Hello,
Newbie here, I am trying to setup a basic home network separating IoT devices and my personal devices.
I have a Asus RT-AC68U in Router mode running Merlin firmware 386.10 sitting behind my ISP router as the WAN.
I want IoT devices(both wired and wireless) to be on a separate VLAN with no internet access but still be reachable by other(personal) devices on a separate VLAN to setup/maintain IoT devices.
To this end, I setup 2 Guest Networks on the router - 2GHz and 5GHz. This created two VLANs 501 and 502 for me, I added ethernet port 4 to these VLANs so I can use port 4 with a switch for all LAN IoT devices.
Here’s the services-start script for that,
Everything works fine, vlan setup is correct.
Now I setup the firewall to block all internet traffic going out of subnet 192.168.101.0/24 and 192.168.102.0/24 using firewall-start script,
Note 192.168.101.* and 192.168.102.* subnets are created by Asus for guest networks.
This works well, none of the wifi/lan devices on VLAN501/502 can access internet.
Now I need help in accessing these IoT devices from other devices on VLAN1, I am not able to ping them with their IPs.
Enabling allow intranet access on guest network through UI doesn’t work, it removes VLAN501/502 when enabled.
Can anyone please help me with this? Also I am new to networking so your feedback on my setup is welcome, note that I am trying to keep my setup as simple as I can.
Thanks.
Newbie here, I am trying to setup a basic home network separating IoT devices and my personal devices.
I have a Asus RT-AC68U in Router mode running Merlin firmware 386.10 sitting behind my ISP router as the WAN.
I want IoT devices(both wired and wireless) to be on a separate VLAN with no internet access but still be reachable by other(personal) devices on a separate VLAN to setup/maintain IoT devices.
To this end, I setup 2 Guest Networks on the router - 2GHz and 5GHz. This created two VLANs 501 and 502 for me, I added ethernet port 4 to these VLANs so I can use port 4 with a switch for all LAN IoT devices.
Here’s the services-start script for that,
Code:
#!/bin/sh
logger "!!!!!start services start script!!!!!!!!"
robocfg vlan 1 ports "1 2 3 5t"
robocfg vlan 501 ports "4 5t"
robocfg vlan 502 ports "4 5t"
logger "!!!!!done service start script!!!!!"
logger "$(robocfg show | grep -v Port| grep -v Switch)"
Everything works fine, vlan setup is correct.
Now I setup the firewall to block all internet traffic going out of subnet 192.168.101.0/24 and 192.168.102.0/24 using firewall-start script,
Note 192.168.101.* and 192.168.102.* subnets are created by Asus for guest networks.
Code:
#!/bin/sh
logger "!!!!!!start firewall-start script!!!!!!!"
iptables -I FORWARD -m iprange --src-range 192.168.101.0-192.168.101.255 -j REJECT
iptables -I FORWARD -m iprange --src-range 192.168.102.0-192.168.102.255 -j REJECT
logger "!!!!!!done firewall-start script!!!!!!!"
logger "$(iptables -L FORWARD)"
This works well, none of the wifi/lan devices on VLAN501/502 can access internet.
Now I need help in accessing these IoT devices from other devices on VLAN1, I am not able to ping them with their IPs.
Enabling allow intranet access on guest network through UI doesn’t work, it removes VLAN501/502 when enabled.
Can anyone please help me with this? Also I am new to networking so your feedback on my setup is welcome, note that I am trying to keep my setup as simple as I can.
Thanks.