Can I disable the LAN interface(s)?

Hi all,

I have a charging station with only WLAN I want to connect to my network. The WLAN inside my garage is a bit too weak to work reliably, so I configured a GL-inet AR-150 to act as as WLAN repeater. I followed the Wi-Fi extender / repeater / bridge configuration howto, with the only difference that I added a second wireless device to act as WLAN access point.

This works fine, but I have one question:

The current state is that when connecting to the router, it doesn't matter if the LAN port is used or the WLAN, the connecting device gets an IP address from my uplink router, which is of course also the desirable behavior for such a WLAN bridge/repeater setup.

But – theoretically – if I leave my garage open, somebody could simply plug in a LAN cable and get access to my network. The LAN port is never used in my case. So I wonder if it's possible to either disable the LAN port completely, or to only allow access to the (not used) network of the router, but not the network to which it bridges (so that one could reach the router's interface in case the WLAN connection doesn't work).

Is it possible to configure the router this way? Thanks for all help :slight_smile:

If your WiFi/physical LAN port are not bridged together, then you should be able to isolate them.

That's your biggest concern with someone trespassing on your property/in your garage? What kind of high-tech criminal area do you live in?

It's more a theoretical thing. If course this is very unlikely to happen. I'm just wondering if it's possible.

I tried to add the access point to the wwan interface of the client connection and to remove the lan bridge from the repeater_bridge interface (names according to the howto), but then, the DHCP assignment wouldn't work anymore.

How exactly would you isolate the LAN? Sorry, I'm not really used to configure OpenWRT in deep yet …

  1. You're being too paranoid
  2. Setup ssh keys for root and add a user with limited privledges
  3. It can be done with the correct firewall rules for src and dst networks/interfaces
  4. Don't lock yourself out.

My comment has the answer already, just take away the physical LAN interface from the default LAN bridge.

Okay, I'll try that. Thanks for the hint!