Here's are a few tips to prevent unauthorized wi-fi clients from connecting to your AP or Wi-Fi router and keep your local network safe.
Enable Security and use WPA2Don't disable security for convenience. And it's better to use a password long enough. Meanwhile, WPA2 is the most secure protocol we offer at this time and is the security method we recommend.
Enable Hide SSID at Wireless LAN >> General Setup so that the router will not broadcast the existence of the wireless network. Also, we strongly suggest you should change the default SSID to make it more difficult to find.
Filtering the MAC AddressTo prevent unauthorized devices connecting to your AP, you can enable Access Control with White List policy. Add only the authorized devices into the MAC Address Filtering List and the other devices will be blocked. Or, to prevent a wireless repeater connecting to your AP, you can use the Access Control with Black List policy, do an AP Discovery scan, and add all the nearby AP's MAC Address into the blacklist.
Disable DHCP ServerTurn off the DHCP server on your network so that the client will need to configure a static IP address to access the network.
Make a Separate Network for GuestsIf you need to provide Wi-Fi access for your visitors and you want it to be easy to connect, create another VLAN on the router and make a second SSID for the visitors, but still keep the private network secure.
4
.
4
.
3
M
A
C
B
l
o
4
.
4
.
3
M
A
C
B
l
o
MAC Block allows you to set lots of proprietary MAC Address. Packets will be dropped if
the source or destination MAC Address of packets is matched with these assigned MAC
Addresses. The advantage of MAC Block is that it can filter some unnecessary packets or
attacking packets on LAN network.
Each item will be explained as follows:
Item
Add
Edit
Delete
Refresh
Rename
Profile
Enable
MAC Address
H
o
w
t
o
H
o
w
t
o
1.
Open Firewall>>MAC Block.
2.
Simply click the Add button.
Vigor2960 Series User's Guide
c
k
c
k
Description
Add a new profile.
Modify the selected profile.
To edit a profile, simply select the one you want to modify
and click the Edit button. The edit window will appear for
you to modify the corresponding settings for the selected
rule.
Remove the selected profile.
To delete a rule, simply select the one you want to delete and
click the Delete button.
Renew current web page.
Allow to modify the selected profile name.
Display the name of the profile.
Display the status of the profile. False means disabled; True
means enabled.
Display the MAC address for such profile.
c
r
e
a
t
e
a
n
e
w
M
A
c
r
e
a
t
e
a
n
e
w
M
A
C
B
l
o
c
k
p
r
o
f
i
l
e
C
B
l
o
c
k
p
r
o
f
i
l
e
163
I found this information over on the Draytek website here but i went a little further by creating a group of blocked users and also creating schedule to allow internet access between a certain time for one machine.
I started by creating a schedule original article here
I followed the first part of the article to setup the time and date and the actual schedule in the router by going to
- System Maintenance
- Time and Date
- and setting the router to use internet time and daylight savings
I then created the schedule by going to
- Applications
- Schedule
- Clicked on index 1
- I then set the start date the start time and the duration (note this is not the end time but the duration)
I then created the group of users i needed blocking unfortuatly for me they had random ip’s dotted around the range so i had to add them manually instead of selecting an range by going to
- Object Settings
- IP object
- Add the ip addresses i needed blocking
- Create a group called blocked users by clicking IP Group and then adding the addresses to that group
The next stage is to create the firewall rule to block internet access i did this by doing the following
- Go to Firewall
- Filter Setup
- Select No. 2 Default Data Filter
- Select No. 2
- Give the rule a name Blocked Users in my case
- Direction – LAN -> WAN
- Source IP – select you newly created Blocked Users group
- Further down under Filter i selected Block if No further Match
- Click OK
I then created the exception rule fir using the internet a dinner time
- Go to Firewall
- Filter Setup
- Select No.2 Default Data Filter
- Select no. 3
- Give the rule a name Allowed at dinner in my case
- Type 1 in the schedule index (we created this before)
- Direction – LAN -> WAN
- Source IP – I added the ip address of the machine than needed access
- Under filter select Pass if no further match
And that should be it this work for our particular scenario
Comments are closed.