[SOLVED] Asus AC2600 Wired Connection/Ethernet Settings

[nntn]

I am in the process of planning my wired network/Ethernet. I got the Asus AC2600 but don't plan on using the wireless connection. I am looking for detailed and specific settings for the wired connection. I am listing the following areas that I have questions, whether the settings would be required for the wired connection or not. I reviewed the user guide and picked those sections for now that I think may or may not affect the wired connection.

The guide for the AC2600 describes in details about establishing the physical wired connection but then describes about the wireless settings for the wireless connection for the rest of the guide. Each section, it doesn't say applicable or not applic


Configuring the General Settings
From the navigation panel on the left side of the Web GUI, right below where it says “General”, there is an option for the “Network Map” screen. From this option, to the far right there are 2 tabs to configure the following for the wireless dual bands:
-SSID,
-Security level
-Encryption settings

For wired connection, this is not required. Is this correct?

--------

For wired connection, does AiProtection apply?

When scanning for the Network Protection, will the Router Security Assessment display results for the wired connection?

From the “Router Security Assessment” page, will the “Secure Your Router” selection work with wired connection?

--------

From the navigation panel, right below where it says “AiProtection”, there is an option for the “Traffic Manager” settings. From this option, there is the “QoS” tab:
“Quality of Service” lets you set the bandwidth priority and manage network traffic.

Do the bandwidth priority settings apply to the wired connection? Are bandwidth settings only for dual bands and not wire connection/Ethernet?




Configuring the Advanced Settings
From the navigation panel, right below where it says “Advanced Settings”, there is an option for the “Wireless” settings. From this option, there are several tabs:
-General
-WPS
-WDS
-Wireless MAC Filter
-RADIUS Setting
-Professional

Which tab requires settings to be filled in to configure the wired connection?

-------------

Below the “Wireless” option, there is the “LAN” option. From this option, there are several tabs:
-LAN IP
-DHCP Server
-Route
-IPTV
-Switch Control

Which tab requires settings to be filled in to configure the wired connection?

-----------

Below the “LAN” option, there is the “WAN” option. From this option, there are several tabs:
-Internet Connection
-Port Trigger
-Virtual Server / Port Forwarding
-DDNS
-NAT Passthrough

Which tab requires settings to be filled in to configure the wired connection?

-----------

Below the “VPN” option, there is the “Firewall" option. From this option, there are several tabs:
-General
-URL Filter
-Keyword Filter
-Network Services Filter
-IPv6 Firewall

Which tab requires settings to be filled in to configure the wired connection?

 

[bill001g]

Not 100% sure which router you have but asus in general has the same configuration across all their routers. I generally load merlin on my asus routers so I forget what factory firmware options.

Pretty much you disable the wifi radios and you can ignore everything else.

If it is like most there should be a tab marked professional. There is a option to turn off the radio for each band. You may get nag indicators on the router for wifi not being setup buy you can ignore them

The aiprotection is bloatware to try to get you to subscribe to anti virus software you don't really need. Just ignore it.

You do not want to mess with the QoS/firewall/vpn unless you have a reason to. The defaults are this all does nothing. There is some basic firewall abilities in the router to prevent attacks against the router itself but you don't need much other than that. You internal machines are protected by the NAT function. Since the router does not know which machine to send attack traffic to it just discards it if any comes in.

Pretty much fancy wifi routers are a waste of money when you are going to run them as wired only. You are paying for the wifi radios in most cases. Even very inexpensive routers can pass 1gbit of traffic. Now if you actually use VPN/firewall/QoS etc then you need CPU capacity but you have to look that up a expensive router does not mean it has faster cpu.

In any case disable the wifi radios and leave everything else default.

 

[nntn]

I bought the Asus Blue Cave Wireless-AC2600 Dual Band Gigabit router. Did not cost that much; a little bit more than $100 compared to the others.

At first, I was going to setup the wireless but read articles and did some research about wired connection/Ethernet, and thought this would be much better.

I am picky about the network security and its protection. Wireless has the SSID, Security level, and Encryption settings. Is there any part of the wired connection that requires it to be protected in order to prevent hacking? It would be better to secure it than to leave everything default.

 

[bill001g]

Wired need very little security if we assume you physically have the device secured. Consumer routers pretty much have no features to protect you from a machine that has been illegally plugged into your router. All the stuff you see if related to wifi.

By default NAT is the same as a firewall rules that says traffic is only allowed to return to the a internal machine that requested it. No unrequested traffic is allowed to be sent to the end machine. You pretty much can't get it more secure than that.

You only really need things like firewall rules etc when you allow traffic via port forwarding or you want to restrict your internal machines from access certain sites on the internet.

Most modern hacking involves tricking the user. You need to be careful what you open and be sure the windows firewall is on. You can run malware scans from time to time to check for other stuff. It tends to be impossible for any router to provide good security because it can no longer see most traffic. Almost all traffic is now send encrypted via HTTPS so nobody in the path including your router can intercept it. This mean and content filtering etc must be done on the end machine before it is encrypted.

 

[nntn]

The malware and viruses are easily dealt with because of the anti-virus programs. My concern is someone taking over my PC and changing its configuration. My PC is being taking over and I can’t do anything without being tracked and followed every time I surf the internet or watch youtube. I am using wireless at this time and had changed the router settings to hide the SSID-no broadcasting, turn off remote access, firewall is enabled, use WPA, etc., but it is not working. There are some bad actors out there who just can’t mind their own business. My PC would stall and the sound would get distorted with loud noises for several minutes, and now I see my PC flashing several times. I suspect someone is so fixated and nosy about what I am doing on my PC and interpreting my every move to the point that they are taking things personal. Imagine if I had known whoever that was doing this and started yelling at them, I would get cursed at for just telling them to leave me alone. My PC is being attacked; oh boy it’s a scary world out there. Oops I shouldn’t get carried away with my paranoia.Frustrated and dumbfounded for not being able to resolve this problem, so now I would have to resort to using wired connection.

 

[bill001g]

You did lots of things on the wifi but did not disable the most important. WPS is enable on many routers by default because it is a feature designed for extremely lazy people who can't be bother to even key in their password 1 time. This was hacked years ago but router manufacture still want to expose everyone so the dummies of the world can still install a router.

Still this just lets someone into the network. You would have to have shared files that they could then update and put software on your machine. It is still highly unlikely because someone would have to be willing to park in front of your house to even attempt it. Setting the firewall to internet rather than private lan on your pc blocks pretty much any attack.

Still why bother with all the headaches of wifi if you can get wired. Wired connections just work and never give you headaches. I generally only turn on my wifi when I need to use my cell phone and am worried about how much data it will use. All my other stuff is wired.