Menu
What's new
By:
Filters Better Search

I've disabled WPS. What other options should a noob start with?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

N

Nicoletta

Occasional Visitor
I've read enough to know that disabling WPS is a good start. I have also managed to get Skynet and Diversion working. What else is a recommended baseline for a fast, safe and secure network?
 
Nicoletta said:
I've read enough to know that disabling WPS is a good start. I have also managed to get Skynet and Diversion working. What else is a recommended baseline for a fast, safe and secure network?
Click to expand...

My install notes outline basic Asuswrt router settings. Ignore the AiMesh bits. I suppose Asuswrt-Merlin has more settings to consider.

OE
 
Have a look at my signature for the link to a few posts that may interest you. I would begin with the M&M Config guide. :)
 
basically all the things that ai trend micro recommends doing when you scan with it. You can also set the web gui to https only and set a specific admin ip. mac filtering wireless devices helps keeps things sane too. Create a guest network with disabled intranet for iot devices that don't need interlan access.
 
Nicoletta said:
I've read enough to know that disabling WPS is a good start. I have also managed to get Skynet and Diversion working. What else is a recommended baseline for a fast, safe and secure network?
Click to expand...
Disable UPnP, flip on Trend Micro's services, turn on the firewall, disallow WAN access unless you need it & use an Access Control List, turn off SSH unless you plan to use it, ... anyone else?
 
Without knowing what router and firmware you're using; I'll suggest the following based on a supported RMerlin router and the latest 386.1 Beta 2 firmware that gives us so much more control of an AiMesh network we can create. The following are not in any order, but all are recommended, and many have pre-requisites too.

For Security:
  • Use a non-default Local LAN IP range (i.e. not 192.168.1.x or 192.168.50.1 that most Asus routers boot up with).
  • AiProtection: Enable All
  • Use a non-default OpenVPN Server port (I suggest not using anything that is 'registered', use the range above 51,000).
  • Disable WPS
  • Disable all 'Media' servers.
  • Disable Samba
  • Use Diversion
  • Use Skynet
  • Use Unbound
  • Use YazFi
  • Use WPA2 Personal
  • Use a non-default ssh port (I suggest not using anything that is 'registered', use the range above 51,000).
  • Do not enable WAN access for ssh.
  • Use Guest networks for family devices (they can never keep a secret when guests come over!).
  • Use a LAN Domain Name in LAN - LAN IP
  • Always update to the latest firmware. Doesn't need to be the day it is released. But if you're still debating about installing it a few weeks later...
  • DO NOT USE A PAID-FOR VPN. Not only a waste of money but a high potential security risk because it causes a false sense of security which breeds complacency too.
For Performance:
  • Use Diversion (faster because of no ads).
  • Use Skynet (less malware, less downtime, faster/always happiness).
  • Use Unbound (be your own DNS server, trust yourself, not others).
  • Use YazFi (take full control of your Guest Wi-Fi clients).
  • Use a USB drive like the link below for amtm + Entware + swap file + scripts as suggested here, or better.
  • Use a wired backhaul for AiMesh main + nodes. If using 2x RT-AX86U (or similar capabilities), use the 2.5GbE Ports, not the 1GbE Ports.
  • Use a new 8-character SSID with no spaces, punctuation, smiley faces, or other special characters (same for the passwords, but use 16 characters there). Particularly if you've upgraded up, a Wi-Fi class of router (i.e. N to AC, AC to AX, AX to AXE, etc.).
  • Do not over-saturate your home with RF. One, or two RT-AX86U can handle homes of 6K SqFt or larger. More is not always better.
  • Do not use wireless AiMesh when you have very fast ISP speeds (i.e. over 500Mbps both up and down). Strive to use an Ethernet connection for the backhaul whenever possible (and it's well worth throwing a few dollars to an electrician to do this for you).
  • Do a full reset to factory defaults, after flashing the firmware you want to use.
  • Do not import an old, saved backup config file.
  • Do not 'Blindly' use old settings that may have worked before.
  • Use the new and expected defaults of the new router and firmware and only change the suggested settings ( New M&M 2020 ), if and as needed.
  • Use Auto for Wireless Mode.
  • Do not use Auto for the Control Channels for both the 2.4GHz and the 5GHz band.
  • For 2.4GHz, test each channel at 20MHz width (only test 1, 6, and 11), keeping notes which one was superior not just for speed tests (don't use just one, btw, use as many speed tests as you can - the results will vary), but also for how responsive the network is just browsing the internet, connecting to the NAS (if in use), or interacting with other devices within the network.
  • For the 5GHz band, test each channel thoroughly. There is no shortcut here. This isn't a race either. Fine-tune the network for reliability and speed for as long as it takes (you).
  • Do not use a Wi-Fi 'analyzer' app. Waste of time, albeit it may give you some pleasure seeing a few details the first few times. Do not have such an app running when doing your tests (the 'observing' with the app, affects the results).
  • Take good notes for both bands and keep them. You'll be able to refer to them in the future and learn the quirks of your specific Wi-Fi environment.
  • Do not use Smart Connect (it's 'dumb' and doesn't help in most cases).
  • Do not use a single SSID (devices are 'dumb' too, they connect where they want, not where you need them to).
  • Do not use the router as a NAS with a performance and stability robbing USB drive - if you need Network Attached Storage (NAS), buy one.
  • Do experiment with Antennae placement.
  • Do experiment with Router placement.
  • Do experiment with Router orientation.
  • Do experiment, period. Inches and 10, 20, or 30 degrees for antennae or router orientation can make a difference.
  • But keep good notes, very good notes. Have repeatable 'tests' with the same client devices and don't rush. Better, will show as obviously better. Maybe better isn't worth raving about.
I must go, but here are links that may help more with both security and performance. I hope I haven't forgotten any obvious ones! I'm sure the gang here will let me know.

OzarkEdge AiMesh Notes

Duckware Understand Wi-Fi 4/5/6 (802.11 n/ac/ad/ax)

Antenna - Dr Trevor Marshall

Fully Reset Router and Network

Order of installing popular scripts | SmallNetBuilder Forums

L&LD | SmallNetBuilder Forums

New M&M 2020


Merry Christmas and Happy New Year to all! Stay safe friends!
 
L&LD... Are these good settings for my AX-88u? It seems everything from my light bulbs and refrigerator to my car can access my network. I need a setup that will allow my Wifi 6 capable devices to use Wifi 6 and my older devices to cohabitate and work at their best rates without too many hiccups.
I realize this is an old post. I'm running the latest Merlin firmware as of the date if this post. Can you direct me to a good setup guide for my situation?
 
Nicoletta said:
I've read enough to know that disabling WPS is a good start. I have also managed to get Skynet and Diversion working. What else is a recommended baseline for a fast, safe and secure network?
Click to expand...

First, think beyond the router. When I hear 'secure network' the first thing should always be thinking beyond the periphery, to the 'soft underbelly' that's inside. Hopefully you've already considered that :) Things like turning on the firewall on your internal devices. Or splitting traffic from suspect IOT devices by putting those on their own guest network.

Second, secure is a matter of degrees and should be based on what reasonable threats you want to protect yourself from. Things like keeping the software updated, especially when there is a new exploit, are key. That means it's more than "set it and forget it" but keeping up with developments and new threats.
Think about what matters most to you and how to protect that. That should include backups that are offline if something does happen.
NEVER re-use passwords between different accounts.

Finally, there is a litany of things you can configure on the router, but again, think broader for a secured network. One thing: Check the digital signatures of the software you are installing, including the router software updates.

I purposely went a bit broader in my answer because you've already got plenty of things you can configure on your router in previous responses :)
 
cptnoblivious said:
First, think beyond the router.
Click to expand...

No. First look what/who you reply to. The user was last seen in May 2021.

7ravler said:
I need a setup that will allow my Wifi 6 capable devices to use Wifi 6 and my older devices to cohabitate and work at their best rates without too many hiccups.
Click to expand...

Separate the 2.4GHz and 5GHz bands. Use 5GHz for your faster devices, 2.4GHz for all your slower devices. If your network is working fine already, there is nothing to optimize. If you don't need anything special from Asuswrt-Merlin, keep it simple with stock Asuswrt. Use your free time for more enjoyable activities than poking your router settings for no reason. Most Asus routers work well for most users on default settings.
 
Tech9 said:
If you don't need anything special from Asuswrt-Merlin, keep it simple with stock Asuswrt. Use your free time for more enjoyable activities than poking your router settings for no reason.
Click to expand...
Hey Tech9... Very good advice. Once upon a time I was pretty well versed with all this technology, but it's been years. Now I'm one of those guys who knows just enough to be dangerous. I have been tweaking some of the settings I think I may have tweaked some things I shouldn't have. I'm just going to set it back to factory settings and make it so I can access my wireless and my wife will stop being mad at me for messing up the wireless
 
You must log in or register to reply here.

Similar threads

G
Asus RT-AX58u with 1 Gig Wifi and my wifi is super slow at times. Want the best settings in DNS, Professional section, etc. Could use help please!?
Replies
3
Views
1K
drinkingbird
drinkingbird
seke1111
Noob wanna get Pro
2
Replies
33
Views
4K
Tech9
Tech9
P
Port Forwarding Transmission with AirVPN
Replies
2
Views
774
pavlfz
P
koonthul
Home Network Plan - Where and What
2
Replies
20
Views
1K
degrub
D
T
Is the RT-AX88U Pro overkill with PFSense?
2 3 4
Replies
62
Views
3K
drinkingbird
drinkingbird
Similar threads
Thread starter Title Forum Replies Date
V Can AIProtection be disabled? Asuswrt-Merlin 7
P DNS Director bugging out (even when disabled): nslookup returns NOTIMP Asuswrt-Merlin 4
S AXE11000 - WPS bug? Asuswrt-Merlin 4
K WPS connection issues to IoT device with GT-AXE16000 GT-AXE11000 Asuswrt-Merlin 3
abraxas86 WPS not working, libupnp.so missing? Asuswrt-Merlin 5
J Issue with WPS in AiMesh Asuswrt-Merlin 3
P getop long options not work Asuswrt-Merlin 3
Z Advanced Settings - Options Disappeared Asuswrt-Merlin 26
L Will Merlin give me more configuration options to enhance Coverage/Speed over the Standard ASUS FW? Asuswrt-Merlin 4
W Is there any way to set additional Dropbear startup options? Asuswrt-Merlin 3

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 977 (members: 30, guests: 947)
Top