PLDT Home Fibr router admin and access point (AP) isolation

PLDT Home Fibr router admin and access point (AP) isolation 1

This post is clearly not our normal fare – it’s not about WordPress or ClassicPress, or Mac computers. We’ve written this in order to help out fellow users of PLDT Home Fibr internet connections here in the Philippines, following our own extremely frustrating experiences with this provider.

PLDT Router AP (Access Point) Isolation

The standard PLDT Home Fibr ONU (modem/router) – see image above – implements access point isolation, which means that while it has 4 LAN ports as well as both 2.4GHz and 5GHz wifi, any device connected via wifi cannot communicate with a device connected to a LAN port, and vice versa. Apparently this is done for “security reasons” (in other words, PLDT views its users as stupid and is looking for ways to minimise the time it spends on technical support).

What this means in practical terms is that if you have a home server (e.g. a Synology Diskstation or something like it that connects to the LAN via an ethernet cable), your wifi-connected devices cannot see it on the network, rendering it useless.

Potential Solutions

  1. Add a USB wifi adaptor to your server, if you can (only certain adaptors will work and it will also depend on your server operating system)
  2. Put your PLDT Home Fibr modem/router into bridge mode, so it just acts as a modem, and connect another wifi router to it via an ethernet cable – this involves getting the configuration of the second router just right in order for things to work, and makes it harder to access the admin screens of your PLDT box
  3. Find a way to turn off the access point isolation

We decided against solution 1, since getting the configuration right will still depend on having a second router set up in order to talk to the server while setting up the USB wifi adaptor, and tutorials showing exactly how to sort it out seem hard to find.

On researching solution 2 it seems that putting the PLDT modem/router into bridge mode can cripple the throughput speeds, so we’ve decided not to mess with that.

That leaves solution 3 – finding a way to turn off the AP isolation, and after several hours of googling various relevant-sounding phrases we found an article that linked to another article that linked to another article that linked to a Discord chat room where a search of the chats revealed a way to do it. Then we had to go to a different source, also challenging to find, in order to get the latest superadmin username and password. Phew.

The only trouble is, whenever you restart your router (or there is a power cut, which can be quite frequent here in the Philippines) you have to repeat the process of disabling the AP isolation. Still, it’s better than no solution at all, and it actually only takes a minute to do.

Disabling AP Isolation

Note: this works on our particular firmware version (RP2631) – we have no idea which other versions it works on. Try it and see.

You’ll need a Telnet client installed – here’s how to set one up on Mac or on Windows.

  1. First you have to enable the Telnet interface on your PLDT box.
    Go to http://192.168.1.1/fh (bookmark it) and log in with the following details:
    Administrator: f~i!b@e#r$h%o^m*esuperadmin (make sure the screen prompt says ‘Administrator’ NOT ‘Username’)
    Password: s(f)u_h+g|u
    For older firmware versions, a different superadmin username and password may apply
  2. Once logged in, select ‘Debug Switch’ on the sidebar menu
  3. Enable the Telnet switch and click Apply
  4. Log out
  5. Open a terminal window or command prompt
  6. telnet 192.168.1.1 and use gpon as the login and as the password
  7. When it says ‘User’, type enable and press Enter, then enter gpon again as the password
  8. Type cd switch and press Enter
  9. Type control port_fw_eligiblity_switch disable and press Enter (no that’s not a typo in the word eligiblity!)
  10. Done. Close the command prompt window.

This worked a treat and we were instantly able to see and connect to our Synology Diskstation (hooked up to the PLDT box via LAN cable) from a Mac via wifi, without using an extra router.

Our intention now is to contact PLDT technical support and request that they permanently turn off AP isolation on our PLDT box, to save us having to follow the above procedure each time the PLDT box restarts following a power cut.

Please note that no systems were hacked or attacked in the making of this post – all we did was spend an afternoon fishing for information via Google and trying things out. All the information presented is already out there to be found with some effort.

IMPORTANT

All content on the ZigPress website is copyrighted. You may not republish or syndicate any article or other content without explicit permission.

4 Comments

  1. I had to make an account to thank you for this! One thing though, you need to enable the Telnet on Windows before you can enter the command line here. Thanks so much!

  2. Hi Andy, any update on permanent disable of AP Isolation?

  3. Thank you for this. I don’t understand how PLDT can just keep on changing our firmwares/admin access. I’ve had this configured nicely about 1 year ago, then they suddenly decide they want to “tinker” with my, and probably everyone else’s config.

  4. Mike, one option (if you still have admin access) might be to turn off remote access in the router settings, and only turn it on again if you need to call PLDT for support.

Add a Comment

If you have used this form and would like a copy of the information held about you on this website, or would like the information deleted, please email info@zigpress.com.