What's new

(NOOB) Definition of "minimal and manual configuration"

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

@Amwjujo you should select to use the new one. :)
 
@Amwjujo you should select to use the new one. :)
Yeah ... I know but my wife and the kids will kill me if I'll let them out of internet now with this isolation- especially in the evening .
So, testing like this for the moment
Cheers.
 
Things change.

<This link> shows an older Asus. Halfway down is the B/G check box.

<And this link> shows a newer Asus. The check box is gone. Instead the pop down under wireless mode now contains "N only".

I'm not quite sure why the change. I'm guessing it's just a different way of saying either accommodate B/G or ignore B/G?
In response to a really old part of this thread: I just discovered this: If your router has Smart Connect enabled at the top of the wireless tab it won't show Optimize for XBox option.
 
Thanks
Been investigating the forums, and basically came back with a few additional notes, and I put in setting locations, well as per latest Merlin firmware on an AC68U anyway.
...
11. Uncheck Xbox and B/G protection (Both bands). GUI > Advanced Settings > Wireless > General tab
...

Just been going through these settings on the stock firmware before I flash to merlin at some point in the next few days....

It seems that B/G protection can't be unticked when the wireless mode is set to 'auto' or 'N'. It only allows me to untick when set to Legacy. Whats the recommended option in this case?
 
@Hugga Wugga suggested to leave it in Wireless Mode Auto. :)
 
does running unbound on the pihole.. eliminate the option boxes in pihole web interface for a upstream dns server?
No, because you still need to point Pi-Hole to the Unbound instance also running on the RaspberryPi (e.g. 127.0.0.1#5453 or whatever configuration you use for Unbound). Pi-Hole isn’t really aware of Unbound otherwise. But you don’t want to use any public upstream except Custom (for Unbound).
 
Are all the recommendations made in post #3 still valid?

I have seen in other posts the recommendation to use 8 character SSIDs.
Is that just a personal preference or performance related?
 
Are all the recommendations made in post #3 still valid?

I have seen in other posts the recommendation to use 8 character SSIDs.
Is that just a personal preference or performance related?
Part may have been revised here:
which will lead you to here
see post 5
 
Last edited:
@geralds34 welcome to the forums.

Yes, those suggestions are still valid. And the reasons are too if you want to have the most trouble-free network experience by following the best practice tips, I have picked up from the members here (particularly from when I first joined).

While they are a combination of personal preference (i.e. to have a 'standard') and for performance reasons (i.e. members have posted issues with shorter SSIDs, that simply giving a longer SSID solved), they are based on past observations and I believe are a must when changing from one class router to a newer/different one. (i.e. N class router to AC, AC class router to AX, etc.).
 
Thanks for this thread. I have just upgraded to the latest verison of MERLIN and this was less work that I expected and I feel much better about the upgrade.

One question: as part of the "Definition of "minimal and manual configuration" - would setting up the SSL for WebUI be included?

If so - when do most folks do this and how? I think there are several ways with many folks leverlaging the certs from pixelserv-tls?

Is there a link on the latest way to do this bit? I think there are some things built into AMTM for this? Or do you just follow this:

https://github.com/kvic-z/pixelserv-tls/wiki/Create-and-Import-the-CA-Certificate

Which references Entware....Thanks!

 
@TexasDave, I would not be going down that path you're considering. Particularly when pixelserv-tls is considered obsolete/abandoned and will more than likely be removed from the next Diversion release.

The point of 'minimal and manual' is that the router is at its most basic, broadest, and most stable/compatible state it can ever be. I don't think setting up SSL for the GUI would fit that 'ideal'.

This thread is still the basis of all I do for me and my customer's routers. But it is getting long in the tooth and needs updating soon. Along with the amtm Step-by-Step guide. :)

 
@TexasDave, I would not be going down that path you're considering. Particularly when pixelserv-tls is considered obsolete/abandoned and will more than likely be removed from the next Diversion release.

That sounds like wise advice. :)

I did not know that (about Pixelserv) and have been looking at various "how to" articles and they span many years.

My system is now setup - pretty minimal (will just add Diversion on top) and keep it that way for some time. My main goal was to get the "new" aiMesh buld loaded on my two routers and that is working like a champ.

All is working weel enough and I just need to learn to leave well enough alone - Thanks!
 
@TexasDave, I would not be going down that path you're considering. Particularly when pixelserv-tls is considered obsolete/abandoned and will more than likely be removed from the next Diversion release.

The point of 'minimal and manual' is that the router is at its most basic, broadest, and most stable/compatible state it can ever be. I don't think setting up SSL for the GUI would fit that 'ideal'.

This thread is still the basis of all I do for me and my customer's routers. But it is getting long in the tooth and needs updating soon. Along with the amtm Step-by-Step guide. :)

Hey mate, was wondering if this M&M instructions still valid today (Oct2021)? I was doing a reset to troubleshoot an issue but noticed that latest firmware of Merlin already comes with amtm so that step could may be redundant?
 
Uncheck Xbox and B/G protection (Both bands).
Regarding this. On my AX-68U B/G protection checkbox on 2.4GHz can only be unchecked when Wireless mode is set to Legacy.
For rest of the modes (Auto and N only) B/G protection checkbox is checked and greyed out.
For 5GHz mode B/G protection checkbox is not present. Would be weird if it would. B/G do not use 5GHz.
Xbox protection checkbox is always available for both bands in all modes and can be checked or unchecked as you please.
 
It means exactly what it says. Nothing more, nothing less. Only enable options that you need. And disable the options you don't need.

This is what I consider a base line.


Before flashing new firmware.
  • Make a backup cfg file and label it with the firmware version currently running on the router. (I save this with the associated trx firmware file in a safe place, along with the next item, if needed).
  • Save any custom settings to the jffs partition in a safe place.
  • Remove all USB devices from the router.
  • Reboot via the gui and let it settle for 5 minutes after it comes up again.

Flash new (or existing) firmware.
  • Flash new firmware (and in some cases, re-flash the existing firmware if any random, unexplained glitches are still causing issues).
  • Reset to factory defaults via the gui.
  • After the router has rebooted (point above), do a hard reboot (pull the power plug), wait a couple of minutes and then power it up again.

After new firmware loaded.
  • Use the wizard to connect to your ISP.
  • Use new ssid's for all bands and radio's (most likely easier to do after the wizard completes for dual 5GHz band radio's capable routers). You can reuse the old passwords though.
  • Disable media server.
  • Disable network share.
  • Disable NFSD.
  • Disable FTP.
  • Change device name (if needed), set Force as Master Browser and indicate the Work Group name (these steps are optional for some home users).
  • Disable WPS.
  • Disable WDS.
  • Uncheck Xbox and B/G protection (Both bands).
  • Wireless Mode: Auto (default).
  • Control Channel: set manually after testing each channel.
  • Preamble Type: Short.
  • Spanning Tree Protocol: Disabled.
  • IPv6: Disabled.
  • Enable DoS protection: Disabled.
  • Set time zone to your area.
  • Format JFFS partition at next boot: Yes.

  • Any other options not specified above is left at it's default setting following the above reset to factory defaults above.

At this point, reboot the router (via gui) twice, waiting 5 minutes before the second reboot (this allows the JFFS partition to be formatted and then available).

Now, if needed, Enable JFFS custom scripts and configs. Reboot and wait 5 minutes after the router comes up.

This is where I would create another cfg backup and name it with the firmware version just installed. Save this as the 'base default' (but remember that if you use it to use new ssid's and to format the JFFS partition again too).

At this point I will test different channels for each band (and /or radio) to find the best for that specific environment.

After finding the best channel and if things are stable at this point for an extended period (at least a week), other available router options may be introduced one at a time and added to as (and if) they prove stable.
To factory reset today, would this still be the way to go?

Do I still disable all the things mentioned, and are there more stuff to do in 2022?
 
To factory reset today, would this still be the way to go?

Do I still disable all the things mentioned, and are there more stuff to do in 2022?
Just do a reset with initialize and you are ready to reconfigure. No need for fancy procedures!
 
Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top