386.14 Ai Mesh Time Scheduling

[ncplay91]

Hi guys,

I have a Mesh setup with RT-AC 88U (as the main router), RT-AC66U B1 (node) and RT-AC68U (2nd node) they are all running firmware version 386.13.
Seems like everyone can bypass time scheduling rules simply by connecting via nodes..

I see there's another thread discussing the same but it's from years ago... has anybody found a solution to this issue?

 

[ncplay91]

Anybody??

 

[DJones]

Anybody??

If your clients use Mac randomization on iPhones, android or pc they can bypass much of the scheduling because it relies on MAC addresses. Time Scheduling is an old tool trick that is fairly moot with modern privacy settings. Nothing you can really do unless you enforce MDM profiles that restrict functionality of these devices on say iOS or macOS or group policy’s on windows. But that’s asking a lot if they are guests or adult family members.

A script probably could be made to block ALL devices as a cron job at a certain time, but that would stop you as well as any device that needs internet acsess, and wouldn’t stop cellular access.

iOS does have a parental control called screentime which lets you restrict access or have them request access on parent iCloud accounts. I don’t know equivalence on other platforms.

Guest networks on Asus can disable internet access for the whole guest network after a certain time. That might be more what you want, but it’s a temporary thing as you’d have to set the guest network enabled after the time runs out; also as the guest network is shared to the nodes it should respect it. I believe it only shares on nodes for the first of 3 guest networks for say 2.4Ghz or 5Ghz.

You can also disable per radio on your main network time scheduling under wireless - professional but I’m guessing your nodes may not respect that. If you use wireless backhaul if you time schedule the radio on the main router to disconnect the radio that handles the wireless backhaul for your node it should disconnect your whole mesh node. That might not be advisable.

To reiterate their is 3 time scheduled mechanism that are different on router.

Parental Mac based schedule / block all no schedule.
Guest network schedule.
Wireless radio schedule.

 

[Dedel66]

I set up my old RT-AC86U as an access point and tested it. I found that it works as it should. Unfortunately, the MAC randomization bypasses the setting, as DJones already wrote above.

@DJones: you were much faster than my test.

 

[octopus]

Hi guys,

I have a Mesh setup with RT-AC 88U (as the main router), RT-AC66U B1 (node) and RT-AC68U (2nd node) they are all running firmware version 386.13.
Seems like everyone can bypass time scheduling rules simply by connecting via nodes..

I see there's another thread discussing the same but it's from years ago... has anybody found a solution to this issue?

Can you remove "relese prefix" on top as you dont release anything.

 

[ncplay91]

If your clients use Mac randomization on iPhones, android or pc they can bypass much of the scheduling because it relies on MAC addresses. Time Scheduling is an old tool trick that is fairly moot with modern privacy settings. Nothing you can really do unless you enforce MDM profiles that restrict functionality of these devices on say iOS or macOS or group policy’s on windows. But that’s asking a lot if they are guests or adult family members.

A script probably could be made to block ALL devices as a cron job at a certain time, but that would stop you as well as any device that needs internet acsess, and wouldn’t stop cellular access.

iOS does have a parental control called screentime which lets you restrict access or have them request access on parent iCloud accounts. I don’t know equivalence on other platforms.

Guest networks on Asus can disable internet access for the whole guest network at a certain time. That might be more what you want, as the guest network if shared to the nodes should respect it. I believe it only shares on nodes for the first of 3 guest networks for say 2.4Ghz or 5Ghz.

You can also disable per radio on your main network time scheduling under wireless - professional but I’m guessing your nodes may not respect that. If you use wireless backhaul if you time schedule the radio on the main router to disconnect the radio that handles the wireless backhaul for your node it should disconnect your whole mesh node. That might not be advisable.

To reiterate their is 3 time scheduled mechanism that are different on router.

Parental Mac based schedule / block all no schedule.
Guest network schedule.
Wireless radio schedule.

mmm can assigning IP address to specific device works..? I think you're right the MAC is randomized so they can bypass time scheduling.
actually I'm trying to implement this feature on my gardeners because they kept using the internet until very late in the morning and overslept so late very often.. They are all connected via guest network that I setup for them

 

[DJones]

mmm can assigning IP address to specific device works..? I think you're right the MAC is randomized so they can bypass time scheduling.
actually I'm trying to implement this feature on my gardeners because they kept using the internet until very late in the morning and overslept so late very often.. They are all connected via guest network that I setup for them

No it’s MAC address based not ip based.

 

[ncplay91]

Update: I tried disabling NAT acceleration.. and Time Scheduling seems to work BUT now my internet is half the max speed...
When I turn NAT acceleration back on, the max speed is back to normal but I bet Time Scheduling won't work..

 

[DJones]

Update: I tried disabling NAT acceleration.. and Time Scheduling seems to work BUT now my internet is half the max speed...
When I turn NAT acceleration back on, the max speed is back to normal but I bet Time Scheduling won't work..

Not sure how that relates to one another.

Disabling nat hardware acceleration manually or with QoS will cut your speeds in half if you have fast speeds say above 300Mbps. It’s going to work your cpu harder. QoS; bandwidth limiter, QoS Cake, FlexQoS all disable hardware acceleration. Adaptive QoS does not.

 

[ncplay91]

You are co

Not sure how that relates to one another.

Disabling nat hardware acceleration manually or with QoS will cut your speeds in half if you have fast speeds say above 300Mbps. It’s going to work your cpu harder. QoS; bandwidth limiter, QoS Cake, FlexQoS all disable hardware acceleration. Adaptive QoS does not.

You are correct. It is working my CPU harder.. but the reason why I disable NAT acceleration was because I saw a warning in the configuration that time scheduling and other things won't work with NAT acceleration, disabling it will make it work at the cost of higher CPU utilization. So I tested it out and found out that time scheduling works but my internet speed was halved.

Not sure how should I restrict usage time for some users on my network without having any drawbacks.. :c

 

[DJones]

You are co

You are correct. It is working my CPU harder.. but the reason why I disable NAT acceleration was because I saw a warning in the configuration that time scheduling and other things won't work with NAT acceleration, disabling it will make it work at the cost of higher CPU utilization. So I tested it out and found out that time scheduling works but my internet speed was halved.

Not sure how should I restrict usage time for some users on my network without having any drawbacks.. :c

Idk. Two routers, Two isolated networks?

Have one that’s yours and is private, and on the other router, it will have wan set to dhcp automatic, and make a script that kills the wan connection itself as a cron job, you’d probably need two scripts one to turn off wan and another to turn on wan. The second router would be double nat, but that shouldn’t matter unless they require incoming connections called from the internet and in that case just port forward on the first router to the ip of the second router then port forward on the second router to the client on the second router.

In that case I’d just lock box the router so they cannot switch the Ethernet cable from wan to a lan port otherwise it would bypass the isolation and ignore the cron job.

 

[ncplay91]

This time scheduling thingy is driving me nuts..
when enabled, people can still bypass by the time restriction by simply connecting to the nodes and having the feature enabled actually cuts my internet speed by half now..
even when NAT acceleration is set to ENABLED, it doesn't mitigate the speed reduction.
Tried upgrading to 386.14 and still doesn't work.

Is this an Asus Merlin's bug or is this how it's supposed to be?

 

[Tech9]

Is this an Asus Merlin's bug

Test with stock Asuswrt and find out. May be AiBug coming from upstream code.