ER7206 : need to "disconnect" a WAN port at operator discretion.(security constraint).
Hello,
Due to severe security constraints, i need to be able to "disconnect" a WAN port and to reconnect it manually in a few seconds when desired without altering the router configuration. Exactly like the usual UNIX "ifconfig itf down/up" commands do. The hardware configuration is 1 LAN port, 3 WAN ports, other ports are "spares".
How do you do that with your own ER7206 configuration ?
I checked :
- port up / down GUI command : none.
- port output attached either to an "operational VLAN" or to a "parking VLAN" : not found. I was able to change VLAN on WAN on the "outside" of the port, but not the "inside" of the port. And when i do that external communication monitoring on the network attached to the WAN port detects it and "freeze" all communications due to misbehavior detection.
- ACL : add a WAN IN drop ALL rule with priority 1. It seems to be working. But it is not exactly what is required.
Any other idea, other that destroying WAN port configuration and recreating it ?
Regards,
Eric.
Note : plugging/unplugging the relevant cable is not a option. The ER7206 is subject to a no access security policy