[support]

Give the device a name on the Status page. Then you can create a profile under Access Control and assign the device to the new profile. Select White List for URL filter mode but don’t add any domains to the white list box. Check “Enforce Access Control” for the profile.

You should be able to see all blocked requests coming from the device when you view logs from the Access Control page.

[support]

If your device is connected to a VLAN other than “LAN”, then you’ll be redirected to a 10.x page without the login form. That’s what I said before, only devices connected to “LAN” are able to log in the router.

1. You can’t disable WiFi on LAN. If you are not using WiFi on LAN, then just set a very complex password for the SSIDs and disable SSID broadcast.
2. If you want to restrict devices on a VLAN to Internet only with no internal network connectivity, then you should untick all boxes on that row. For example on your X1, you should untick all boxes with source X1, including to destination X1.
3. You can leave all boxes on the LAN row ticked, which means when you connect a device to LAN, it will be able to communicate with any device connected to other VLANs (including LAN itself). So your device connected to Port 3 will be able to view CCTV footage on X2. But that also means anyone plugging in a device to Port 3 will be able to see the CCTV footage if the CCTV feed isn’t password protected.

[support]

You may need to replace the router if the degradation is hardware related. I.e., if configuration tweaks cannot restore performance.

For WiFi, you may want to play with the channel and transmission power to see if you get better performance. Higher power usually yields better performance but that’s not always the case. Sometimes higher power brings more noise and degraded performance.

[support]

@bambina Additional info for Question 2. You can leave Port 3 on LAN. But you can restrict router access to selected devices or users (could be proxy or VPN users): check the “Restrict router access” box under the Administration section on the System Settings page, then add the devices and users that are allowed to manage the router. Don’t lock yourself out!

[support]

1. If you want all VLANs to be isolated from each other, then only the diagonal boxes should be checked (i.e., source LAN -> destination LAN, etc.). If you further want client isolation, i.e., no cross talk between devices on the same VLAN, then you should uncheck the diagonal box too.

2. It’s preconfigured such that devices on LAN can access devices on other VLANs, but you can untick the boxes from LAN to other destinations so that LAN cannot access other VLANs either. By default settings, only devices connected to LAN can manage the router. If you are concerned that someone can gain LAN privilege by connecting to Port 3, then you can assign Port 3 to Guest (for example).

[support]

Yes, WPA3 is now supported on the AX1800. You can choose your preferred WPA mode per SSID.

[support]

Site Closed happens when you add a Calendar to restrict access to a site. For example, if you add a Calendar to allow Tiktok between 5:00pm – 7:00pm, then when your kids try to access Tiktok outside the time window, they will get Site Closed. More info here: https://www.pcwrt.com/2015/12/how-to-set-internet-access-time-limits-in-pcwrt/

[support]

First of all, do not tag any ports unless you’re connecting another router (with a tagged port) to the ports you’re tagging.

There are 5 preconfigured VLANs on the router, they are named: “LAN”, “Guest”, “X1”, “X2”, and “X3”. By default, “LAN” has the highest privilege and it can initiate communication to any other VLAN (thus all boxes with source “LAN” are ticked). And, only devices connected to “LAN” can log in the router management console.

In your case, assign Port 1 to X1, assign Port 2 to X2, leave Port 3 on LAN. Only computer connected to Port 3 can log in the router. No tagging!

Create SSIDs for Guest, X1, X2, X3 as you need, but you have to keep the SSIDs for LAN as they cannot be deleted. You can have up to 4 SSIDs per band, so you can’t run all SSIDs on both bands.

[support]

@strima We just released a fix for AP mode upgrade (v2.8.1). Follow the steps below:

1. Put the AP router back to Router mode
2. Change the LAN IP address of the router to be different from the main router (e.g., 192.168.11.1 if the main router has 192.168.10.1).
3. Connect the WAN port of this router to a LAN port on the main router
4. Click the “Check for updates” button on the System Settings page to upgrade
5. After upgrading, change the operating mode back to Access Point

You should be able to directly upgrade in AP mode after upgrading.

[support]

@strima Upgrade in AP mode is broken. We’ll fix this in the next release, coming in the next few days.

[support]

You can restore full backup files across hardware models since v2.6.2. VPN passwords, Cloud management key and DDNS password will be scrambled and you need to manually fix them. You may also want to inspect Network and Wireless settings to make sure they are OK.

[support]

The max speed with WireGuard for the AX1800 is 500Mbps. You should be able to get that if the VPN server is fast enough.

[support]

The certificate for the local website is self-signed. Browsers will complain that it’s not signed by a trusted certificate store. You can choose to proceed regardless of the warning since you know it’s your local router site.

[support]

What is your measured speed?

[support]

@strima Thanks for the additional info. We’re still looking into this.

[Author]

Posts