RT-AC68U - In AP mode does Merlin FW have Bandwidth Limiter

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

fishface

New Around Here
I have a RT-AC68U FW384.15 and when you use it in AP mode the QoS, Bandwidth limiter options are not available - do any of the Merlin FW re-enable these options when in AP mode?
 

eibgrad

Very Senior Member
NO. Bandwidth control is typically a function of the WAN. And an AP has no WAN, it's strictly LAN to LAN.
 

CaptainSTX

Part of the Furniture
Depending on what you want to accomplish there are a couple functions that are functional on an AP that can limit bandwidth.

One you could set the 2.4 Ghz radio to B or G which would certainly slow someone down and limit the band width they could utilize.

Another option is to enable a guest network and limit the number of hours of access for any client. (Note depending on the firmware and how you set the options a guest network run on an AP may not restrict connected clients from the Intranet.)

Not exactly elegant but it some fashion it will restrict bandwidth utilization.
 

fishface

New Around Here
Thank you both.

I flashed the FW anyway, I like the Merlin FW, having said that, in AP mode there isn't much benefit.

CaptainSTX - tthe B & G radio is a good idea.

I already use the WiFi scheduler, I turn off the radio chipset at night, so WiFi wise it's dead.

The problem, when the kids have friends over, we can easily have another 6-10 devices, all using it for YouTube, TikTok (which is really bad as kids upload nearly as much as they download).

When I used Tomato FW I use to feed the AP using a separate VLAN, I miss that.
 

eibgrad

Very Senior Member
Given your described usage, AP mode doesn't make much sense. In a routed configuration, the router's private network provides the same isolation as a VLAN, only it's physical as opposed to virtual.

Just daisy-chain the second router to the primary router (WAN to LAN respectively) and add firewall rules to the second router to prevent access to resources on the primary router. And now you have full access to all the router's features. When guests come over, you power ON the second router, and OFF when they leave.
 

fishface

New Around Here
So, what you are saying, if I've got this right, is set-up the second router in router mode, not AP, and then use firewall rules?
 

eibgrad

Very Senior Member
So, what you are saying, if I've got this right, is set-up the second router in router mode, not AP, and then use firewall rules?

Yes. Place the following in a firewall-start script on the second router and all access to the immediate upstream network will be denied. Only internet access will be available. Now bandwidth limit, QoS, mac filter, etc., to your heart's content. :)

Code:
iptables -I FORWARD -d $(nvram get wan0_ipaddr)/$(nvram get wan0_netmask) -j REJECT

P.S. You could also enable remote access to the GUI of the second router for administrative purposes, since it's NOT directly exposed to the internet (see Administration->System->Remote Access Config).
 
Last edited:

eibgrad

Very Senior Member
Probably wouldn't be a bad idea to limit the users access to the router as well. Just the minimum services necessary, typically DHCP and DNS (and perhaps ICMP (ping)).

Code:
iptables -I INPUT -i br0 -j $REJECT
iptables -I INPUT -i br0 -p udp --dport 67 -j ACCEPT # dhcp
iptables -I INPUT -i br0 -p udp --dport 53 -j ACCEPT # dns
iptables -I INPUT -i br0 -p tcp --dport 53 -j ACCEPT # dns
iptables -I INPUT -i br0 -p icmp -j ACCEPT # ping (optional)
 

eibgrad

Very Senior Member
BONUS TIP: Place the router on a wifi-enabled AC smart plug and manage it (ON/OFF, schedule, etc.) from your smartphone! ;)
 

eibgrad

Very Senior Member
BTW, just in case it's not obvious, you need to use a different IP network from the primary router. IOW, if the primary is 192.168.1.x, perhaps try 192.168.2.x. And I recommend always starting w/ a factory reset whenever changing operating modes.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top