ASUS router Disabling Router Configuration by http and telnet

This document describes how to bypass disable the router configuration by http and telnet on an ASUS router.

This is based on my experiences with an ASUS AAM6000EV router, firmware revision 71146a1, connecting to Eclipse Internet.

Why disable the router configuration by http and telnet?

Up till now, the usual answer to this dilemma was not to enable IP Filter, set the router configuration username and password to "secure" values, and hope that no-one cracked them, hacked into your router, and switched off your Internet connectivity.

However, there is another, more secure way - to disable the router configuration by http and telnet, so there is no router configuration to access - hence there is no need to use IP Filter to protect it.

How to disable the router configuration by http and telnet?

*** PLEASE READ BEFORE ATTEMPTING THIS PROCEDURE ***

  1. You MUST, I repeat MUST, have a working serial cable attached to your router, and be comfortable using the router's command line interface through the serial cable.
  2. If you attempt to perform this procedure without the above - e.g. you attempt to do it via telnet, without using the serial cable - then YOU ARE DOOMED! Remember that this procedure DISABLES http and telnet on the router, so if you don't have a serial cable then you will NOT be able configure your router any more.
  3. This is a hazardous procedure!
  4. You router might stop working! Mine crashed twice while I was configuring it this way.
  5. The settings that you modify when configuring the router in this way are NOT, I repeat NOT, restored if you do a "Reset to Factory Configuration" - you have to restore the settings manually!
  6. You might not get a sympathetic reception if you have to phone up anyone for support if your router breaks when attempting this procedure!
  7. Don't ask me how to fix your router if it breaks - I disclaim all responsibility! N.B. The very nice guy who told me about this didn't want anyone knowing his email address!
  8. If you don't understand this procedure then I doubt you should even THINK about performing it!

If you're still with me after reading through that lot, and you are either brave or foolish enough to want to go ahead, then here's how to do it:-

  1. Connect to the router using the serial cable and sign in.
  2. Press 9 to get the router's command line.
  3. Enter the command ip portname list, and you should see the standard list of ports:-
    l2tp 1701/UDP
    router 520/UDP
    snmp 161/UDP
    tftp 69/UDP
    http 80/TCP
    telnet 23/TCP
  4. The essence of this procedure is to remove http and telnet from the list of known port names on the router - this prevents it from starting the http and telnet services (i.e. router configuration) on the router. Unfortunately you can only clear all the services, then re-add the ones that you want to keep. So start by entering the command ip portname flush to clear the list.
  5. Then enter the command ip portname list again, to check the list is empty.
  6. Now re-add all the services that are not http and telnet by entering the commands:-
    ip portname add l2tp 1701/UDP
    ip portname add router 520/UDP
    ip portname add snmp 161/UDP
    ip portname add tftp 69/UDP
  7. Re-enter the command ip portname list and check that the port name list now shows:-
    l2tp 1701/UDP
    router 520/UDP
    snmp 161/UDP
    tftp 69/UDP
  8. Enter the command config save to save this as the default configuration for the router when it next restarts.
  9. Enter the command flashfs cat services to list the the default configuration for port names when the router restarts - it should show:-
    tftp 69/UDP
    snmp 161/UDP
    router 520/UDP
    l2tp 1701/UDP

    N.B. These settings are NOT restored by a "Reset to Factory Configuration".
  10. Now enter the command restart to restart the router.
  11. If the router stops working after doing this, then you may have to restart the router - by switching it off, and then on again - once or twice in order to get it working. I certainly did.
  12. If you want to re-enable http and telnet access to the router configuration then repeat the above procedure, adding the http and telnet services back into the port name list.

*** Good luck! (you might need it!) ***

Last modified 22/03/2002.