Restricting Access to Second router

[thedeadghost]

Guys need advise and help to restrict access to second router connected to the primary adsl router.
I am connected to the LAN 2 port while the second router is on LAN 3. I can access the adsl router but not the second router.

 

[rock_ya_baby]

Guys need advise and help to restrict access to second router connected to the primary adsl router.
I am connected to the LAN 2 port while the second router is on LAN 3. I can access the adsl router but not the second router.

Not quite clear. Come again?
An ACL or MACL?

 

[thedeadghost]

Ok let me be more clear. Since this is a shared connection. We don't want to allow the second router to use the internet, but at the same time, there are other users connected to the second routers wifi who needs to be given full access to the internet.
How do i restrict access to block a particular phone or a pc connected to the second router. I only have access to the primary router.

 

[rock_ya_baby]

Depends on your hw/sw. You can make an ACL to deny IP addresses.
Eg

Deny 192.168.1.x
Deny 192.168.1.y
Allow any

Then apply it on LAN interface serving the second router.

This will work if both LANs are in different subnet. If your LAN1 and LAN2 are in same network (Layer 2) then some feature like mac-address ACL may work.

 

[Ranjith Sai]

I don't think lower consumer grade routers are built to handle such functions as they might not have option to set such rules. You would need a custom built router running something like pfsense (maybe a raspberry pi pfsense box might work good). Unless you have access to your router 2 your options are limited to none.

 

[thedeadghost]

The adsl router is provided by ISP itself. I don't think its any high end router. Is there a way I can find out by viewing the config of the primary router ?
i can login into admin mode using web login. I can see that there are two devices connect. I can see my laptop but unable to see the other device since its a router.

 

[Ranjith Sai]

You just can't configure your primary adsl router to direct the second router to allow only wifi internet access and stop internet services on ethernet ports.

Alternately you can with the permission of the owner of the second router, disable the DHCP on the second router. Once that is done your primary router acts as the DHCP server and you can have control over the devices and block their mac ids. Then again your primary router might not support blocking devices (at least my BSNL adsl router doesn't support it)

 

[thedeadghost]

There's got a be a way to connect to the second routers console page. I think it is on a different subnet. I tried to run angry ip scanner and i am able to ping the ip but i think it is not the console page. I am sure the second router is using the factory default user/password. Is there no way to get control of the console so that I can put some restrictions ?

 

[Ranjith Sai]

Get the brand of the second router, try using usual router ip's (192.168.1.1, 192.168.0.1 etc) and if you know the brand of the router you can easily get the login ip and credentials. Once you get it, you can easily control that particular router and block devices.

 

[rock_ya_baby]

If the other router is on different subnet, then, you need to add a static route on your box and a corresponding reverse route on the other box to be able to connect to it's admin page.
Else, try ping, check for arp etc from CLI of your router instead of your PC.

 

[Ranjith Sai]

Yes you would have to add a static route.. Just assumed that it already existed in ur setup as I had done that to isolate my sub network to host my nas.. Any attempt to connect to that routers IP will be sent to your wan port and would fail.

Again you wud need direct access to that router once.