Posted: Tue Sep 05, 2017 17:13 Post subject: How to restrict IP for authorized devices on Ethernet LAN/
Hi Guys, I am a novice and new to DD WRT, so I will appreciate your kind advices.
I have configure my DD WRT, following most instructions on Youtube and here and there, so far it looks good.
What I am trying to achieve is to configure DD WRT not to assign IP to any devices that is trying to via ethernet jack in any room.
5 have five rooms, with enthernet jack for connecting SIP phone. When I 'm not at home my kids friends will removed the SIP Phone jack , then connect their laptop to connect to internet.
How could I prevent any foreign devices that are not setup in the static lease not obtain IP, let alone connect to my LAN/WAN network
MAC filtering will do what you want. You will just have to make it so your devices MAC addresses are authorized. I would even go a step further and assign ip's to those devices.
MAC filtering will do what you want. You will just have to make it so your devices MAC addresses are authorized. I would even go a step further and assign ip's to those devices.
Thanks,
How do I get into this section of MAC filtering, I can see the wireless option, which is not what I needed.
Secondly how many devices could added if you know.
Also, could I disable DHCP, and enable static mode since all my devices at set in static lease table, would that work?
Originally I also thought MAC Address filtering would work but it seems it only works for WIRELESS clients. Unless someone else knows a way to make MAC Address filtering work on the Ethernet Ports the OP would have to make all clients and devices connect wirelessly and unplug all the ethernet connections. Then MAC address filtering would work by adding the MAC addresses of only the devices he wanted to be able to connect. But I doubt he wants to give up ethernet for wireless (I wouldn't).
What Per Yngve Berg stated would only work if you had a Managed Switch and setup VLANs...
What you could do if the little buggers don't have access to any ethernet ports other than the one they remove the SIP adapter from is to disconnect that one ethernet port from the main router/switch which would kill the internet at that port for the SIP adapter. Then either configure the SIP adapter to use wireless and enable MAC address filtering and enter the MAC address for the SIP adapter in the MAC Address filter section of DD-WRT. Or if wired access is required for the SIP Adapter move the SIP adapter to another location where the ethernet port can be secured (Locked rooms). Not a perfect solution as it would require making all areas with ethernet ports needing to be locked except for the one ethernet port you disconnected which is currently in use for the SIP Adapter.
And there is one more low-tech way of dealing with this...You can Zip-Tie each end of the Ethernet cord. First Drill two small holes through the face plate of the ethernet port that has the SIP Adapter. Tightly wrap a zip-tie around the ethernet cord right by the RJ-45 connector and pass it through the holes you drilled in the face plate. Then pull the zip closed making sure there's no freefreeplay. Now the ethernet cord cannot be removed from the facplate. Reinstall the faceplate. Now you have to do the same thing on the SIP Adapter drilling two small holes in the platic case and wrapping the zip-tie around the ethernet cord on the end that plugs into the SIP Adapter...Then pass it through the two holes you drilled in the SIP adapter case (You'll need to remove the case to do this...Then pull everything tightly so the cord can't be removed from the SIP adapter. Then put the case on. This will stop them from being able to remove the cord from either the ethernet jack or the SIP adapter. Low-tech but it would work.
What Per Yngve Berg stated would only work if you had a Managed Switch and setup VLANs...
What you could do if the little buggers don't have access to any ethernet ports other than the one they remove the SIP adapter from is to disconnect that one ethernet port from the main router/switch which would kill the internet at that port for the SIP adapter. Then either configure the SIP adapter to use wireless and enable MAC address filtering and enter the MAC address for the SIP adapter in the MAC Address filter section of DD-WRT. Or if wired access is required for the SIP Adapter move the SIP adapter to another location where the ethernet port can be secured (Locked rooms). Not a perfect solution as it would require making all areas with ethernet ports needing to be locked except for the one ethernet port you disconnected which is currently in use for the SIP Adapter.
I do have a TP Link manage switch, but don't have a clue to be able to configure VLAN with DD WRT.
The second option will not work, coz those kinds have access to the server room and it not secure, it just sit some where in the basement.
I will appreciate going the rout of manage switch and vlan but I don't have the knowledge to configure.
I appreciate if someone could guide me if they have the time and know how.
And there is one more low-tech way of dealing with this...You can Zip-Tie each end of the Ethernet cord. First Drill two small holes through the face plate of the ethernet port that has the SIP Adapter. Tightly wrap a zip-tie around the ethernet cord right by the RJ-45 connector and pass it through the holes you drilled in the face plate. Then pull the zip closed making sure there's no freefreeplay. Now the ethernet cord cannot be removed from the facplate. Reinstall the faceplate. Now you have to do the same thing on the SIP Adapter drilling two small holes in the platic case and wrapping the zip-tie around the ethernet cord on the end that plugs into the SIP Adapter...Then pass it through the two holes you drilled in the SIP adapter case (You'll need to remove the case to do this...Then pull everything tightly so the cord can't be removed from the SIP adapter. Then put the case on. This will stop them from being able to remove the cord from either the ethernet jack or the SIP adapter. Low-tech but it would work.
If the router security method doesn't work and you don't want to drill into your equipment, there's another physical security method you could try. Go to Amazon and search for "RJ-45 cable locks". There are several devices that will lock your cable into the RJ-45 jack.