RT-AC68U - In AP mode does Merlin FW have Bandwidth Limiter

[fishface]

I have a RT-AC68U FW384.15 and when you use it in AP mode the QoS, Bandwidth limiter options are not available - do any of the Merlin FW re-enable these options when in AP mode?

 

[eibgrad]

NO. Bandwidth control is typically a function of the WAN. And an AP has no WAN, it's strictly LAN to LAN.

 

[CaptainSTX]

Depending on what you want to accomplish there are a couple functions that are functional on an AP that can limit bandwidth.

One you could set the 2.4 Ghz radio to B or G which would certainly slow someone down and limit the band width they could utilize.

Another option is to enable a guest network and limit the number of hours of access for any client. (Note depending on the firmware and how you set the options a guest network run on an AP may not restrict connected clients from the Intranet.)

Not exactly elegant but it some fashion it will restrict bandwidth utilization.

 

[fishface]

Thank you both.

I flashed the FW anyway, I like the Merlin FW, having said that, in AP mode there isn't much benefit.

CaptainSTX - tthe B & G radio is a good idea.

I already use the WiFi scheduler, I turn off the radio chipset at night, so WiFi wise it's dead.

The problem, when the kids have friends over, we can easily have another 6-10 devices, all using it for YouTube, TikTok (which is really bad as kids upload nearly as much as they download).

When I used Tomato FW I use to feed the AP using a separate VLAN, I miss that.

 

[eibgrad]

Given your described usage, AP mode doesn't make much sense. In a routed configuration, the router's private network provides the same isolation as a VLAN, only it's physical as opposed to virtual.

Just daisy-chain the second router to the primary router (WAN to LAN respectively) and add firewall rules to the second router to prevent access to resources on the primary router. And now you have full access to all the router's features. When guests come over, you power ON the second router, and OFF when they leave.

 

[fishface]

So, what you are saying, if I've got this right, is set-up the second router in router mode, not AP, and then use firewall rules?

 

[eibgrad]

So, what you are saying, if I've got this right, is set-up the second router in router mode, not AP, and then use firewall rules?

Yes. Place the following in a firewall-start script on the second router and all access to the immediate upstream network will be denied. Only internet access will be available. Now bandwidth limit, QoS, mac filter, etc., to your heart's content.

iptables -I FORWARD -d $(nvram get wan0_ipaddr)/$(nvram get wan0_netmask) -j REJECT

P.S. You could also enable remote access to the GUI of the second router for administrative purposes, since it's NOT directly exposed to the internet (see Administration->System->Remote Access Config).

 

[eibgrad]

Probably wouldn't be a bad idea to limit the users access to the router as well. Just the minimum services necessary, typically DHCP and DNS (and perhaps ICMP (ping)).

iptables -I INPUT -i br0 -j $REJECT
iptables -I INPUT -i br0 -p udp --dport 67 -j ACCEPT # dhcp
iptables -I INPUT -i br0 -p udp --dport 53 -j ACCEPT # dns
iptables -I INPUT -i br0 -p tcp --dport 53 -j ACCEPT # dns
iptables -I INPUT -i br0 -p icmp -j ACCEPT # ping (optional)

 

[fishface]

Man, this such a good idea, I'll set this up tomorrow.

Thank you!

 

[eibgrad]

BONUS TIP: Place the router on a wifi-enabled AC smart plug and manage it (ON/OFF, schedule, etc.) from your smartphone!

 

[eibgrad]

BTW, just in case it's not obvious, you need to use a different IP network from the primary router. IOW, if the primary is 192.168.1.x, perhaps try 192.168.2.x. And I recommend always starting w/ a factory reset whenever changing operating modes.