Question

Short questions regarding guest network

May 26, 2018 4:12AM PDT

Hi. Happy

The past thread is too cluttered so I made a new one. I usually ask too many long questions, so let's keep this short. I ask a short question, and possibly get a precise answer I need.
I would like to vote this answered by the end of the day as I desperately need to.

Here goes it:

In order to ensure a safe wired connection and protect my PC itself from dangers of a compromised router and other devices using it via wireless, I need to:

1. Disable the router modem config page for no one to be able to make changes via wireless.
HOW? Where is it usually?

2. Enable wireless isolation to separate wired from wireless.
This works for guest network only and would separate my wired?
Can it work w/o having a guest network, separating wireless from wired, if I cant enable guest?

There is a picture below(second imgur link) where there is an option called ''enable SSID isolation''. This separates SSID2 which is probably the guest one from SSID 1 and my wired?

So I did this:
I enabled hide network on SSID 1(my future to be protected network, tho i am on wire now and will use wire) and enabled it's isolation. Should I have done that to SSID 1 or to SSID2? or both?
take a look at pic from router page:
https://imgur.com/a/r06K1HM

SSID 2 I enabled. Should I have enabled isolation for it too? Or just it and not SSID 1?
another pic from router page:

https://imgur.com/a/tycZPsK

3. are there ways to check if guest network is truly isolated from my wired? Apart from using another devices? If not, could I use an android to do it? If I factory reset the android then it should be clear of any malware?

I have a ZTE ZXHN H108n router modem adsl

Is this all I need to do to make sure wired and PC are safe from router and wireless?

This is all i can do now.. I can't attach an additonal router as it would be too complicated and too little time. Please, take a look at pics and give it your best. unfortunately, I have no manual for router modem.

Looking forward to your replies!

Discussion is locked

Follow
Reply to: Short questions regarding guest network
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Short questions regarding guest network
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Answer
1. Can't be done if....
May 26, 2018 6:09AM PDT

If I have physical access to the router I can reset the router and read the default login info off the label or search the web.

If you remove the label I can still reset the router then push the usual WPS button to get connected and use login information on the web.

PHYSICAL SECURITY IS KEY HERE.

And no router made seems to disable this feature so this is your question so this is why I must write no if the router can be accessed by others physically.

You wrote this post would be one question so I'm stopping here after the first question.

Also, with what you wrote in your other posts it appears that you should forget WiFi and only use a wired connection and never share your network. It is your network, you appear to feel under siege so time to get it locked down.

Secure your router, turn off WiFi and if they ask for access, say no.

- Collapse -
Answer
Item 2 was answered before.
May 26, 2018 6:11AM PDT

Since you are asking again it appears you don't believe the maker, the web or anyone what this does. I offered a simple test but here we are again. This is why I think for you the only answer is as above.

3. Already answered. Ping those other machines.

- Collapse -
I did not understand what you meant
May 26, 2018 7:04AM PDT

I'm sorry.
I just wrote a reply and managed to erase it..
I did not understand what you replied. I have concentration issues, so please be patient. I don't sink into what you write well enough.
If I could just shut it down and refuse to give wifi access, I would.. I cant risk enraging this person and I don't pay for the internet. The router is in my room so I will guard it as to the resetting.

You said:
So while the guest WiFi does do as you wish, a wired connection does not. And will not until you get into managed (Ethernet) port products.

Since this is how it is with the product you noted, all I can do is confirm.


OK. So you meant yes, wifi guest option is possible but will only protect other wireless networks and devices. So, to protect wired I need to go into port products. Is this the router page? What do I need to do?

Confirm what was not clear to me.

OK. So if I cant do it any other way, I can access guest network with android. Then see what other I can access on guest network. then try to access on other networks?
I d have to attach my pc to guest network and check to see if I can access android on guest?
then from android see if I can access pc that is wired.
is this possible to do from android. I don't have ath else.. how can I do this?

I will restore android to factory settings so if there is sth I assume it should be gone.

let's get this done, please, I need some peace. I'm really not trying to be a pain the neck, I honestly cant focus well.

- Collapse -
If you repeat questions.
May 26, 2018 7:18AM PDT

I take it you don't believe the maker, the way things work and of course me.

We've covered many items so from now on, I must write that if you don't believe all that is written about the guest network then there's no reason to continue here.

Maybe someone else can convince you but here I fear we are simply repeating.

Let's see what others tell you from now on.

I'm just a software author with work on router code long ago. So I can write about this stuff but when folk disbelieve, there's little you can do for them.

- Collapse -
I apologize
May 26, 2018 7:28AM PDT

I did not question you. How would I possibly when I have no knowledge and you are a moderator on CNET.

I believe you.. Guest cant cover wired. Can I access ports then to secure wired? That is what I understood. If I am wrong correct me. Not questioned, understood.

If you can answer the port thing and how to ping with android if possible, awesome.. If not, then I have nothing else to do here. I need the answer, I did not mean to seem like I did not believe you.

What did I do wrong now?
I asked for the ports and the android.

I apologize.

- Collapse -
A new question.
May 26, 2018 7:37AM PDT

But similar to the above. The Guest WiFi network should be isolated from all other devices. But plug into the Ethernet and your common network consumer gear does not offer (Ethernet) port isolation. That does not happen until the 1000 buck plus routers, switches or such,.

I find that most folk would buckle under the learning curve of such gear so for anyone that questioned more than twice what a WiFi Guest network isolates, then they would be blown away trying to setup managed gear by Cisco and almost all others. That is, you may get there but I know folk that spend years learning the Cisco gear and they still can get hung up and have to call Cisco support.

As to your Android question, that was answered before with the PING TEST. You can add more tests as you see fit.

- Collapse -
!
May 26, 2018 8:10AM PDT

I think the solution is simple then.
I cant allow anyone to access router via LAN. I was planning to guard it and negotiate till I got a USB wifi adapter.

I was worried that, if I did not let someone use LAN, but if they used wifi that it would still affect my LAN..

SSID is the wifi? And if someone uses it or a guest wifi(ssid2), but I don't let them touch LAN, my wire traffic and pc are safe?

- Collapse -
In the strictest sense.
May 26, 2018 8:22AM PDT

SSID is as defined on the web. It's how a Wireless Access Point identifies itself. How one uses, names their SSIDs is up to them.

This is why I have to write that SSID is not WiFi at all but some feature of WiFi. WiFi has many more terms we have to learn over time.

Many skill levels arrive here. So for the uninitiated, SSID could mean WiFi until they learn more.

- Collapse -
Yes!
May 26, 2018 8:34AM PDT

If I guard my LAN then my wired traffic and PC itself should be safe irrespective of other WiFi users.

You mentioned ports.. Can I enable/disable something to make devices wanting to use my LAN require a PW.
When I reset, it automatically connected via LAN to net. I assume the desktop would do the same.
Id rather have a PW just in case I cant guard.

Thank you so much!!!! I should have been clearer as to what I was asking. LAN only matters and physical access is what I need to be worried about.

- Collapse -
Can I enable/disable something to make devices wanting to us
May 26, 2018 8:57AM PDT

"Can I enable/disable something to make devices wanting to use my LAN require a PW."

On MANAGED GEAR like Cisco and others, sure. But I will not be getting into who has that gear since I just wrote who. It's also hard to configure as I see folk with years of training still calling support.

-> One of the first rules of security is PHYSICAL SECURITY. If you don't get that done, then all the other security can usually be bypassed.

Again, all skill levels arrive here. Many have never taken any course in the many topics about security. But be it personal or computer security you can't avoid the first layer of security which is the physical security aspect. Ignore that and all the work you put in can be overcome.

- Collapse -
We are getting somewhere and sorry for the confusion :)
May 26, 2018 9:33AM PDT

OK. I have to try my best to ensure physical security.

Does enabling a PPPoe passthru do anything?

Can I disable sth on desktop itself to prevent this?

- Collapse -
1. Does enabling a PPPoe passthru do anything?
May 26, 2018 10:10AM PDT

To me this is someone being desperate and not reading or understanding what things do. Since I can not hold one on one classes, I'm going to chunk this one down to no. It does something but likely breaks things and is not something I'd approach for security.


2. Can I disable sth on desktop itself to prevent this?

I can't guess what "sth" is so no answer.

- Collapse -
sth and ppp
May 26, 2018 11:18AM PDT

As far as I know, sth is an abbreviation for something.

And, yeah, I am desperate.
I thought it might have sth to do as routers require PPP credentials.

- Collapse -
While I did wrote router code long ago.
May 26, 2018 11:24AM PDT

I will forget things over time. sth didn't ring a bell. PPP is well documented, known and more but for this discussion I don't see how this would do anything but break your setup.

- Collapse -
Can;t edit posts.
May 26, 2018 12:21PM PDT

I should be done.

This is SSID1 the one that is for me. Looks good?

First check security
https://imgur.com/a/s0N54is
https://imgur.com/a/3GVuOOi

I isolated both SSIDs for all users to not be visible to each other within network or any other device or between networks.

https://imgur.com/a/dnzBz2m
https://imgur.com/a/rFodGHx

An important question is the priority..
https://imgur.com/a/j6xz8x3
https://imgur.com/a/z4GkaHd

For both SSID1 and 2 it says 1.
Will that be a problem? I will not use SSID1 as I use wire, and will give out PW to others for SSID2. Should I enable 1 for SSID2 and for SSID1 2? I don't want the others user's wifi to be slow. Don't need the drama Happy. Or, if I don't use 1 then ssid2 will be fast if both have 1 for priority?


And, finally, should I have isolation enabled on this page?
https://imgur.com/a/XRzSOa1

Someone mentioned disabling router page from wifi use or something about remote management.
I only know the PW for router page, so I assume even with access w/o PW cant do anything..


Thank you, Rob and James. You have really helped me out!

- Collapse -
SSID settings
May 26, 2018 6:38PM PDT

For both SSID1 and 2 it says 1.
Will that be a problem? I will not use SSID1 as I use wire, and will give out PW to others for SSID2. Should I enable 1 for SSID2 and for SSID1 2? I don't want the others user's wifi to be slow. Don't need the drama Happy. Or, if I don't use 1 then ssid2 will be fast if both have 1 for priority?


I'd give SSID2 a unique name like Guest-your-name

I'd set priority on SSID2 down to 2, so it doesn't overload your wired connection.

Sure you want 32 possible connections? If you have 12 MBps speed, if 32 make connection, everyone will have 1/30 possible speed. That's up to you.
- Collapse -
SSID2 fastest
May 27, 2018 12:05AM PDT

I want SSID2 to be fastest(the guest one) so I should set it to 2 and ssid1 to 1?

how many connections should I put then? Id have sssid2 guest used and ss1d1 not.

And the last link?

- Collapse -
Not sure
May 27, 2018 6:50AM PDT

don't have the manual. I was thinking the SSID priority setting was also in combination with controlling bandwidth access for both wired and wifi, but maybe the control on total access by the wifi is a different setting and the priority setting is between the SSID's only. On my home router I have single setting to throttle or limit speed on wireless only, and NOT doing it can allow wifi access to overpower my wired speed. I'd just try it with 2 on both first. If it allows you to set both on 2, then that would indicate it's also involving speed of wire access left over after wifi users.

- Collapse -
I will set SSID2 to 1
May 27, 2018 1:52PM PDT

A little slower net wont bother me via wired if it is indeed so. I can set both SSIDs to 2.

What you just said has nothing to do with someone being able to access my wired connection and PC?

I had to ask. Do not lynch me.
What I mean is, and to make sure since I'm bad with terminology. If my PC is connected by a cable to my router(inserted into the LAN jack) then no one can access the cable connection I have to my PC or my PC unless they insert a cable into one of the other LANs). Whatever someone does with wifi and whoever and whatever device uses wifi, and all the other settings we are talking about you just mentioned, do not affect my cable and PC?

A simple yes or no and I am voting the question answered. Grin

I send you my eternal gratitude. You shall feel it in the air Happy

Post was last edited on May 27, 2018 2:23 PM PDT

- Collapse -
PS. I wonder if this is what started you done this path.
May 26, 2018 8:53AM PDT
- Collapse -
check
May 26, 2018 12:14PM PDT

I should be done.

This is SSID1 the one that is for me. Looks good?

First check isolation and security
https://imgur.com/a/s0N54is
https://imgur.com/a/fZZQNk

I isolated both SSIDs for all users to not be visible to each other within network or any other device or between networks.

An important question is the priority..
https://imgur.com/a/j6xz8x3
https://imgur.com/a/z4GkaHd

For both SSID1 and 2 it says 1.
Will that be a problem? I will not use SSID1 as I use wire, and will give out PW to others for SSID2. Should I enable 1 for SSID2 and for SSID1 2? I don't want the others user's wifi to be slow. Don't need the drama Happy. Or, if I don't use 1 then ssid2 will be fast if both have 1 for priority?


And, finally, should I have isolation enabled on this page?
https://imgur.com/a/XRzSOa1

Someone mentioned disabling router page from wifi use or something about remote management.
I only know the PW for router page, so I assume even with access w/o PW cant do anything..


Thank you, Rob and James. You have really helped me out!

- Collapse -
Answer
concepts
May 26, 2018 6:52AM PDT

1) People wanted to connect to internet.
2) Most used modems with their phone line. Remember all the AOL CD's in mail and every where else?
3) phone speed was limited to 56K, so more speed was wanted.
4) cable TV started providing internet access on their wires
5) since then some have moved to optical cable for even greater speed.
6) all this allowed more than one computer on one phone line
7) still needed a modem, but routers were added for home use
Cool At first the routers had only RJ-45 plugs aka LAN ports provided to more than one computer.
9) Not everyone wanted to install CAT5 cable to connect to a router, so wireless was created on modems
10) Few had it at first, but as it grew others discovered they could connect to neighbor's systems
11) Something was needed to stop that, so usernames and passwords were used on routers
12)Increased signals also required some means to identify one router from another so SSID came along
13)Security in this crowded wifi environment was needed, so encryption was installed and used between a router's wifi and it's users.
14) Other forms of authorization like MAC address blocking, or positive allowing, and the various encryptions like WEP, WPA, WPA2, et al.
15)People started having guests who brought laptops, wifi phones and wanted to share internet service to them without compromising security of their own computerized gadgets, and to maintain some privacy thereto.
16) The first way was to simply isolate all wifi users from each other and from the wired users.
17) This presented a problem since some homes wanted to have family wifi users able to access the LAN instead of just the internet.
1Cool Along came routers with 2 separate sections called SSID1 and SSID2, which would allow all home users protected on the LAN (local area network) to see each other and use internet, but also allow guests to have internet access while blocking them from the home LAN.
19) This idea originated from those who already had been smart enough to use two routers hooked in tandem or daisy chained allowing the last router to be for family use and the front router to be for guest access by wifi.

That's the short history of it.

- Collapse -
so
May 26, 2018 7:36AM PDT
16) The first way was to simply isolate all wifi users from each other and from the wired users.
17) This presented a problem since some homes wanted to have family wifi users able to access the LAN instead of just the internet.
1Cool Along came routers with 2 separate sections called SSID1 and SSID2, which would allow all home users protected on the LAN (local area network) to see each other and use internet, but also allow guests to have internet access while blocking them from the home LAN.
19) This idea originated from those who already had been smart enough to use two routers hooked in tandem or daisy chained allowing the last router to be for family use and the front router to be for guest access by wifi.


So, you are saying, when I enable SSID2 and enable it's isolation that is the guest network and the user of it will only have access to it and can't have access to other SSIDs or my wired connection?
I need not enable anything else?

thank you Happy
- Collapse -
You have it,almost
May 26, 2018 8:27AM PDT

One SSID for guests, but still should be password protected so all your neighbors can not use it too. It should have all users isolated from each other.

The other SSID for family. Also password protected, but not "isolated" if you want family to be able to "share" folders with others in family.

Both should have an encryption method enabled. WEP is too easily hacked, so WPA, WPA2 should be used. There's an WPA with passkey protection method too, but I'd not use that on the guest SSID.

After that are other controls in the router, but you need to study up on them. Plenty of instructions on things common to all routers on the internet.

https://www.cnet.com/how-to/home-networking-explained-part-1-heres-the-url-for-you/

6 pages there to read.

Post was last edited on May 26, 2018 10:47 AM PDT

- Collapse -
:)
May 26, 2018 9:20AM PDT

Awesome!

thank you Grin

- Collapse -
I just realised
May 28, 2018 2:24AM PDT

If on same SSID they can have access to wired.

It's not strictly a wireless/wired separation.

I just really hope that this option I took the pictures of is a true separation of SSIDs.
I use SSID1 then and even tho I don't use wifi it is still my network and having wifi access to it means having access to wired too?

On your router and usual routers, what is needed to be changed to enable a true separation of SSIDs if that is what we need to do to ensure a safe separate (wired) network?

Does it look like what I sent you?(the pics)
I really need to make sure I did this right. I don't have long, tonight or tomorrow night.

I don't see other options on router page that would seem to help.

I worry because other routers have a guest network title where they make changes and stuff like client isolation or AP isolation.

Does it seem OK to you> I know you don't have a manual, but from what you can see.

If not, if I disconnect my PC from internet(take out cable) and not use internet for a couple of days till this person leaves then reset the router after they leave?
Or, would I have to reset router first to lose my info-wired connection traffic and access to pc, then not connect and reset again after they leave to ensure they have no access to my pc.

Also, can I access router config page from android?

Pleaseeee, answer this!!

Please Happy

- Collapse -
SSID
May 28, 2018 2:35AM PDT

If you have two then those are separate. If you want your wired separate from any SSID, then you need to turn on isolation for that SSID. As I recall you had it on for SSID2, but not for home use on SSID1. So isolate them both from the wired for now.

- Collapse -
.
May 28, 2018 3:09AM PDT

1. If I enable isolation for both SSIDs that means my wired connections is safe?
Is that for sure or do |I have to resort to the latter?

2. You mean if I don't use LAN(my cable)on my PC when someone is using my network, even if they have access to the wired connection, they cant get into PC as it is not online when they are?

Its more complicated then that.. I know..

- Collapse -
If they can plug by wire to your LAN
May 28, 2018 3:42AM PDT

Then they are where access is to your PC and can instead just go direct to it. If isolation is enabled, it should mean the user can ONLY connect to internet and see no other computer on the router.

- Collapse -
I understand, but
May 28, 2018 4:02AM PDT

if I don't plug my PC into LAN at all or anywhere else until they stop using internet and reset router after they leave, my PC is safe?

They cant access it is not plugged in anywhere? Or can they and Id need to reset router before they come, not use Pc, and reset after they've gone?

CNET Forums

Forum Info