Menu
What's new
By:
Filters
Better Search

VLAN based on MAC-addresses instead of router ports...?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

Martin - SNBuser

Regular Contributor
Hi all,

I think some/many of you know this thread: http://www.snbforums.com/threads/fo...guest-network-for-asus-merlin-rt-ac68u.18969/ which is an EXCELLENT thread for vlan-noobs like me. I have an RT-AC87U and this code should work:
Code: 
#!/bin/sh
# force LAN port 3 to use the Guest Network for RT-AC87U
robocfg vlan 1 ports "2 5 7t"
robocfg vlan 10 ports "3 7t"
vconfig add eth0 10
ifconfig vlan10 up
brctl addif br0 vlan10
ebtables -t broute -I BROUTING -p IPv4 -i vlan10 --ip-dst 192.168.1.0/24 --ip-proto tcp -j DROP
ebtables -t filter -I FORWARD -i vlan10 -o ! eth0 -j DROP
ebtables -t filter -I FORWARD -i ! eth0 -o vlan10 -j DROP
But this creates VLANs based on the input port of the router... Instead, I wish to create:
  • A trusted "administration VLAN" based on MAC-addresses (because I want to make a trusted VLAN with access to the router administration and I already know those MAC-addresses)...
  • One/more restricted VLANs for guests and devices like TVs or other things that would like internet access but which I consider "unsecure" (this should be default for devices with unknown MAC-addresses)...

I consider it to be much more safe to make the adminitration VLAN based on MAC-addresses than on input ports, as everyone can connect their devices to my router ports... How should the script be changed?

If the ASUS-merlin-firmware do not allow VLANs to be created based on MAC-addresses, I think I have a managed switch that can make VLANs based on MAC-addresses, does that sound reasonable? I hope a few words can guide me in the right direction... Thanks.
 
You must log in or register to reply here.

Similar threads

PaulA
Port isolation on RT-AX88U-Pro (router) w/ Merlin w/ Tagged internet ISP
Replies
1
Views
438
PaulA
PaulA
jetonr
DSL-AC68U with 3 SSID and 3 VLAN as AP slow and unstable!
Replies
5
Views
1K
drinkingbird
drinkingbird
SeeJayEmm
AC68 intermittently VLAN tagging
Replies
8
Views
1K
drinkingbird
drinkingbird
S
VLAN Setup for IoT Devices
Replies
19
Views
3K
drinkingbird
drinkingbird
G
RT-AC86U VLAN-like modifications to guest network
Replies
19
Views
2K
pjd50
P
Similar threads
Thread starter Title Forum Replies Date
P Can I Use Both AiMesh (Wired) and VLAN? Asuswrt-Merlin 19
ptthstr AX88U Pro VLAN support: AP Mode? Asuswrt-Merlin 4
J VLAN support GT-AXE16000 Asuswrt-Merlin 5
ToasterPC OPNSense VLAN tagging with Merlin routers as AiMesh APs Asuswrt-Merlin 0
Diveblaster VLAN tab missing Asuswrt-Merlin 10
I Asus Merlin VLAN performance for TV Set-Top-Box Asuswrt-Merlin 0
T RT-AX88U Vlan bridge/port questions Asuswrt-Merlin 25
F Help with routing 2 VLAN's to the same Ethernet Port Asuswrt-Merlin 36
G RT-AC86U VLAN-like modifications to guest network Asuswrt-Merlin 19
B GT-AX 6000 - firmware 3004.388.4 -VLAN Asuswrt-Merlin 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 735 (members: 19, guests: 716)
Top