Need help secure my home network in a custom manner

nRiTeCh

Oracle
I have Tata Fiber isp and using their stock Nokia router.
I have the strongest password set yet I somehow see unknown devices connected to my network and have to keep them blocking.

I have already assigned static IPs for all my home devices: bulbs, laptops, phones, tvs etc.

Things that I did right now:
  • Disabled SSID broadcast
  • Changed the password
  • Enabled guest mode

Looking to configure my router the following way without involving an additional router/setup:
  • I want to block IP assigning to any new devices connecting without approval or on similar lines.
  • Or reserve a particular IP range for devices connected on Guess network.
  • Set speed restrictions on Guest mode and time allocation like 2hrs 8 hrs etc.

The Nokia router, even I do a refresh doesn't show live devices while on Tata phone app it reflects all live connected devices.
 
Last edited:
Found my own way out..MAC filtering and disabling SSID is whats currently configured and working great!
The guest thing is something I would like to emphasize on if someone has a simple solution or an alternate way of doing.
 
Found my own way out..MAC filtering and disabling SSID is whats currently configured and working great!
The guest thing is something I would like to emphasize on if someone has a simple solution or an alternate way of doing.
With the Nokia router-> not too sure.
I have Asus routers in AP mode and they all have such features. Remember seeing something similar in TPLink too
 
Well I also have an Airtel provided Nokia router. It comes with a backdoor/admin panel direct access by Airtel.
They seems to reset my router every now and then even after I have changed admin password.
They can at any time change the WiFi network password.
Looking out for a separate router and move all of my devices out of it.
Currently exploring options for a more robust device.
 
@nRiTeCh check if your phone WiFi settings has a certain "privacy feature" where it randomizes it's MAC everytime it joins a network. Mine had it enabled out of the box, which freaked me out and thought I was under attack in spite of having a long random password + SSID broadcast disabled.

If you're really paranoid, you could disable DHCP altogether and change your network range from the common 192.168.x.x to something else. Downside of course is if any of your guests want to connect, you need to manually assign an IP.
 
Well I also have an Airtel provided Nokia router. It comes with a backdoor/admin panel direct access by Airtel.
They seems to reset my router every now and then even after I have changed admin password.
That is standard feature on all FTTH modems provided by ISPs. You can just ask your ISP to put modem in bridge mode & use your router to make the connection by entering your internet connection user id/password there.
 
Well I also have an Airtel provided Nokia router. It comes with a backdoor/admin panel direct access by Airtel.
They seems to reset my router every now and then even after I have changed admin password.
They can at any time change the WiFi network password.
Looking out for a separate router and move all of my devices out of it.
Currently exploring options for a more robust device.
Yes. That's what TR069 is for. They can access and change settings/upgrade firmware anytime.
Ask them to put it into bridge mode, buy your own router so their router just becomes a dumb media converter.
 
Yes. That's what TR069 is for. They can access and change settings/upgrade firmware anytime.
Ask them to put it into bridge mode, buy your own router so their router just becomes a dumb media converter.
Can't we turn isp routers in bridge mode all by ourselves without involving the isp backend if TR069 protocol is not in play/not configured?
 
Last edited:
That day Tata fiber technician visited my place and when I asked him how about firmware upgrade, he said we don't provide anything nor get auto updated. Only when your routers conk off, we issue the latest router.
 
Can't we turn isp routers in bridge mode all by ourselves without involving the isp backend if TR069 protocol is not in play/not configured?
All ISPs nowadays use MAC authentication at backend so you will have to first figure out which mac is that (sometimes you do need ISP help in that) & then use mac cloning feature of your router to emulate that mac address in your own router.

Most of customized ISP provided modem/Routers dont have a bridge mode in firmware
Which ISPs? The 3 major ones, airtel/bsnl/jio do have bridge mode in their FTTH modem.

That day Tata fiber technician visited my place and when I asked him how about firmware upgrade, he said we don't provide anything nor get auto updated. Only when your routers conk off, we issue the latest router.
Technicians don't always know everything regarding configuration. if there is TR069 protocol configured in your ISP provided modem then it has the capability to be upgraded remotely from ISP end.
 
All ISPs nowadays use MAC authentication at backend so you will have to first figure out which mac is that (sometimes you do need ISP help in that) & then use mac cloning feature of your router to emulate that mac address in your own router.


Which ISPs? The 3 major ones, airtel/bsnl/jio do have bridge mode in their FTTH modem.


Technicians don't always know everything regarding configuration. if there is TR069 protocol configured in your ISP provided modem then it has the capability to be upgraded remotely from ISP end.
not all isps use mac authentication, only those using EPON authentication use that.
mostly that is bsnl, excitel.

airtel and jio needs serial number to authenticate, they are GPON based.
Not for the latest Jio/Airtel routers no. At least the 3 I used, had the option greyed out, had to raise escalation and get it done.
Jio bridge mode is a little tricky but its doable now on their ont. Airtel one is the most easiest but they started to grey out that option, but if you contact their NOC team they happily do it.
 
Can you show which option exactly..might differ from isp to isp but can figure it out.
Connection mode:

Screenshot_2024-04-20-19-11-19-88_6012fa4d4ddec268fc5c7112cbb265e7.jpg