Unwanted guests connecting to your wireless network is a fairly common occurrence. This can lead to a significant drop in internet speed, especially if your neighbors start downloading large files or watching 4K videos. Furthermore, the presence of unauthorized devices on your local network poses a direct threat to the security of your personal data and files.
You don't have to be a networking expert to solve this problem. Modern routers, whether TP-Link, ASUS, Keenetic or MikroTik, equipped with clear interfaces for access control. In this article, we'll explore the most effective ways to take control of your network.
Before you begin making adjustments, it's important to understand that blocking one device is often only a temporary measure. An integrated approach Security measures, including changing passwords and setting up filtering, will yield long-term results. Let's look at the tools available to a home network administrator.
Analysis of connected devices and identification of intruders
The first step should always be diagnostics. You need to know exactly who is using your bandwidth right now. Log into your router's control panel by entering its IP address in your browser (usually 192.168.0.1 or 192.168.1.1). In the menu, find a section that may be called Status, Network map or DHCP Client List.
This displays a list of all active clients. Note the columns with device names and their MAC addressesThe name can be specified as iPhone-Ivan or PC-Buhgalter, which makes identification much easier. If you see a device with the name Unknown or a name that you cannot identify, most likely this is the intruder.
To accurately determine the device manufacturer by its MAC address, you can use special online services or OUI tables. The first three bytes of the address (e.g., A4:C3:F0) indicate the network equipment vendor. This helps determine whether someone else's smartphone is connected to the network. Samsung or a laptop Lenovo.
⚠️ Note: Some devices may hide their real name, displaying it as a generic or random string. In these cases, rely solely on the number of connections and the MAC address.
Compare the number of devices on the list with what you have. It often happens that smart plugs and TVs are forgotten. Sony or game consoles PlayStation are also located online and can easily be confused with other people's gadgets.
Changing the password and encryption type as a radical measure
The easiest and most effective way to banish all uninvited guests is to change your wireless network password. After this procedure, all devices will be disconnected, and you'll have to re-enter the new access key on your devices. Find the "Password" section in the router menu. Wireless or Wi-Fi and field WPA Pre-Shared Key.
Create a complex combination using mixed-case letters, numbers, and special characters. Avoid simple sequences like 12345678 or date of birth. A strong password is the first and most important line of defense for your local network.
It's also crucial to choose the right encryption type. Make sure the security settings are set to WPA2-PSK [AES] or, if the equipment supports it, WPA3. Obsolete protocols WEP or WPA/TKIP can be easily hacked using automated tools in a matter of minutes.
☑️ Password security check
After changing the settings, your router may require a reboot. Wait until the system fully boots up and check if your devices can connect with the new password. Unauthorized users will no longer be able to access your router, as their saved keys will no longer be valid.
MAC address filtering: whitelists and blacklists
A more sophisticated access control tool is MAC address filtering. Each network adapter has a unique identifier that can be used to create access rules. In the router interface, this feature is usually called MAC Filtering, Access Control or MAC address filter.
There are two modes of operation for this filter. Mode Blacklist (Blacklist) allows you to block access to specific devices whose addresses you add to the list. All others will be able to connect freely. This is convenient if you know whose phone you want to block without disturbing your guests.
Mode Whitelist Whitelisting works the other way around: only devices explicitly listed as authorized are granted Wi-Fi access. Even if someone learns your password, they won't be able to connect because their MAC address isn't on the trusted list. This is the most secure option.
How to change the MAC address on a computer?
In some operating systems, such as Windows, you can programmatically change the MAC address of a network card through Device Manager. However, this is a complex procedure for the average user, and most hackers won't bother with it.
To configure it, you'll need to copy the MAC address of the intruder from the client list and add it to the corresponding rule. Please note that if you reset your router or change hardware, you'll need to reconfigure the filtering.
Hiding the network name (SSID) for increased privacy
Another layer of protection is hiding your network name (SSID). By default, your router broadcasts your network name, and anyone within range sees it in the list of available connections. By disabling SSID broadcast, you make your network invisible to passersby.
To connect to a hidden network, the user must manually enter the network name (case-sensitive) and password in the device's Wi-Fi settings. In the router menu, this option is often called Hide SSID, Enable Hidden Wireless or Hide access point.
It's worth noting that this method isn't fully protective against hackers using traffic sniffers, but it's excellent for protecting against neighbors simply looking for a place to surf the internet. Your network will disappear from the general list, reducing interest in it.
After enabling this feature on your devices, you may be required to forget the network and create a new connection manually, specifying all the settings. This is a small price to pay for increased privacy and the elimination of unnecessary connection prompts.
Comparison of user blocking methods
The choice of security method depends on your goals and level of paranoia. Changing passwords is effective, but inconvenient if you frequently allow guests in. MAC address filtering is reliable, but time-consuming to configure for a large number of devices. Hiding the SSID adds a layer of invisibility, but does not protect against targeted attacks.
The table below compares the main methods based on key performance and implementation complexity parameters. This will help you choose the optimal strategy for your situation.
| Method of protection | Difficulty level | Reliability | Impact on convenience |
|---|---|---|---|
| Change password | Short | High | Average (must be re-entered) |
| MAC filtering (White list) | Average | Very tall | High (manual addition) |
| Hiding the SSID | Short | Average | Average (manual name entry) |
| Disabling WPS | Short | Average | Low (new devices only) |
The most sensible approach is a combination of methods. For example, using a complex password. WPA2/WPA3 in combination with disabling the function WPS and periodic verification of the client list. This will create a balance between security and ease of use.
Setting up a guest network for visitors
If you frequently have friends or tenants over, there's no point in giving them access to the main network where your personal computers and printers are located. Most modern routers, including models Keenetic And TP-Link, allow you to create a separate Guest network (Guest Network).
The guest network has its own name and password. Its main advantage is isolation. Devices in the guest segment cannot see other devices on the local network and have no access to the router settings. They only have internet access.
You can set restrictions for the guest network, such as a speed limit, a time limit, or a maximum number of connections. This is the perfect way to keep your main network clean and secure while guests use the Wi-Fi for social media and messaging.
To activate, find the section in the menu Guest Network, turn it on, give it a name (eg. Home_Guest) and a simple password. You can even set a schedule so the network only operates during certain hours.
Frequently Asked Questions (FAQ)
Can a blocked user reconnect to Wi-Fi?
If you only used a password change, then no, not until they learn the new key. If MAC filtering was used, a tech-savvy user could replace (clone) their device's MAC address with that of an authorized device. However, this is too complex a procedure for ordinary users.
Does the number of connected devices affect internet speed?
Yes, directly. The Wi-Fi channel is shared between all active clients. If one starts downloading torrents or watching online movies, the speed on the other devices may drop to a minimum, and the ping will increase, which is critical for online gaming.
What should I do if I forgot my router admin password?
In this case, you'll need to perform a factory reset (hard reset). There's a small button on the router body. Reset, which you need to press and hold for 10-15 seconds while the power is on. After this, the settings will be reset, and you will be able to log in using the factory username and password indicated on the sticker at the bottom.
Is it safe to use WPS function to connect?
No, the WPS protocol is considered vulnerable. It can be easily cracked by brute-forcing the PIN code. It is recommended to go to the router settings section. Wireless or WPS and disable this feature completely to close a potential security hole.
⚠️ Note: Router interfaces may vary from manufacturer to manufacturer. If you can't find a specific setting, consult the official documentation for your model or check the manufacturer's website for up-to-date instructions.