# Limiting wired connection to a router



## sam1441 (Sep 12, 2007)

Hello

I live here in house of about 10 residents (students) and i brought with me a router that is connected to the DSL modem in the public living room (saloon).

MY Q is: I have WEP 128 BIT security code for the wireless, but some are just connecting a lan cable directly from there laptop to the router. Can that also be blocked with a some code?

Thanks much!

Jack.


----------



## johnwill (Sep 26, 2002)

How do you get away with restricting everyone from the network access?


----------



## sam1441 (Sep 12, 2007)

Not 'everyone', only does who don't pay...


----------



## johnwill (Sep 26, 2002)

You can configure the router with MAC address filtering for just the folks that have paid.


----------



## sam1441 (Sep 12, 2007)

But then they will have to insert a specific IP ADRESS, and i'll have to explain them how to do that, and how to cancel that and reenter the ip every time they use another wireless network....

Isn't there a simple solution like there is a code for a wireless? some software for routers?

TA.


----------



## johnwill (Sep 26, 2002)

Actually, if you have a D-Link router, you can reserve MAC address / IP address pairs and restrict any other access. I'm sure many other routers have similar capabilities. Some models of Linksys routers have 3rd party software that offers additional utility and security.


----------



## sam1441 (Sep 12, 2007)

johnwill,

If i go for the MAC solution there will still be a need for them to enter manually an ip address?

Thanks.

BTW, i have a more important question now... can u direct me to a groggy that can interact with my dlink 524 and automatically disconnecting for a second and then reconnecting? I'm looking for such a thing with candles...


----------



## johnwill (Sep 26, 2002)

Nope, when you use the MAC/IP reservation, the DHCP will always dish out that IP address for that MAC address.

For the second question, I have no idea what a *groggy *is, or what capability you're asking for.


----------



## sam1441 (Sep 12, 2007)

lol. I meant "proggy"

ok. so i need to check in every one's network card properties for there Physical Address and that will give me there mac and then i enter it 1 by 1 in my router under Static DHCP section? is this correct? ( at least a bit?


----------



## johnwill (Sep 26, 2002)

Yep, once you mate the MAC address with an IP address, whenever a DHCP request from a computer with that MAC address comes in, it gets the corresponding IP address.

Unless the person swaps out the NIC, that will lock an IP to the machine.


----------



## sam1441 (Sep 12, 2007)

THanks much and all the best!


----------



## sam1441 (Sep 12, 2007)

I still don't get it. :-(

I tried to disable the DHCP server, and then clon a certain laptop, but still every one was able to connect to the internet, not only this laptop.

I also tried to do the same with DHCP server enabled, it didn't help.

Here is a screen shot of my router.


----------



## johnwill (Sep 26, 2002)

You don't disable the DHCP server on the router! You use the MAC address reservation section under Static DHCP on the screen you posted to lock a MAC address to an IP address.

Obviously, if the person on the workstation in question bypasses DHCP and assigns their own IP, Default Gateway, and DNS addresses, this still won't work. It's assumed that these are limited accounts that don't have access to TCP/IP configuration.

If you want to restrict machines that have local administrative rights, you'll need to buy a better router/firewall appliance.


----------



## sam1441 (Sep 12, 2007)

Oh i see now. (if u can reccomend on a router model that does that, it will be great)


----------



## johnwill (Sep 26, 2002)

I'd look at the Cisco PIX line of router/gateway devices. You can talk to them and outline your specific requirements and make sure you get one that will address them.


----------



## Cellus (Aug 31, 2006)

Also note that with WEP, another resident or some other person can break through it and use the wireless in as little as a few minutes by finding and using tools readily available on the Internet. WEP will stop the casual, uninformed user from using it, however it will not stop a knowledgeable one who digs up the tools. In this case, you will want something that supports WPA, which at this time can not be broken using the sniffing/cracking tools used for breaking into WEP - all newer wireless routers should support this. You may have issues with legitimate users from using wireless if their wireless capabilities are too old and only support WEP, so keep this in mind if you choose to migrate to WPA.

You can be a judge as to the capabilities of the other residents. If you believe them to be intelligent enough, as well as unco-operative as to use the Internet access without permission, then do look into a better router or gateway. The brand and line which Johnwill suggests is very good, and I also recommend using it. This is also of course dependent on your budget and if you're willing to spend a particular amount of money to do so. It's up to you. In the meantime, fill out the Static DHCP fields for legitimate users. This at least gives you some added restrictions at no cost.


----------



## sam1441 (Sep 12, 2007)

Cellus

Thanks 
I will indeed use the mac solution for a while.

Also thanks for the wpa tip, i didn't have a clue about that. i looked around on this subgect and also found this aritcle.

Your Wi-Fi can tell people a lot about you


----------



## sam1441 (Sep 12, 2007)

Well, there is no WPA 2 in windows XP properties of the wireless card!


----------



## Cellus (Aug 31, 2006)

Doesn't have to necessarily be WPA2 to use WPA (in general). WPA-TKIP should be good enough with a strong passphrase for your needs. You do not necessarily need to go through the AES route, and while AES is recommended, regular old WPA w/ TKIP is good.


----------



## johnwill (Sep 26, 2002)

As mentioned, WPA with a strong key is, for all practical purposes, unbreakable. It'll work fine.


----------



## sam1441 (Sep 12, 2007)

Thanks!!


----------

