What's new

Disabling LAN ports

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Portalnet

Regular Contributor
Hello. I would like to disable unused LAN ports. I have a NAS connected to one LAN port (IP address assigned by DHCP via MAC). I would like to turn off the other three LAN ports so that nobody can connect to them and use the Internet (even after entering their own IP addresses)
Can it be done on original ASUS or Merlin?
 
If someone has physical access, what would stop them from unplugging your NAS and using that port?
 
This is silly thinking consumer gear can do simple things like turning off a port. These devices are as dumb as they can get for people that don't know networking. If you want control you need to go at least smb or diy.
 
I was more concerned with assigning DHCP to one socket, and turning off the other. it's always some kind of security.
But I demand too much from consumer cunning.
 
Disable DHCP and use a static subnet that's not common to guess from visitors. The easiest would be using something in the 172.16.x.x range.
 
@ColinTaylor

A thought came to mind to enable at boot by putting it in a rc.local or setup a cron to implement it periodically.

Asuswrt doesn't use rc.local but Merlin's firmware has something similar that's why I said it could be done with Merlin. It's also possible in stock firmware using a USB drive. Changing one nvram variable would be even easier (if that works).
 
@ColinTaylor

Then maybe that should be suggested to @RMerlin to add the feature in a KISS methodology that users can figure out how to use? I don't use Asus nor am I interested enough to dive into the inner workings of them. I do know they use Linux like everything else on the internet and there is where my experience comes into play with tweaking things. Of course things don't translate 100% because of Asus and other OEMs being closed sourced and renaming crap for their benefit but, being cousins there's usually a way to make them talk to each other in the same language. You picked up on what I was saying so, there's that.
 
@ColinTaylor

Then maybe that should be suggested to @RMerlin to add the feature in a KISS methodology that users can figure out how to use? I don't use Asus nor am I interested enough to dive into the inner workings of them. I do know they use Linux like everything else on the internet and there is where my experience comes into play with tweaking things. Of course things don't translate 100% because of Asus and other OEMs being closed sourced and renaming crap for their benefit but, being cousins there's usually a way to make them talk to each other in the same language. You picked up on what I was saying so, there's that.
Was (or is) there any movement on this potential option? I’d be interested to use it to prevent a particularly pesky guest from just plugging in his Ethernet cable to get faster gaming speed. I appreciate there’s probably workarounds for more tech savvy folks so this would just be 1st line attempt at prevention. Ta
 
Was (or is) there any movement on this potential option? I’d be interested to use it to prevent a particularly pesky guest from just plugging in his Ethernet cable to get faster gaming speed. I appreciate there’s probably workarounds for more tech savvy folks so this would just be 1st line attempt at prevention. Ta
A method used in office buildings to prevent people from plugging in phones and computers in where they were not supposed to was to take an RJ-45 plug and shorten the locking tab so it doesn't protrude out of the jack. The plug can still be removed but not without a tool of some type.

It also helped to prevent this from happening if someone was found removing a plug they were subject to being fired as it was hard for them to claim it was just a mistake.
 
I’d be interested to use it to prevent a particularly pesky guest from just plugging in his Ethernet cable to get faster gaming speed.
Disabling unused LAN ports won't solve your underlying issue, the pesky guest, from simply unplugging an existing LAN cable and plugging their in. The solution is to either prohibit the guest from the premises or move the router to a location that the guest cannot access. Once the guest has physical access to the router they can overcome any firmware code change you try to implement by either removing existing LAN cables or by simply resetting the router.
 
A method used in office buildings to prevent people from plugging in phones and computers in where they were not supposed to was to take an RJ-45 plug and shorten the locking tab so it doesn't protrude out of the jack. The plug can still be removed but not without a tool of some type.

It also helped to prevent this from happening if someone was found removing a plug they were subject to being fired as it was hard for them to claim it was just a mistake.
Not a bad idea ! Simple. I’ll look at that, ta.
 
So your guest has physical access to your router? Sounds like you need to move the router to a more secure location.
Yes, but it means finding a cupboard close to the ONT or putting it into a box.
 
Disabling unused LAN ports won't solve your underlying issue, the pesky guest, from simply unplugging an existing LAN cable and plugging their in. The solution is to either prohibit the guest from the premises or move the router to a location that the guest cannot access. Once the guest has physical access to the router they can overcome any firmware code change you try to implement by either removing existing LAN cables or by simply resetting the router.
I see. Hmm. Food for thought on the guest, especially if it’s a relative :). But yes, all good suggestions…
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top