What's new

Some questions for configuring RT-N66U

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

amita

Occasional Visitor
Hi,
Just bought the Asus RT-N66U and very happy from it so far.
I use Merlin build version Firmware:3.0.0.4.374.32.

My questions:
1. I would like to control the bandwidth of specific stations according to their IP or MAC address.
1.1 Specifically, I would like to set that some clients will have lower priority or access bandwidth allocation, while some other specific clients will be superior then the rest of the network, that in general will have the normal priority bandwidth.
1.2 In addition if there is a way to set lower priority to file sharing then other applications I would be happy to learn how to do that.
Any guidance or reference to a good guide will be a help.

2. Is it possible to define that some clients (according to their IP) will not have access to the LAN but will only have access to the internet? these clients are connected via the LAN (and not connected directly using the AP's wireless)?
the behavior of guest network is the desired - I want to isolate them so that if they have any malicious software - they will not be able to affect/infect any other computer that is connected to the same LAN.
I think that the LAN->route page is relevant but nit sure if it is and not sure how to configure it in order to achieve this behavior.

Thanks !

Amit.
 
Found the answer to some of my questions

In the video in the following link, I saw how to define the QOS per client (questions in section marked 1, 1.1, 1.2).
http://www.youtube.com/embed/t2rsUDIsx_w?rel=0&wmode=transparent
I defined it and will check with the time if it works OK or not.
Hope that it will help someone in the future.


The answers to questions in section 2 that I asked are still not clear to me, and just to emphasize, guest network without access to the intranet would be a good solution but it applies for wireless clients and I am looking for this solution for clients that are connected to the wired LAN ports, by their IP or MAC address.


Thanks.
 
What kind of context is this setup and why the desire to have specific IPs not access the Internet? Just trying to put the pieces together in my head and align your desires with the most practical way to accomplish them.

Off the top of my head I can't answer re the Merlin firmware but that sounds like a pretty complex function to totally block WAN access but allow LAN for particular MACs, I'd have to play around more but I doubt it.

Have you looked into local user profiles on the o/s to assign some rights on a per user basis on using Internet browsers, etc?
 
Hi,
Just bought the Asus RT-N66U and very happy from it so far.
I use Merlin build version Firmware:3.0.0.4.374.32.

My questions:
1. I would like to control the bandwidth of specific stations according to their IP or MAC address.
1.1 Specifically, I would like to set that some clients will have lower priority or access bandwidth allocation, while some other specific clients will be superior then the rest of the network, that in general will have the normal priority bandwidth.
1.2 In addition if there is a way to set lower priority to file sharing then other applications I would be happy to learn how to do that.
Any guidance or reference to a good guide will be a help.

2. Is it possible to define that some clients (according to their IP) will not have access to the LAN but will only have access to the internet? these clients are connected via the LAN (and not connected directly using the AP's wireless)?
the behavior of guest network is the desired - I want to isolate them so that if they have any malicious software - they will not be able to affect/infect any other computer that is connected to the same LAN.
I think that the LAN->route page is relevant but nit sure if it is and not sure how to configure it in order to achieve this behavior.

Thanks !

Amit.

I use the default Qos settings. It works great. I don't know about using it for specific clients. I don't use it for that.

For LAN isolation, use guest network.

They do a pretty good job of explaining things on the GUI pages.
 
Clarifications to my question

What kind of context is this setup and why the desire to have specific IPs not access the Internet? Just trying to put the pieces together in my head and align your desires with the most practical way to accomplish them.

Off the top of my head I can't answer re the Merlin firmware but that sounds like a pretty complex function to totally block WAN access but allow LAN for particular MACs, I'd have to play around more but I doubt it.

Have you looked into local user profiles on the o/s to assign some rights on a per user basis on using Internet browsers, etc?

Hi,

I think that you got me wrong.
I want all clients to get internet access, but want some to be isolated from the intranet (LAN).

The problem in more details is as follows:
I connected to the LAN port of the Asus another LAN port of another wireless router that acts as a wireless switch and range extender. the remote wireless switch does not have DHCP enabled so the Asus, which is the main router that connects all clients to the internet, is also responsible to the bandwidth allocation per client and for the IPs allocation (DHCP).

Some of the clients that connect to the remote wireless switch are of some guests, that I want to allow them (lower priority) internet access, and I do not want them to get access to the local LAN. I want to be safe in case that they may have some viruses or malicious software - I want them to be isolated from my LAN.

A guest network would be ideal solution, but as these clients are located geographically far from the Asus AP, and the guest network only works on wireless clients that directly connect to the Asus, this solution cant work for this case.

These clients, even though they are connected wirelessly tot he remote wireless switch, appear in the Asus as LAN clients (as they are connected to the WLAN of the remote wireless switch, then from that switch connected to the Asus's LAN port).


If I could give them internet access and still prevent them to get to the local LAN (using their IP or MAC address - I know their MAC addresses and I reserve them specific IPs) it would be great.

To summary: I need to apply guest feature on what the Assus sees as "LAN connected clients".


I am not sure, but I think that maybe the management page of the ASUS:
LAN->route
can be configured to give me the behavior that I am looking for, but I am not sure if I correctly understand the meaning of this page and how to configure it.

-- Amit.
 
I use the default Qos settings. It works great. I don't know about using it for specific clients. I don't use it for that.

For LAN isolation, use guest network.

They do a pretty good job of explaining things on the GUI pages.

Hi,
Regarding your answer for priority configuration per client - I got the information and posted a link to a video that explains this.

regarding the guest network - it will not work as theses clients are connected to the Asus via LAN and not via WLAN. see my answer to PrivateJoker for more inputs.
 
You can't really isolate wired devices from the rest of the LAN, since the traffic is handled by the internal switch, not by the firmware itself. There is no routing done.

Wireless is a different case because it's on a separate wireless interface, handled by the wireless driver.
 
Oh, wired LAN isolation.......sorry.

All you have to do is cascade your old router LAN-to-WAN.
If your Asus router has an IP address of 192.168.1.1, then give the secondary router an IP address of something like 192.168.7.1

You can disable the wireless on the secondary router.

If you don't have an old router, you can usually find a refurb linksys E900 really cheap.
 
A cascaded router is a simple solution. Otherwise, you need either a managed switch, or to start playing with vlans. I don't support vlan configuration, tho an expert might be able to manually do it. Tomato might be a better solution for you if you are really interested in VLANs.
 
Now that I think of it, someone posted on this forum that you can get a refurb EA2700 for $29. That has Broadcom chipset and gigabit switch, so I'd probably grab that instead for secondary router for different LAN segment isolation.
 
I'm still kinda curious as to OP's network setting and what his goals are to do. And also have you explored user account control features in the OS in any way? They can do many of the things you mentioned.

These are definitely enterprise level expectations of consumer hardware you're throwing out there. Just wondering if the hardware and goals are suitable & appropriate for this particular context/setting.
 
LAN-Route page + connect secondary router to WAN instead of LAN port

You can't really isolate wired devices from the rest of the LAN, since the traffic is handled by the internal switch, not by the firmware itself. There is no routing done.

Wireless is a different case because it's on a separate wireless interface, handled by the wireless driver.


Hi Eric,

Regarding your suggestion to connect the other, secondary router, from its WAN port to the LAN of the Asus, instead of connection its LAN port to Asus LAN - I am aware of this option.
I will have to try doing that again withe the new Asus as my main router.
In the last time that I did that - I had problems with the clients behind that secondary wireless router.


Can you explain to me the usage of the page: LAN->route ?
if I select a specific IP and choose in the interface field the WAN, will it not isolate it form the LAN?
What exactly is this page used for and how?

Thanks,
-- Amit.
 
Can you explain to me the usage of the page: LAN->route ?
if I select a specific IP and choose in the interface field the WAN, will it not isolate it form the LAN?
What exactly is this page used for and how?

To be honest, I have no idea. That might be for scenarios where you have multiple routers on your network I suppose - not something really common in a home environment.
 
Thanks

To be honest, I have no idea. That might be for scenarios where you have multiple routers on your network I suppose - not something really common in a home environment.

Thanks, If I will get that info anywhere I will update here.
 
Amit, one scenario is where you elect to reuse say an old router rather than throw it away.

e.g. I have several video cameras (Foscam/Tenvis) and the older ones use MJPEG compression rather than the more efficient H.264 commpression, so a wired connection gives better performance for recording camera footage to a NAS.

So I reused an old RT-N56U as a router to create a separate 'Survelliance' network on 172.*.*.* to limit/isolate the bandwidth used by the MJPEG traffic.

Using the RT-N56U as a true router (rather than a switch) allows me to use all 4 LAN ports for the cameras and the RT-N56U WAN port as the uplink port back to the RT-N66U. (In 'switch' mode, I would lose one of the RT-N56U LAN ports).

So with this home network topology, any clients connected to my main RT-N66U network would be unable to see the surveillance camera 172.*.*.* network without an entry in the LAN-Route table.

Regards,
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top