First off, Thank you again Merlin for your magic. I'm coming at this from a soho standpoint...
Scenario 1: I've taken advantage of site to site OpenVPN across 15 of my sites. This easily enables me to give access to a Synolgy NAS box that hosts files for our offices, and to push scan things from our newer copiers instead of faxing.
The VPN is rock solid stable, with a low build. (.24) I'm going to go to a newer build with a new router, because I was never able to get the VPN working right after .26 for some reason.
So when a DHCP client is connected, that means that those wireless clients have access to my VPN. I'm not seeing it, or how to, and I'm no router/networking expert, but I'd like to disable the wireless in such a way that only the guest wireless would work. That way, there is no way anyone could be snooping around the network if someone hacks the wireless password. It's not really a question of if, it's when. Ideas?
Scenario 2: Mistakenly, there were a couple computers set away from the IP scheme that I was using internally. Wireless DHCP clients go high...200+ range, and all of my static, set on PC's, start at 100. I had some set to .40, and .44, so when I noticed them, I immediately started looking what the heck they were. The network map didn't help much, as for whatever reason, the host names didn't show up.
Luckily, an install of Spiceworks that we were beta testing helped identify the PC's by host name, so I could go fix them. During that time of figuring out what those computers were I went to go block access by mac address.
I went, wait, if it was DHCP, the IP's would be in the 200+ range. I've set static IP's on the computers, not on the router, which obviously would be easier at times. Anyway, I blocked the mac address in the wireless, knowing that would not work...low and behold, of course it didn't...Yes, in the scenario of if you are small office, or a home office, you should know what is physically connected to your network, but, in offices that I am far away from, I have no idea if something is physically connected. Long story short, and I hate to even mention DD-WRT, because DD-WRT left a bad taste in my mouth, but I do miss one thing. Blocking access by mac address.
Is this something that can be done/added in the GUI?
Sorry for being long winded.
Scenario 1: I've taken advantage of site to site OpenVPN across 15 of my sites. This easily enables me to give access to a Synolgy NAS box that hosts files for our offices, and to push scan things from our newer copiers instead of faxing.
The VPN is rock solid stable, with a low build. (.24) I'm going to go to a newer build with a new router, because I was never able to get the VPN working right after .26 for some reason.
So when a DHCP client is connected, that means that those wireless clients have access to my VPN. I'm not seeing it, or how to, and I'm no router/networking expert, but I'd like to disable the wireless in such a way that only the guest wireless would work. That way, there is no way anyone could be snooping around the network if someone hacks the wireless password. It's not really a question of if, it's when. Ideas?
Scenario 2: Mistakenly, there were a couple computers set away from the IP scheme that I was using internally. Wireless DHCP clients go high...200+ range, and all of my static, set on PC's, start at 100. I had some set to .40, and .44, so when I noticed them, I immediately started looking what the heck they were. The network map didn't help much, as for whatever reason, the host names didn't show up.
Luckily, an install of Spiceworks that we were beta testing helped identify the PC's by host name, so I could go fix them. During that time of figuring out what those computers were I went to go block access by mac address.
I went, wait, if it was DHCP, the IP's would be in the 200+ range. I've set static IP's on the computers, not on the router, which obviously would be easier at times. Anyway, I blocked the mac address in the wireless, knowing that would not work...low and behold, of course it didn't...Yes, in the scenario of if you are small office, or a home office, you should know what is physically connected to your network, but, in offices that I am far away from, I have no idea if something is physically connected. Long story short, and I hate to even mention DD-WRT, because DD-WRT left a bad taste in my mouth, but I do miss one thing. Blocking access by mac address.
Is this something that can be done/added in the GUI?
Sorry for being long winded.