× Introducing the Orbi 970 Series Mesh System with WiFi 7 technology. For more information visit the NETGEAR Press Room.
Orbi WiFi 7 RBE973
Reply

Re: Can't access the Router Login page

Digital999
Luminary

Can't access the Router Login page

 

Small LAN with many Netgear devices. 

The Network gateway is a Netgear WNR2000v2 -- works great and just chugs along.

 

Introduced a R6220 device and configured it with wireless setup.  The device is replaceing a different brand router and also has a dedicated static IP address.  DFevices connected to the 'new' router are able to get to the Internet.

 

I want to change the configuration a bit more and went to www.routerlogin.net and an authentication screen appears for the WNR2000v2.  How do I get to the authentication screen for the R6220?

Model: R6220|AC1200 Smart WiFi Router with External Antennas
Message 1 of 19

Accepted Solutions
Digital999
Luminary

Re: Can't access the Router Login page

When initially installed it was configured as a router with DHCP capability disabled and a fixed IP address.  It was connected to the network via Cat5 cable to the WAN (yellow) port on the rear of the device. 

In the same network is a Netgear WNR2000v2 Router used as a connection device to the Internet.  That device has wireless capability disabled. 

 

Access to the (new) R6220 device was supposedly via  www.routerlogin.net URL in a browser. 

 

What we found with experimentation was:

  • User needed to be connected via the wireless network to the R6220 signal to do configuration
  • After the R6220 router was configured and an IP address assigned a reboot occurs
  • The initial authentication login challenge came from the (old) Netgear WNR2000v2 not the newer device.
  • Configured as a router it would not respond to the assigned IP address.

The effect was that after configuration we were locked out of making more changes to the configuration since it was not accessible. 

 

By some experimentation we determined that if the Cat5 connection was to our LAN backbone switch and not the actual (old) Netgear WNR2000v2 then the www.routerlogin.net URL would respond with the newer R6220 device. 

 

By all standards this is a bug/flaw in the system design of Netgear router devices.  Two devices that want to respond to the same www.routerlogin.net URL and inability to select the desired device coupled with the inability of the R6220 to respond to the hard IP address is definitely an issue.

 

The solution was to …

  • Login to the desired device – wireless and making sure that the Cat5 cable was not connected directly to the old router itself but to a backbone switch.
  • Once logged in

Advanced tab on login page

            Expand Advanced Setup on left panel

                                                Wireless Access Point >> Configure as desired.

 

Once configured as an Access Point the device will respond to the internal static IP address

 

 

View solution in original post

Message 6 of 19

All Replies
TheEther
Guru

Re: Can't access the Router Login page

Log in via the static IP address that you assigned to the R6220.

Message 2 of 19
Digital999
Luminary

Re: Can't access the Router Login page

Well I have tried that and for some reason it does not respond.  It should work. 

 

192.168.0.152 and it times out.  The IP address assigned to the other router responds.

 

My sense is that ther is something hinky here in  the firmware for the new router.

Message 3 of 19
TheEther
Guru

Re: Can't access the Router Login page

Is AP Mode enabled on the R6220?

 

How is the R6220 connected to the network?  Via a LAN port or the WAN port?

Message 4 of 19
Digital999
Luminary

Re: Can't access the Router Login page

Thanks for taking the time to resppopnd.

 

As currently configured the router is connected to the internal network via Cat5 cable from the backbone (dumb) switches.

Connection is to the WAN port on the router.

 

AP mode is not enabled.

 

This device is intended to provide wireless access for Guests -- something its predessor could not do.

 

AP mode could be enabled.

 

Do you have an opinion?

 

Message 5 of 19
Digital999
Luminary

Re: Can't access the Router Login page

When initially installed it was configured as a router with DHCP capability disabled and a fixed IP address.  It was connected to the network via Cat5 cable to the WAN (yellow) port on the rear of the device. 

In the same network is a Netgear WNR2000v2 Router used as a connection device to the Internet.  That device has wireless capability disabled. 

 

Access to the (new) R6220 device was supposedly via  www.routerlogin.net URL in a browser. 

 

What we found with experimentation was:

  • User needed to be connected via the wireless network to the R6220 signal to do configuration
  • After the R6220 router was configured and an IP address assigned a reboot occurs
  • The initial authentication login challenge came from the (old) Netgear WNR2000v2 not the newer device.
  • Configured as a router it would not respond to the assigned IP address.

The effect was that after configuration we were locked out of making more changes to the configuration since it was not accessible. 

 

By some experimentation we determined that if the Cat5 connection was to our LAN backbone switch and not the actual (old) Netgear WNR2000v2 then the www.routerlogin.net URL would respond with the newer R6220 device. 

 

By all standards this is a bug/flaw in the system design of Netgear router devices.  Two devices that want to respond to the same www.routerlogin.net URL and inability to select the desired device coupled with the inability of the R6220 to respond to the hard IP address is definitely an issue.

 

The solution was to …

  • Login to the desired device – wireless and making sure that the Cat5 cable was not connected directly to the old router itself but to a backbone switch.
  • Once logged in

Advanced tab on login page

            Expand Advanced Setup on left panel

                                                Wireless Access Point >> Configure as desired.

 

Once configured as an Access Point the device will respond to the internal static IP address

 

 

Message 6 of 19
TheEther
Guru

Re: Can't access the Router Login page

It's important to understand how the www.routerlogin.com URL works.  Netgear routers intercept DNS queries for that URL and respond with their IP address.  This enables users to log into their own router without knowing its IP address.  

 

In order for this work, however, it is necessary to be connected to the router so that it is in a position to intercept the packets.  When there are two Netgear routers present, then there can be some ambiguity as to which router will intercept the packets.  

 

Things get trickier if you operate the R6220 in router mode.  In router mode, the firewall is active.  Therefore, login attempts coming into the WAN port will be rejected unless Remote Management is enabled.  Switching to AP Mode will disable the firewall.  Logging in by IP address should, then, work.  Logging in with www.routerlogin.com will still be subject to the previous statement: the R6220 must intercept a DNS query to www.routerlogin.com before it can respond with its own address.  So, I would not really call this a bug; it's a limitation of the technique.

 

Finally, one word about guest networks.  You might have discovered that the guest network is not available in AP Mode.  But there is another problem.  Since your R6220 is connected to the backbone of your network, guests have full access to the backbone.  The guest network is only isolated from the R6220's LAN.  But your backbone is on the WAN side of the R6220.  As far as the R6220 is concerned, the backbone is figuratively the "Internet".  

 

There are ways to isolate a guest network.  For example, if you had a managed switch, then you could set up a VLAN to isolate the R6220 from the rest of the network.  Unfortunately, you have dumb switches so you are outta luck.

Message 7 of 19
Digital999
Luminary

Re: Can't access the Router Login page

Thank you so much for taking the time to respond.

 

My complaint is that none of the documentation discusses this in any cogent way as you just did.  Armed with this knowledge apparently the only way to effectively manage this device is via wireless interaction since it does not respond to the static IP assigned.

 

The only reason I wanted to install the R6220 is to have an isolated Guest network.  I did not notice that in AP mode that capability was eliminated.  I have switched back to Router Mode to get the guest netowrk capability back and have isolation. 

 

I had turned off Remote Management previously.  Does it need to be turned on?

 

So back to my original question -- how can I select the R6220 for administrative functions when it is in router mode?  My quess is wireless but I would appreciate your notions.

 

Message 8 of 19
Digital999
Luminary

Re: Can't access the Router Login page

Using your excellent advice and description of the issues we enabled Remote Management, changed the port assigned and then limited it to to a select number of internal IP addresses. 

 

Login from a wireless device connected to the R6220 works as expected.

Logihn from the network with https protocols and the corrent port number works. 

 

Guest networks are now available and operational.

 

What Netgear should do is have some type of FAQ discussing this aspect of connection to networks with multiple Netgear routers. 

 

Thank you again for helping.

Message 9 of 19
TheEther
Guru

Re: Can't access the Router Login page

I'm glad you found my explanations helpful.  I still want to caution you that devices on your guest network have full access to your home network.  If you are ok with this, then great.  OTOH, if you don't want guests prying around, then you'll have to rethink your setup.

Message 10 of 19
Digital999
Luminary

Re: Can't access the Router Login page

I cannot say thank you often enough for your help.  TO the extent that I can I will pay it forward. 

 

OK, now you have me concerned.

 

Your explanation help immensely, but since I live in rural Arkansas and the availability of skilled folks is less than zero, I am left to cobble together my own solutions and I am not as technically astute/current as I was 10 years ago. 

 

The network is in a larger home in rural Arkansas.  The network has four NAS units and 5 workstations – what most people call a Family Office. 

 

What I want is the ability for true Guests to get access to WiFi for their personal needs – surfing, etc.  They will connect with a wireless setup which I have left open and unsecured.  Since it is a rural area I am not concerned about WiFi theft by neighbors or strangers. 

 

I also want an internal wireless network that is secure and protected via the appropriate WPA2-PSK passphrase.  This network contains our documents and other work products plus personal stuff.  Our security strategy articulates that there is trust between those on the internal network. 

 

And to complicate the equation, I need two devices to broadcast/receive wireless signals.  One is on the upper level and the other is on the lower level which has physical security associated with it.

 

I backed off my prior configuration of an Access Point.  The R6220 is now configured as a router and has Guest access provided.  Additionally, based on your great nudge, I have enabled Remote Management with a special port assignment and limited scope for devices that can connect – should be reasonably secure.

 

When the Guest Network was set up I did not “Allow guests to see each other and access my local network” – a checkbox setting in the router configuration.  I did some testing using the Guest Network and I am not able to get at any internal network devices or connections but Internet access does work. 

 

What concerns me is your statement that “your guest network have full access to your home network”.

 

If this is true what is the checkbox for and is Netgear that foolish?

Message 11 of 19
TheEther
Guru

Re: Can't access the Router Login page

Correct me if I'm not but I believe the following is your setup:

Internet---modem---WNR2000---Switch---Family Office devices
                                                          |
                                                  WAN|
                                                     R6620---Guest devices

If this is correct, then the guest devices should be able to access the Family Office devices.  Try a ping from a guest device to a NAS or workstation.

 

The "Allow guests to see each other and access my local network" setting controls whether guest devices can see each other as well as devices either connected to the R6220 LAN port or to the R6220 non-guest Wi-Fi network.  It does not affect the ability of guest devices to see devices reachable through the R6220's WAN port, such as Family Office devices.

Message 12 of 19
Digital999
Luminary

Re: Can't access the Router Login page

Your topography is essentially correct.  In place of one switch there are two switches, one being for PoE devices like cameras.  

 

The DHCP range is 192.168.0.101 to 192.168.0.133 -- used for workstations.

All devices like the NAS, routers and switches, and printers have fixed IP addresses in the 192.168.0.15x ++ range

 

Connected a workstation via wireless to the Guest network.

 

On a guest workstation a ping of the devices with the actual device name resulted in "...could not find host" messages

On a guest workstation a ping of devices with the internal IP address found the device with response times as would be expected. 

 

On the guest workstation a ipconfig /all command resulted with a workstation address of 192.168.1.1 -- note that the IP address is not in the same subnet as the real devices.

The ipconfig /all command yielded a DNS server address of 192.168.1.1 -- note that the IP address is not in the same subnet as real devices and clearly different than the real DNS resolver address. 

 

So it looked like the R6220 did some type of translation and obfuscation of the actual Family Office devices as well as the operational subnet. 

 

An opinion??

Message 13 of 19
TheEther
Guru

Re: Can't access the Router Login page


@Digital999 wrote:

Your topography is essentially correct.  In place of one switch there are two switches, one being for PoE devices like cameras.  

 

The DHCP range is 192.168.0.101 to 192.168.0.133 -- used for workstations.

All devices like the NAS, routers and switches, and printers have fixed IP addresses in the 192.168.0.15x ++ range

 

Connected a workstation via wireless to the Guest network.

 

On a guest workstation a ping of the devices with the actual device name resulted in "...could not find host" messages

 

This is expected.  DNS and NetBIOS name resolution would both fail.


On a guest workstation a ping of devices with the internal IP address found the device with response times as would be expected. 

Just to be clear, you pinged a 192.168.0.X address, like 192.168.0.101 from a guest workstation and there was a response?  If yes, this proves that the guest workstation can access the internal network.



 On the guest workstation a ipconfig /all command resulted with a workstation address of 192.168.1.1 -- note that the IP address is not in the same subnet as the real devices.

The ipconfig /all command yielded a DNS server address of 192.168.1.1 -- note that the IP address is not in the same subnet as real devices and clearly different than the real DNS resolver address. 

 

The workstation and DNS server address were both 192.168.1.1?  The workstation was pointing to itself as a DNS server?  That's uncommon.


So it looked like the R6220 did some type of translation and obfuscation of the actual Family Office devices as well as the operational subnet.  

 

As a router, the R6220 is still performing NAT, so guest devices will appear to the internal network as if they belong to the main subnet, 192.168.0.X.

Message 14 of 19
Digital999
Luminary

Re: Can't access the Router Login page

Thank you again for you interest.  Possibly we will learn something since we are getting to the good part -- is the network reasonably safe.

 

My assumption is that real guests are known to me and most likely trusted.  If I was concerned I would put a pass phrase on the Guest network but then it would confuse our parents and other seniors. 

 

My biggest security concern is that there is no way to disable the WPS button.  Physical access to the router or AP device means that anyone can gain access to the network.  All products are this way and I do not understand that.  That risk is a BFD in my opinion.  We do not rent our home out but there are multiple stories about Airbnb renters locating the router and gaining access to the internal network.  This concern extends to bad actors that gain entrance and use the WPS button to gain network access and then plant some type of Trojan or malware. 

 

I ran another test case to verify my initial answer regarding the ipconfig /all response from the Guest system…

The workstation was pointing to itself as a DNS server and to itself as DHCP server.  This must be some type of trickery that Netgear has devised for protection.  If so I am sure they view those methods as proprietary but it would be interesting to understand. 

 

Of interest is that an arp -a command from a valid workstation while the Guest system was connected did not yield any IP addresses that were unusual – only the R6220’s assigned IP address.

 

You are correct that a ping to an internal address does get a response and the pinger (sp) has access to our internal network once they are a Guest.  So the question is what can they do with this knowledge.  If they knew our topology they could then start an attack of some type to a well known port.  Take the R6220 – they would need to know the IP address and the port number.  Given that information they would then need the username and password.  Unfortunately, the Netgear product paradigm is to use ‘admin’ as the username for all products and only secure the device with a password.  Even our Lunix based camera’s do a better job than that. 

 

Access does not mean that they could do mischief but I may be incorrect.  If you have other concerns or knowledge, it certainly would be appreciated. 

 

Again thanks for you assistance.

Message 15 of 19
TheEther
Guru

Re: Can't access the Router Login page


@Digital999 wrote:

Thank you again for you interest.  Possibly we will learn something since we are getting to the good part -- is the network reasonably safe.

 

My assumption is that real guests are known to me and most likely trusted.  If I was concerned I would put a pass phrase on the Guest network but then it would confuse our parents and other seniors. 

 

Securing your guest network with a pass phrase and securing your internal network are two related but different security matters.  It's great that you trust your guests well enough and live far away from neighbors to not need a pass phrase on the guest network.  But because your internal network is not secured against access from the guest network, you are implicitly trusting them not to do anything nefarious.  Of course, your parents and your friends wouldn't deliberately hack your network, but don't forget that people can unknowingly bring in malware on their devices without knowing it.



My biggest security concern is that there is no way to disable the WPS button.  Physical access to the router or AP device means that anyone can gain access to the network.  All products are this way and I do not understand that.  That risk is a BFD in my opinion.  We do not rent our home out but there are multiple stories about Airbnb renters locating the router and gaining access to the internal network.  This concern extends to bad actors that gain entrance and use the WPS button to gain network access and then plant some type of Trojan or malware. 

While WPS is certainly a scourge and vendors should provide a way to disable it, there is a bigger security concern.  Anyone with physical access to the router can simply reset it to factory settings, reconfigure it and gain access.  This is worse because any restrictions put in place on the router can simply be removed.  Someone can also plug in their own router and bypass yours.  Or they can plug an Ethernet cable directly in your router or either one of your switches and gain full access.  The reality is that if you let someone into your house, physical security far outweighs any concerns about WPS.

I ran another test case to verify my initial answer regarding the ipconfig /all response from the Guest system…

The workstation was pointing to itself as a DNS server and to itself as DHCP server.  This must be some type of trickery that Netgear has devised for protection.  If so I am sure they view those methods as proprietary but it would be interesting to understand. 

 

I'm not aware of any such trickery devised by Netgear.  To what end would Netgear do such a thing?   DNS would not work on those devices and they would be unable to access the Internet.  

 

I have a feeling you misread the output of ipconfig.  You may have mistaken the default gateway as the guest system's own IP address.  It's common for Netgear routers to advertise themselves both as the default gateway and DNS server to DHCP clients.  Can you post the output of ipconfig from a guest device?  The IP addresses are private so there is no security concern.

Of interest is that an arp -a command from a valid workstation while the Guest system was connected did not yield any IP addresses that were unusual – only the R6220’s assigned IP address. 

 That's expected.  ARP's scope is confined to the local subnet.  The guest systems are on a different subnet.

You are correct that a ping to an internal address does get a response and the pinger (sp) has access to our internal network once they are a Guest.  So the question is what can they do with this knowledge.  If they knew our topology they could then start an attack of some type to a well known port. 

It's easy to map out the topology.   A ping sweep of all the possible IP addresses on the internal network (i.e. 192.168.0.1. through 192.168.0.254) will discover all devices.  Then each device can be port scanned for vulnerabilities.  There are free tools on the Internet that will do both (e.g. Nmap).  And this can all be done from your guest network.

 

Try this.  From a guest workstation running Windows open a File Explorer and enter \\192.168.0.101\ into the address bar (use the address of a real workstation on your internal network that is sharing a folder).  The File Explorer should be able to establish a connection.  This demonstrates that the guest network has access to the internal network.

Take the R6220 – they would need to know the IP address and the port number.  Given that information they would then need the username and password.  Unfortunately, the Netgear product paradigm is to use ‘admin’ as the username for all products and only secure the device with a password.  Even our Lunix based camera’s do a better job than that. 

 

This is strictly my opinion but the concern about 'admin' being unchangeable is a bit overblown.  Sure it would be good to have the ability to change the username but a strong password can easily compensate for that.  You can also mathematically prove that adding more characters to your password results in the same level of security.  In other words (admin, password12345) is just as strong as (jerry, password).  Just think of the username and password as a combined password.

Access does not mean that they could do mischief but I may be incorrect.  If you have other concerns or knowledge, it certainly would be appreciated. 


I hope I have convinced you that you are incorrect.  Your internal network is not secure.  It's totally your prerogative whether you want to do anything about it or to trust your guests and their devices.  I've done my job in pointing out the security hole.



Again thanks for you assistance.

You are most welcome!

 

 

Message 16 of 19
Digital999
Luminary

Re: Can't access the Router Login page

This exchange reminds me of my daughter when she was a petulant teenager.

Her response was “I don’t like what you say so I don’t want to hear it” or some such.

 

As you requested, I have pasted the results of the I ipconfig /all.  Looks to me like the router granted a lease to the workstation of 192.168.1.6.  The lease showed that the DHCP server, DNS Servers, and the Default Gateway were all 192.168.1.1.  Possibly I misread or do not understand. 

This is what I referred to as trickery. 

 

The next part scares the dickens out of me.

 

I used a browser at the Guest workstation and entered the address of one of our NAS devices that contains lots of critical info.  Up popped a logon prompt and I was able to access the NAS.

 

Not good. 

 

Guest passwords have been implemented.  Thank you again for showing me the error of my ways.

 

You are correct, physical access compromises everything – whether in the living area or on the lower level work area.  I am going to have to rethink my notions on this issue. 

 

It would be nice if these devices had some limit on the number of times a bad password could be entered before a 30 minute timeout or the equivalent.   

 

 

*********** ipconfig /all Below ************

:\Users\MS_Digital>ipgonfig /all

'ipgonfig' is not recognized as an internal or external command,

operable program or batch file.

 

C:\Users\MS_Digital>ipconfig /all

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : Bob-Surface

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

 

Wireless LAN adapter Local Area Connection* 3:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter

   Physical Address. . . . . . . . . : 52-1A-C5-E6-B3-8A

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Wi-Fi:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Marvell AVASTAR Wireless-AC Network Controller

   Physical Address. . . . . . . . . : 50-1A-C5-E6-B2-8B

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::4d06:cc54:5ef1:f763%14(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Thursday, November 3, 2016 6:49:31 AM

   Lease Expires . . . . . . . . . . : Friday, November 4, 2016 6:49:31 AM

   Default Gateway . . . . . . . . . : 192.168.1.1

   DHCP Server . . . . . . . . . . . : 192.168.1.1

   DHCPv6 IAID . . . . . . . . . . . : 173021893

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-79-04-28-50-1A-C5-E6-B2-8B

   DNS Servers . . . . . . . . . . . : 192.168.1.1

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Ethernet adapter Bluetooth Network Connection:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)

   Physical Address. . . . . . . . . : 50-1A-C5-E6-B2-8C

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter isatap.{A5DB5DE7-EC08-4163-A44D-1E0D281C0BEC}:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Local Area Connection* 5:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:188d:245d:3f57:fef9(Preferred)

   Link-local IPv6 Address . . . . . : fe80::188d:245d:3f57:fef9%15(Preferred)

   Default Gateway . . . . . . . . . : ::

   DHCPv6 IAID . . . . . . . . . . . : 251658240

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-79-04-28-50-1A-C5-E6-B2-8B

   NetBIOS over Tcpip. . . . . . . . : Disabled

 

C:\Users\MS_Digital>

 

 

Message 17 of 19
TheEther
Guru

Re: Can't access the Router Login page


@Digital999 wrote:

This exchange reminds me of my daughter when she was a petulant teenager.

Her response was “I don’t like what you say so I don’t want to hear it” or some such.

 

LOL.  Hopefully your daughter listened to you when it really mattered.  🙂



As you requested, I have pasted the results of the I ipconfig /all.  Looks to me like the router granted a lease to the workstation of 192.168.1.6.  The lease showed that the DHCP server, DNS Servers, and the Default Gateway were all 192.168.1.1.  Possibly I misread or do not understand. 

This is what I referred to as trickery. 

 

Yeah, you originally misread it, but you got it right this time.  The workstation address is 192.168.1.6.  Default gateway and DNS server are 192.168.1.1, which is the R6220.

The next part scares the dickens out of me.

 

I used a browser at the Guest workstation and entered the address of one of our NAS devices that contains lots of critical info.  Up popped a logon prompt and I was able to access the NAS.

 

Not good. 

 

Yup.


 

Guest passwords have been implemented.  Thank you again for showing me the error of my ways.

You're welcome.  I'm not sure if you put a password on the guest wifi network or on your NAS and other devices.  Putting a password on the guest wifi won't do anything about blocking access to the internal network. 


 

You are correct, physical access compromises everything – whether in the living area or on the lower level work area.  I am going to have to rethink my notions on this issue. 

If your main router (i.e. the one connected to the modem) has a guest network, then you can eliminate the current security issue by turning it on and turning off the guest network on the R6220.

 

It would be nice if these devices had some limit on the number of times a bad password could be entered before a 30 minute timeout or the equivalent.   

Agreed.

Message 18 of 19
Digital999
Luminary

Re: Can't access the Router Login page

I did not understand, nor does any of the marketing or tech specification literature explain, the importance of co-locating the modem and the initial (1st) router that accepts Guest traffic i.e. the Guest gateway.  It makes sense once you stuck my nose into the problem and implementation.

 

Unfortunately, because of physical location and construction there is no way for me to do that and have a wireless signal escape the concrete and steel network closet and server room. 

 

We have changed/tightened all passwords on devices to delay a potential breech. 

 

I am going to submit some suggestions for product changes to delay repetative logon attempts.  Possibly Neatgear will listen. 

 

Thanks again and have a great Thanksgiving.

Message 19 of 19
Discussion stats
  • 18 replies
  • 28604 views
  • 1 kudo
  • 2 in conversation
Announcements

Orbi WiFi 7