How to isolate ER605 VLANs?
I set up the VLANS on this router, but it looks like they can see each other by default.
I need to Isolate them, and isolate the VLANs from seeing the Admin GUI.
How can I do this? I don't want to use the Omada software, can I do this with the GUI??
I would think there should be a "Guest VLAN" option, but I don't see anything like that. This router has so many options, I'm surprised it doesn't have such a basic one.
Thanks
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I got it, had to add
Host 192.168.100.1
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms +ssh-rsa
to /.ssh/config file .
Definitely not something that should be considered is normal though.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
OK, I got in, but the directory you mentioned doesn't exist.
Did you have to do anything special to get it to show up?
I also noticed my firmware version is 13MB (Canada) and the US is 19MB. Maybe that would explain the missing files..
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
doesn't work. basically only LS works.. I am logged in as the user I created when I set up the router. The user is not root.. that's the only user I have though.
- Copy Link
- Report Inappropriate Content
I got password from this post https://community.tp-link.com/en/business/forum/topic/598192
Meybe we have diffrent software, in my ER8411 is OpenWrt CC
- Copy Link
- Report Inappropriate Content
this one doesn't seem like openwrt at all, and if it was I'd be upset, cause the reason I bought it is because my Openwrt router just got hacked.. or a device got hacked which then hacked the Openwrt,.. either case, I've been having big router/security issues.. so I don't really trust Openwrt much. DD-wrt was running fine for a while until it started having strange DHCP issues, and flashing to Openwrt led straight to a virus going into compter as soon as I flashed it and connected to it.. I didn't verify the Openwrt download unfortunately, so I don't know how it happened.
Either way, I figured out how to block the vlans beween each other using IP Groups.. It's very tedious..
It will need a lot of lines, vlan1 to 2,3,4 , vlan2 to 1,3,4 etc. but it works!
Then I have to do vlan1,2,3,4 to ME with http service, and add 443 as https, because http is only 80.
that should do it, but tplink should've made this easier
- Copy Link
- Report Inappropriate Content
I used a lot of devices with OpenWRT and i thing it is the good software. It is open source. Maybe your software not lived from official site or you not updated it when CVE is discovered.
If your solution will block vlan network to router ports please let me know.
- Copy Link
- Report Inappropriate Content
Yes, it blocks vlan to vlan and vlan to router using ME. I got it all done, and accidentally locked myself out of the GUI too. I think I have to do it all over again, withfactory reset. I wish SSH had a tool to remove entries from the firewall, but SSH is 100% useless from what I see..
Blocking ALL directions from VLAN3 to ME with service HTTP blocks all admin gui access.
I still added service type HTTPS with port 443 , and that closes the port too. But seelecting HTTP service actually does block all GUI Access on 80 and 443, although 443 is still open and doesn't respond. Pretty strange, because HTTP is just 80-80.
I had to block VLAN1 to 2 , VLAN1 to 3, VLAN1 to 4 , and do this for each one, to isolate them.
As long as an IP group is created for each VLAN, then it can be used in the firewall as the source/destination.
Lots of rules, but it works well.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3941
Replies: 24
Voters 0
No one has voted for it yet.