I need to find a way to reliably control access to the internet for our kids.

I've got a Virgin Superhub that connects through to a Vigor 2820n. Wireless on the Superhub is switched off (its range is rubbish), but it is the main router, doing DHCP etc... I also have a Belkin wireless range extender.

The Superhub has a feature for limiting access to the net by recognising a PC/phone/PS3/laptops MAC address, and setting times when that device can use the net. I've set it up, and it seems to be working fine i.e. the kids whinge like chuff when their access gets turned off in the evenings.

However, last night, youngest son made the claim that he had found a way to access the net and bypass this block. If so, what is he most likely to be doing, and how do I stop it. Or is he just winding me up? I haven't actually checked this with his laptop, so I cant say for sure if he has or not, but is there a way to do what he says he's doing?

According to what I read in this Virgin Media forum post it does indeed look as though he has changed his MAC address to get another lease from DHCP.

OP, are you blocking by IP address only?

Aw fk it!

I'm blocking by MAC address as I didn't want to do fixed IPs on all devices, so I guess I'll have to change the router password and find a way to put in a list of allowed devices, either on the SuperHub or the Vigor.

Bloody kids!

It could be one of a million things; proxying through a different machine, connecting to a neighbour's wifi, 3G... MAC address spoofing wouldn't be my first choice as you'd want to poison the arp caches of other machines and it can be a little flaky.

You could always ask him, otherwise it sounds like he's either bluffing or you're onto a loser and he's the boss of the internets now. You'll probably have to ask him for permission soon.

Fixed IPs won't help surely? It's even easier to change the IP than the MAC.

Using his phone as a WiFi hotspot?
If so his phone bill will be massive.

turn off the belkins DCHP and slave it to the "not-so-super-hub"

No DHCP on the Belkin sadly, and the hub doesn't appear to reflect reality at all.

fking strange st this is.

Is there a way to use the Vigor to do this kind of thing, seeing as it is a more sophisticated piece of kit?

I couldn't find any settings anywhere to limit useage based on time and MAC address: I've read through the whole damn manual

OK, how about this:

Change the password on the Belkin so the kids cant access it (they don't need it anyway as they are close to the Vigor), which effectively gives me two networks.

Then set-up a couple of firewall rules in the main wireless router (Vigor) to limit their access to the net based on a schedule. I don't want to turn the Virgin router into a modem only, as its the only thing I've got with gigabyte ethernet:

Create individual IP Objects in the Vigor OBJECTS section
Create IP Groups from the Objects
Create Schedules in APPLICATIONS section with the action being "Force Down"
Create a couple of Firewall Filters that call the IP Group and the Schedule, the idea being that any attempt to connect from the relevant IP Group , within the scheduled time, will be blocked by the filter (set LAN > WAN)

Thoughts?