Not allowed to management Deco M9 plus remotely
Not allowed to management Deco M9 plus remotely
I am using Deco M9 plus currently. Would like to prohibit the internet connection to manage Deco devices thru APP.
Can you guide me how to configure to allow the internat connection to management Deco only? Thanks.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hello, thanks for your reply, while sorry to tell you that there is no option to disable remote management on the Deco; cause the TP-Link ID is necessary to configure the Deco mesh network, inevitably, we can use it to manage it both locally and remotely.
While please be assured of it, first, we’ve banned SSH login on Decos, and blocked the function of tying in command line, so there is no security problem; second, SSH function on Deco can only server for Deco, and does not support SSH clients to login.
Besides, TP-Link ID is needed to manage the device remotely; others without permission( do not know that) won't be able to login to the Deco app to manage your network.
Best regards.
- Copy Link
- Report Inappropriate Content
Once you setup Deco mesh system well, you can use the Deco app to manage it with your TP-Link ID, both locally and remotely.
Good day.
- Copy Link
- Report Inappropriate Content
Dear sir, Thanks for your message. But, I want to disable the “remote” control capability. Would you please tell me how to configure it. Thanks.
- Copy Link
- Report Inappropriate Content
Hello, thanks for your reply, while sorry to tell you that there is no option to disable remote management on the Deco; cause the TP-Link ID is necessary to configure the Deco mesh network, inevitably, we can use it to manage it both locally and remotely.
While please be assured of it, first, we’ve banned SSH login on Decos, and blocked the function of tying in command line, so there is no security problem; second, SSH function on Deco can only server for Deco, and does not support SSH clients to login.
Besides, TP-Link ID is needed to manage the device remotely; others without permission( do not know that) won't be able to login to the Deco app to manage your network.
Best regards.
- Copy Link
- Report Inappropriate Content
Dear sir, Thanks for your reply.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Kevin_Z Sorry, I'm not happy with your answer.
Such forced access means that I have to fully trust TP-link, while I had to accept all kinds of conditions I did not have time to read (and else I would not be able to use the device).
Stating there is no security issue because "SSH is blocked for clients" is misleading. You obfuscated SSH-commands (if I understand correctly), but it still runs an (altered) SSH-server which can have old security flaws.
- Copy Link
- Report Inappropriate Content
I also share the concerns about the cloud control. I'd prefer to have the full control to my routers, otherwise I cannot be sure that these routers don't send tracking metrics to tp-link even when it is configured in ap mode. I'm thinking about to return this router back to the shop.
Another annoying thing. If I reboot my dedicated router, tp-link in ap mode takes the DHCP role and routes the traffic through the primary deco. From my point of view this is inacceptable. In certain cases it also gives its own default ip subnet 192.168.68.0/24, when my local network doesn't use this.
- Copy Link
- Report Inappropriate Content
Yup, also going to send back the Deco and warn others for this stupid security design flaw.
Some links around security problems:
- Copy Link
- Report Inappropriate Content
I'm not at all happy with this crap "management in the cloud" bull... I have no control of what goes back and forth between my network and TP-Link. For goods sake, make it optional for those who for some reason has a need to remotely manage their Deco.
One of these days I might spend some time on checking on the traffic by running wireshark on it in order to see where it communicates to and with what protocols.
What I have done is that I'm running my Deco e4's in AP mode and simply denied internet access to the Decos by not giving them an gateway from the DHCP. They complain that there is no internet, but this is no issue as such. I can still "manage" them through the not so great Android app. It's also possible to log in to them through the http:// interface.
In case there is a firmware upgrade, then I can give the Decos a gateway IP and let them grab the firmware over the internet or just download it and do the upgrade over the web interface.
- Copy Link
- Report Inappropriate Content
The management didn't work correctly without "internet", the minimum requirement seem's to be that DNS servers are reachable, the e4's are now happy after I gave them access to the DNS servers.
Edit 1: This is my final setup for the Decos with blocked "cloud management".
- Running in AP mode.
- Access to any NTP server on the internet, as the Decos doesn't honor the NTP servers provided by DHCP.
- Access to my DNS servers.
- Blocked all other internet access. Most important is to block outboud traffic on tcp port 443.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 6768
Replies: 12
Voters 0
No one has voted for it yet.