable, you'll have to perform a full reset of the router using the Reset button on the device.
Working with Green UI and Blue UI interfaces
TP-Link has released many router models over the years, and their software varies significantly. Devices with a blue interface (Blue UI), such as the popular TL-WR841N series, feature a classic menu on the left. The path to settings typically looks like this: Wireless → Wireless MAC Filtering.
More modern routers, such as the Archer A6, C6, and C80, use the Green UI or even the new cloud interface. The logic may be slightly different in these routers. This feature is often hidden in the "Settings" section. Advanced (Advanced settings) → Wireless → Wireless MAC FilteringIn some firmware versions for home users, this function can be simplified to a "Block" button directly in the client list.
⚠️ Note: The TP-Link router management interface is regularly updated. The layout of menu items may vary depending on the firmware version. If you don't see the described items, check the official manual for your specific model on the manufacturer's website.
In new cloud interfaces, control is often moved to the section Network Or directly to the main network map. Here, you can click on the device icon and select "Block." This creates a filtering rule automatically, eliminating the need to manually copy MAC addresses and switch filter modes.
Additional wireless network security measures
MAC address blocking is a powerful tool, but it shouldn't be your only line of defense. MAC addresses are easily spoofed by a skilled attacker. Therefore, a strong password is the foundation of security. Make sure encryption is used. WPA2-PSK or, if the equipment allows, WPA3.
It is also recommended to disable the function WPS (Wi-Fi Protected Setup). Despite the convenience of connecting with a single click, this protocol has known vulnerabilities that allow attackers to brute-force the PIN code and gain access to the network without the password. This setting can be found in the section Wireless → WPS.
- 🔒 Change password: Regularly changing your Wi-Fi password forces everyone to reconnect, which automatically "kicks out" anyone who might have learned the old password.
- 📶 Hiding SSID: You can hide the network name so it doesn't appear in the list of available networks. This doesn't provide 100% protection, but it does reduce the visibility of random passersby.
- 🔄 Firmware update: Check the section
System Tools→Firmware UpgradeNew software versions patch security holes.
A comprehensive approach ensures your network remains private. The combination of MAC address filtering, a strong password, and disabled WPS makes penetration virtually impossible for the average user.
Frequently Asked Questions (FAQ)
Can a blocked user reconnect?
If you use only Blacklist, the user can bypass the block by changing the MAC address on their device (if their OS allows it). However, when using Whitelist (Allow mode), connecting without being added to the list is impossible under any circumstances.
Will changing ISP reset my router settings?
No, MAC address filtering settings are stored in the router's memory and are independent of your ISP. They are only reset when you perform a full reset to factory settings or when you flash the router and clear the configuration.
Does enabled filtering affect internet speed?
Virtually none. MAC address checking occurs at the driver and router firmware level and takes microseconds. For modern TP-Link equipment, even 50 filtering rules won't have any noticeable impact on data transfer speed.
How do I find the MAC address on my Android smartphone?
Go to Settings → About the phone → Status (or General information). The Wi-Fi MAC address will be displayed there. Newer versions of Android may display a random MAC address for privacy protection; for router filtering, you may need to use the real MAC address, which is sometimes hidden in advanced Wi-Fi settings.