Wednesday, January 26, 2011

Disable Guest Network On Cisco E3000

So I've just bought a Cisco E3000 to replace my previous malfunctioning router.
Many E3000 owners find the Guest Network feature annoying, and insecure for these reasons:
* network is unencrypted, so the password can be sniffed from an authentic guest login
* the additional web interface serves as a possible mean of vulnerability attack
* God knows if Cisco has any hardcoded routine that can be exploited there?

The guest network can be disabled from Cisco Connect, at the beginning of router setup. Unfortunately, many people aren't aware of that until they've changed the web settings to the point that Cisco Connect can't connect anymore. If you call Cisco support (or chat through webex), they'd tell you that the operation is only possible through Cisco Connect, and you may have to reset to default and try again.

That works, except that you have to backup & restore the configuration. If you are in my scenario (upgraded the firmware to 1.0.04), Cisco Connect would fail to configure your router at the very last process - setup your AP with funny names, but you can't login to the web admin interface.

Ok, BS aside. Here is what you E3000 owners want to know - how to disable the guest network, without all these hurdles. Since I did that on Mac, I'd provide the procedure for Mac (sorry Windows users):
1. Plug your computer to ethernet port 1 on the router
2. Login to the web interface, change the admin password to blank, and save
3. Control-Click on Setup.app, select Show Package Contents
4. Select Contents -> MacOS
5. Run ConnectionCenter. Select Guest Network, and disable it. There you go.

What's More
Up to this point, I am dissatisfied with Cisco's decision of not putting Guest Network configuration in web interface. I hope they listen and aware that how terrible the "feature" is.

1 comment:

EDmd26 said...

Where is the setup.app? I have Lion and cannot even run the cisco connect software.