DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

v2820Vn - block router access for specific vlan

  • mehuge
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
16 Oct 2010 13:43 #64268 by mehuge
Setting up an INTERNET only wireless connection, have SSID2 on VLAN1 with no other ports, so isolated from the rest of the network. However anyone connected to SSID2 can still http/telnet to the router.

Is there a way to prevent this?

Please Log in or Create an account to join the conversation.

More
23 Oct 2010 22:00 #64387 by bradley porter
Replied by bradley porter on topic v2820Vn - block router access for specific vlan
Hmmm - good question!

In System Maintenance >> Management is there not an Access list which means you only grant access to certain IP's. Would that not resolve the issue?

Kind regards,
Bradley Porter

Please Log in or Create an account to join the conversation.

  • mehuge
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
23 Oct 2010 23:22 #64397 by mehuge

Bradley Porter wrote: Hmmm - good question!

In System Maintenance >> Management is there not an Access list which means you only grant access to certain IP's. Would that not resolve the issue?



Yes it would, though it would require assigning a fixed IP to the administering host, and limiting administration to one of up to 4 hosts.

As most of my hosts that I tend to access the routers admin through are dhcp I was hoping for a better option. I suppose I could reserve IPs for those DHCP clients.

Also, the SSID2 clients can still attempt to access the router via telnet (does the IP restrictions apply to telnet connections also?) what about other stuff such as UPnP.

Its a pity SSID2 can't have its own DHCP range, could probably block that range using the firewall in that case.

Perhaps I could reserve IPs for all known devices in a known IP range and block any outside that range or in the rest of the DHCP range using the firewall.

If the firewall could have rules selected by VLAN perhaps the config could perhaps have been simpler.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami