What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

limit access to the admin console

nlehrer54

Occasional Visitor
hi.

is there a way to limit access to the admin console to the ethernet ports? so just thru a wired connection, not through wifi?

thanks
 
I expect there’s a clever way of doing it, but if you set up and only use the guest wireless networks, you could then turn off - or don’t allow - intranet access. Would that do it for you?

And as someone reminded us in the last couple of days, you don’t have to stick to “admin” as your username to access the webui/console: you could, if you wanted, make it as complex as your password.

And, finally, welcome to our great forum.
 
I expect there’s a clever way of doing it, but if you set up and only use the guest wireless networks, you could then turn off - or don’t allow - intranet access. Would that do it for you?

And as someone reminded us in the last couple of days, you don’t have to stick to “admin” as your username to access the webui/console: you could, if you wanted, make it as complex as your password.

And, finally, welcome to our great forum.
 
thanks.
i seem to remember an old router that had a config option for this. it was either don't allow console access thru wifi or only allow console access thru ethernet. same result.

how do i make this a suggestion?
 
thanks.
i seem to remember an old router that had a config option for this. it was either don't allow console access thru wifi or only allow console access thru ethernet. same result.

how do i make this a suggestion?

This would not be a valid suggestion because it is outside the aims of Merlin’s project. See the last sentence below.

“Asuswrt-Merlin is an alternative, customized version of that firmware. Developed by Eric Sauvageau, its primary goals are to enhance the existing firmware without bringing any radical changes, and to fix some of the known issues and limitations, while maintaining the same level of performance as the original firmware. This means Asuswrt-Merlin retains full support for NAT acceleration (sometimes referred to as "hardware acceleration"), enhanced NTFS performance (through the proprietary drivers used by Asus from either Paragon or Tuxera), and the Asus exclusive features such as AiCloud or the Trend Micro-powered AiProtection. New feature addition is very low on the list of priorities for this project.”

Does sole use of the guest wifi without intranet access not fulfil your needs?
 
Last edited:
thanks.
i seem to remember an old router that had a config option for this. it was either don't allow console access thru wifi or only allow console access thru ethernet. same result.

how do i make this a suggestion?

The classic WRT54G's had this option in their WebUI
 
nlehrer54,

like martinr already suggested, the guest network route is a good option for what you're asking for. The guest network(s) can be configured for no local access and also for full access (for yourself, for example). For each band.

Unless of course, you need to share printers, a NAS or other resources over WiFi.

The option there then is to look into YazFi. It may give you the more granular control you need by creating guest networks with specific access rules?

https://www.snbforums.com/threads/y...-merlin-guest-wifi-inc-ssid-vpn-client.45924/
 

From that same thread:

https://www.snbforums.com/threads/option-to-disable-wirless-login.47786/page-4#post-418890

sfx2000 said:
IMHO - this is a tempest in a teacup - a lot of these recommendations and suggestions will break other things inside the router, and ultimately end up with another thread asking as to why things do not work.

Here's my suggestion - set a strong password, enable HTTPS on the Asus WebUI, and you're done...

RMerlin replies:
simple enough
Especially as it has brute force protection.
 
hi.

is there a way to limit access to the admin console to the ethernet ports? so just thru a wired connection, not through wifi?

thanks

Not exactly what you want but under administration, system you can allow access only for certain IPs. Assign static IPs to the Ethernet ports on devices you want to allow administrative access from then list the static IP as IPs that have access. Of course if someone knows what you have done they could assign the listed IP(s) to a wireless adapter and gain access.

I have used this feature in prior versions of Merlin's firmware but not 384.9 but I see no reason since the option is available it won't work.

If you want to make it more secure pick an arbitrary IP in the subnet you are using that isn't part of the DHCP pool or a static IP around your pool. Then in order to gain access you will first have to go in and assign this IP to the device that you want to have administrative access.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Back
Top