0

I live in a large apartment building in the U.S. with Comcast service. Pretty much anywhere in the building I can find and connect to a network with SSID "xfinitywifi", which basically means piggybacking off of someone's connection who uses a Comcast router (which requires that I am also an Xfinity subscriber). It does not use their bandwidth though and gets its own dedicated bandwidth. These networks are ubiquitous in areas served by Comcast.

Usually it works seamlessly and is convenient for non-sensitive tasks, but recently in a particular part of the building I can sometimes connect to the network but not reach the internet. The particular problematic instance of xfinitywifi seems to randomly go down for hours at a time, but because it is just someone else's router I have no access to it. There are other known good instances of "xfinitywifi" which reach the same place but one of my Windows devices always tends to prefer the bad one.

I know the BSSID of the bad access point. I would like to block this particular access point, but I cannot find any way in Windows 10 to block a network by BSSID or prioritize some over others. Blocking by SSID can be accomplished via netsh wlan add filter permission=block ssid="xfinitywifi" but that is no help because the good networks I am trying to connect to also have SSID "xfinitywifi". How can I block this particular access point and force Windows 10 to pick another one when I try to connect to "xfinitywifi"?

Joe D
  • 3
  • 2
  • 1
    They should have given you an identifier. Hook up to that and delete other connections with NETSH WLAN commands. – John Jan 27 '22 at 22:31
  • You cannot really due the intentional implementation that Comcast is using. – Ramhound Jan 27 '22 at 22:41
  • @John The networks all have the same SSID but different BSSIDs. I can't find any way to use NETSH WLAN to block a particular BSSID. If there is a way that would solve my problem. – Joe D Jan 27 '22 at 22:47

1 Answers1

0

You need to ask your Landlord what SSID / BSSID you should use.

(A) To Hide or Block SSIDs you see and do not want use the following NETS WLAN commands.

The information is all below. Information on BSSID is also there.

This should stop Windows 10 from displaying other networks.

(B) Another thing you can do is delete all connections, restart and just connect to your connection. Do not connect to any others.

(C) If (as you later said) you want to go anywhere in building and not see some SSID / BSSID access points, you need to equip yourself with a good sniffer, knowledge of what you are seeing, and good knowledge of NETSH WLAN commands, especially the use of mode=bssid .

You should be able to block at BSSID with:

netsh wlan add filter permission=block ssid="12345" networktype=infrastructure ,

which includes BSSIDs specified as MAC address or other.

Use netsh wlan show networks mode=bssid to see bssid included within a SSID.

(D) Finally, delete ALL wireless networks and restart your computer. Connect ONLY to your network.

Now, if you move about the building, either do not connect or connect to a known good point.

Do not connect to any point and this may stop the need to block networks.

Also look at:

How to prevent computer connecting to weak BSSIDs

See BSSID

Packets bound for devices within the WLAN need to go to the correct destination. The SSID keeps the packets within the correct WLAN, even when overlapping WLANs are present. However, there are usually multiple access points within each WLAN, and there has to be a way to identify those access points and their associated clients. This identifier is called a basic service set identifier (BSSID) and is included in all wireless packets.

You will need to find a way to see / identify this in a wirelss sniffer.

Your landlord may have given you a connection sheet to follow and that will help you.

============================

Block a WiFi Network

Windows doesn’t provide any options in the Settings app or Control Panel, but you can easily block a WiFi network using the Command Prompt. To block a WiFi network, all you need is the network name or SSID. You can get a WiFi network name by looking at the network connections pop-up. (Click on the network icon in the taskbar.) When you block a WiFi network, it will no longer appear in the network connections pop-up, and you won’t be able to connect to it.

To start, search for “Command Prompt” in the Start menu, right-click on it and select the option “Run as Administrator.”

In the command prompt window, execute the below command to block the WiFi network. Replace “WiFi Network Name” with the actual SSID or network name.

netsh wlan add filter permission=block ssid="WiFi Network Name" networktype=infrastructure

As soon as you execute the command, said WiFi network will be added to the blacklist filter, and you will be no longer be able to see or connect to it.

In the future, if you want to allow the WiFi network, all you have to do is to delete the entry from the blacklist. To do that, execute the below command while replacing “WiFi Network Name” with the actual blocked network name.

netsh wlan delete filter permission=block ssid="WiFi Network Name" networktype=infrastructure

If you don’t remember the actual name, then use the below command. It will list the names of all the allowed and blocked WiFi networks.

netsh wlan show filters

To see all the networks your Windows 10 or 11 machine sees:

netsh wlan show networks mode=bssid

John
  • 46,167
  • 4
  • 33
  • 54
  • This does not seem to solve the issue. The command only seems to be able to block an SSID, not a BSSID. Blocking an SSID won't work; all the networks have SSID "xfinitywifi" but there is one particular bad access point that I want to avoid. I know its BSSID but I can't figure out how to get Windows to avoid connecting to it when I try to connect to "xfinitywifi". If there is an option with netsh to do this I don't see it in the documentation (and the obvious `bssid=...` does not work). – Joe D Jan 27 '22 at 23:05
  • You may need a wireless sniffing device to see the properties of nearby connections. I use inSSIDer to this and I think Meta Geek might have a trial version. – John Jan 27 '22 at 23:08
  • Sorry, I'm not sure how that would help. It looks like a diagnostic tool for network admins, but I'm a guest in the spaces where this rogue access point is a problem. I don't have authority to move routers around or reconfigure things or add new access points. I just want to block a particular access point via its BSSID when connecting to a network with SSID "xfinitywifi". If I can do that with this software then it would help but I can't find any method for doing so. – Joe D Jan 27 '22 at 23:27
  • I ran inSSider and did not see BSSID but that is because there are none around. Another thing you can do is delete all connections with NETSH WLAN commands, restart and just access yours. I amended my answer – John Jan 27 '22 at 23:30
  • Thanks for your help in understanding the issue but blocking via SSID (instead of BSSID) and "just access your [network]" are not viable solutions in this case. I *do* want to connect to and roam around networks with SSID "xfinitywifi" in parts of my building where my own wifi signal does not reach, but I need to block a particular known bad access point with this same SSID but with a known BSSID. I edited my question to clarify what I want to do. – Joe D Jan 27 '22 at 23:48
  • Then you need a good sniffer to see what is around you and delete what you do not want. Your newest comment is VERY different from your question. So get a good sniffer. Then you can make use of the NETS WLAN commands posted already – John Jan 27 '22 at 23:50
  • I amended my post with a part C to provide for moving around. – John Jan 28 '22 at 00:01
  • I'm sorry if I was unclear initially. I know the good and bad BSSIDs. I don't need to sniff them out. I just want to block Windows from connecting to the single known bad access point. I cannot block based on SSID because all the networks have the same SSID including the ones I do want to connect to. So I need to block the bad BSSID. Any method of blocking Windows from connecting to certain access points based on BSSID (not SSID!) is all I need. – Joe D Jan 28 '22 at 00:06
  • You need an App that shows you BSSID properties and use mode=bssid in NETS WLAN to hide / block those. – John Jan 28 '22 at 00:10
  • Can you please provide an actual complete `NETS WLAN` command that blocks a particular BSSID? I am looking at the documentation and not seeing any way to block a bssid. `netsh wlan mode=bssid add filter permission=block ssid="00:00:00:00:00:00"` does not work. `netsh wlan add filter permission=block bssid="00:00:00:00:00:00"` also does not work. Nor does any other combination I could think of, and the documentation does not indicate that this is possible. – Joe D Jan 28 '22 at 00:20
  • I have added some commends about blocking weak SSIDs. See if that helps – John Jan 28 '22 at 00:25
  • Sorry, the command you added here seems to be blocking based on SSID, not BSSID. I know how to do this but it is unhelpful. Again, I need to block based on BSSID because I am specifically trying to connect to networks with SSID "xfinitywifi" and block a particular network with the exact same SSID "xfinitywifi". So blocking must be based on something other than SSID, which could be BSSID. – Joe D Jan 28 '22 at 00:32
  • I added specific info on BSSID but you need to identify by sniffer or some other way (landlord) what the name is – John Jan 28 '22 at 00:37
  • Thanks for your help but no, I don't need to identify the BSSID. I know it. I just need to filter based on it. The commands you have given are for filtering based on SSID, but (as explained in the question) that is not viable. The filtering must be based on BSSID (which I know but which cannot be filtered by the commands you have given). – Joe D Jan 28 '22 at 00:42
  • If I type netsh wlan add filter permission=block ssid="xxxxx" networktype=infrastructure, it executes successfully and I assume the BSSIDs included (identified by MAC address are also blocked. – John Jan 28 '22 at 01:08
  • I added a section D which goes back to: get to one single network (yours) and then only connect to known good networks. This may mean you do not need to block anything. Use great care in connecting – John Jan 28 '22 at 01:47
  • I tried something like `netsh wlan add filter permission=block ssid="bad-bssid"` before and it didn't seem to work, but I just tried it again and it seems like it is probably working now (hard to be completely sure but the computer did switch to a different access point after this). Maybe I made a mistake copying the bssid. Either way the program in the linked answer worked just as well. Sorry for the confusion. – Joe D Jan 28 '22 at 02:00