PLDT Home Fibr router superadmin and AP isolation UPDATED FEB 2020

Published 18 Feb 2020 in Hardware, Networking, Philippines, Servers by ZigPress

NOTE: THIS IS AN UPDATED VERSION OF OUR OLDER POST WITH NEW USERNAMES AND PASSWORDS UPDATED FOR FEBRUARY 2020.

We’ve written this in order to help out fellow users of PLDT Home Fibr internet connections here in the Philippines, following our own extremely frustrating experiences with this provider.

PLDT Router AP (Access Point) Isolation

The standard PLDT Home Fibr ONU (modem/router) – see image above – implements access point isolation, which means that while it has 4 LAN ports as well as both 2.4GHz and 5GHz wifi, any device connected via wifi cannot communicate with a device connected to a LAN port, and vice versa. Apparently this is done for “security reasons” (in other words, PLDT views its users as stupid and is looking for ways to minimise the time it spends on technical support).

What this means in practical terms is that if you have a home server (e.g. a Synology Diskstation or something like it that connects to the LAN via an ethernet cable), your wifi-connected devices cannot see it on the network, rendering it useless. Needless to say, PLDT do NOT warn you about this when you sign up for a two year contract, which in our view is negligent bordering on breach of contract, so we have no qualms offering this information online.

Potential Solutions

  1. Add a USB wifi adaptor to your server, if you can (only certain adaptors will work and it will also depend on your server operating system)
  2. Put your PLDT Home Fibr modem/router into bridge mode, so it just acts as a modem, and connect another wifi router to it via an ethernet cable – this involves getting the configuration of the second router just right in order for things to work, and makes it harder to access the admin screens of your PLDT box
  3. Find a way to turn off the access point isolation

We decided against solution 1, since getting the configuration right will still depend on having a second router set up in order to talk to the server while setting up the USB wifi adaptor, and tutorials showing exactly how to sort it out seem hard to find.

On researching solution 2 it seems that putting the PLDT modem/router into bridge mode can cripple the throughput speeds, so we’ve decided not to mess with that.

That leaves solution 3 – finding a way to turn off the AP isolation, and after several hours of googling various relevant-sounding phrases we found an article that linked to another article that linked to another article that linked to a Discord chat room where a search of the chats revealed a way to do it. Then we had to go to a different source, also challenging to find, in order to get the latest superadmin username and password. Phew.

The only trouble is, whenever you restart your router (or there is a power cut, which can be quite frequent here in the Philippines) you have to repeat the process of disabling the AP isolation. Still, it’s better than no solution at all, and it actually only takes a few seconds to do.

Disabling AP Isolation

Note: this works on our new firmware version (RP2646). We’re told it also works on RP2684. If you have RP2631 please see our older post.

You’ll need a Telnet client installed – here’s how to set one up on Mac or on Windows.

  1. First you have to enable the Telnet interface on your PLDT box.
    Go to http://192.168.1.1/fh (bookmark it) and log in with the following details:
    Username: [email protected]#r$a%d^m*i(n
    Password: s)f_U+h|g{[email protected]
    THIS WILL ONLY WORK IF YOU USE THE /FH URL
  2. Once logged in, select ‘Debug Switch’ on the sidebar menu
  3. Enable the Telnet switch and click Apply (if you also enable the web admin switch you’ll be able to log in with the adminpldt account – see below)
  4. Log out
  5. Open a terminal window or command prompt
  6. telnet 192.168.1.1 and use gepon as the login and as the password
  7. When it says ‘User’, type enable and press Enter, then enter gepon again as the password
  8. Type cd switch and press Enter
  9. Type control port_fw_eligiblity_switch disable and press Enter (no that’s not a typo in the word eligiblity!)
  10. Done. Close the command prompt window.

This worked a treat and we were instantly able to see and connect to our Synology Diskstation (hooked up to the PLDT box via LAN cable) from a Mac via wifi, without using an extra router.

We’ve heard that if you submit a support request to PLDT, explaining why you need AP isolation permanently turned off, they may do it for you (emphasis on may and you’ll probably have to escalate through several levels of staff). That would save having to follow this process after each power cut.

Alternatively you may decide (like us) that PLDT support is so clueless and inflexible that it’s not worth the hours you’ll lose off your life.

The adminpldt account

If you enable the web admin switch when logging in as superadmin, you will also be able to log in to your router using the adminpldt account, which means you can enable LAN ports 2 and 3, disable remote access (so PLDT can no longer push firmware updates to your router), etc etc. The new password for the adminpldt username is z6dUABtl270qRxt7a2uGTiw (if that doesn’t work try 1234567890 or pldt1234). Have fun and be careful!

25 Comments

  1. On 14 Mar 2020 at 05:04, christ orosco said:

    hi, superadmin access won’t work, still unable to enable lan ports… thanks!

  2. On 19 Mar 2020 at 17:43, Ano said:

    the adminpldt pw does not work, the option in telnet to show the web pw has been removed as well. Any other pw options?

  3. On 19 Mar 2020 at 18:06, ano said:

    What’s the pw for the new adminpldt?

  4. On 19 Mar 2020 at 22:42, johnson said:

    superadmin doesn’t work :(

  5. On 31 Mar 2020 at 21:50, ZigPress said:

    Sorry to previous commenters but we can only describe what we found that worked for us.

  6. On 12 Apr 2020 at 15:31, CM said:

    un/pwd: gepon telnet credentials didn’t work

  7. On 18 Apr 2020 at 17:43, jarvis said:

    Mine also updated from RP2631 to RP2646 just today, my Plex was not working again, I thought, my modem restarted. Damn they updated it. grrrrr. How can we prevent them from updating our modems? I have a synology ds218+ and I am stuck with this CGNAT issue as well. tsk..

  8. On 24 Apr 2020 at 02:08, jan said:

    telnet 192.168.1.1 doesn’t work in command prompt, help please!

  9. On 08 May 2020 at 16:28, Joseph Emmanuel B. Quijano said:

    After terminal, I pasted this
    telnet 192.168.1.1
    nothing happened. Need help

  10. On 24 May 2020 at 13:37, JB said:

    hi there. do you have any updates on pldtadmin access? the latest firmware doesn’t seem to allow the access to pldtadmin… but i can access the superadmin account.

  11. On 13 Jun 2020 at 19:16, kaye said:

    each time I log in to 192.168.1.1/fh
    the FH disappears. how to fix this?

  12. On 29 Jun 2020 at 12:35, mark said:

    Sir the credentials are working however pagdating don sa part na
    Type cd switch and press Enter
    Type control port_fw_eligiblity_switch disable and press Enter (no that’s not a typo in the word eligiblity!) ang lumalabs sakin unknown command

  13. On 04 Jul 2020 at 12:40, Kugi said:

    I was able to login using the old credentials (gpon) but it says “Inknonw command” when doing the command “control port_fw_eligiblity_switch disable”. Any other alternative?

  14. On 05 Jul 2020 at 09:31, John Les said:

    I’m bit confused. In Germany, where I’m from, the provider supplies the internet connection till a PLUG on a wall. Rest is up to us, which router we like to install or use. We can buy from the provider or e-bay or amazon.
    As I understood now, in Philippines we must buy the overpriced router from PLDT as ‘Add ons’ and can not use any other router we could buy in lazada or shopee?
    For answer we would be very thankful

  15. On 08 Jul 2020 at 15:03, Rock said:

    I can confirm that these credentials work. I just tested this today and was able to login without issues. My firmware version is RP2646.

    Note: I did a reset on my router (by poking the reset hole) before trying these.

    Note2: you will also have to re-enable web admin and/or telnet switch every time your router restarts for you to login with adminpldt acct.

    Note3: also, you will have to repeat the steps for disabling AP isolation after restarting your router as it will be re-enabled, (there was a script shared in a comment on github for this to be semi-permanent that worked for me in the past, I just don’t know if it still works)(Semi-permanent because it will be removed once your router is reset).

  16. On 11 Jul 2020 at 04:05, Bonbon said:

    i found the answer. and wish to help you guys out!!!

    all these steps are correct except for one last part the logging in as administrator part. here is the simple answer!

    do not use this http://192.168.1.1/fh when logging in as adminstrator but you can use this when you log in to debug option

    instead use this for admin log in https://192.168.1.1/fh

    please for the love of GOD! just add “S” to the ” https”
    then use the default log in
    adminpldt username
    z6dUABtl270qRxt7a2uGTiw password

    then you will be prompt with a new password change.

    have a good day everyone

  17. On 12 Jul 2020 at 18:34, Ann Tolentino said:

    Hi, this is very helpful, I’ve been lurking to the internet the whole day for this. The superadmin password doesn’t work me also, but after reading the article, I just followed the command prompt steps and finally I was able to log in using the superadmin password 1234567890. Many thanks again.

  18. On 24 Jul 2020 at 02:07, EDWARD WILSON said:

    eventually i manage to get in in debug selection.. then after that frustration in searching for password that will work.after a couple of hours trying those options i read and search and still i end up in admin as username and then password is 1234 yet option said need to be modifiy and still evertime a put a new password it said password is illegal

  19. On 06 Aug 2020 at 03:55, Hannah billones said:

    Is there a way to reset the superadmin password

  20. On 10 Aug 2020 at 08:08, john said:

    ONU Router
    F/W ver: RP2613

    i have enabled telnet and accessed adminpldt, enabled lan 2, 3 and 4
    and disabled RM and ACL.

    after doing all that LAN 2, 3 and 4 still doesnt work.

  21. On 15 Aug 2020 at 19:17, syot said:

    still works thankyou

  22. On 25 Aug 2020 at 16:25, Cris John Rey Tarpin said:

    Thank you! Worked like a charm! :)

  23. On 10 Sep 2020 at 17:35, Andy Gee said:

    There’s a fourth solution to the AP isolation and it also solves the maximum users policy of PLDT fiber.
    Plug in any standard router’s WAN port into port 1 of the PLDT box – this can be anything like a cheap TENDA N301 Router (₱500) with default configuration (3 LAN ports and non-isolated wifi). Then just connect everything to the Tenda box – it’s good for about 20 simultaneous WiFi clients.
    Once you’re connected I recommend disabling the PLDT wifi – click the “RADIO ON” button in the Network>Basic section of the PLDT box to turn off the WiFI

  24. On 15 Oct 2020 at 23:58, salman mosamma said:

    superadmin can’t work

  25. On 12 Nov 2020 at 09:49, Jung Hun Lee said:

    If you cannot login with adminpldt, just check #16.
    Finally it works.
    You’re genius dear Bonbon !!

Add a Comment

If you have used this form and would like a copy of the information held about you on this website, or would like the information deleted, please email [email protected].