Martin - SNBuser
Regular Contributor
Hi all,
I think some/many of you know this thread: http://www.snbforums.com/threads/fo...guest-network-for-asus-merlin-rt-ac68u.18969/ which is an EXCELLENT thread for vlan-noobs like me. I have an RT-AC87U and this code should work:
But this creates VLANs based on the input port of the router... Instead, I wish to create:
I consider it to be much more safe to make the adminitration VLAN based on MAC-addresses than on input ports, as everyone can connect their devices to my router ports... How should the script be changed?
If the ASUS-merlin-firmware do not allow VLANs to be created based on MAC-addresses, I think I have a managed switch that can make VLANs based on MAC-addresses, does that sound reasonable? I hope a few words can guide me in the right direction... Thanks.
I think some/many of you know this thread: http://www.snbforums.com/threads/fo...guest-network-for-asus-merlin-rt-ac68u.18969/ which is an EXCELLENT thread for vlan-noobs like me. I have an RT-AC87U and this code should work:
Code:
#!/bin/sh
# force LAN port 3 to use the Guest Network for RT-AC87U
robocfg vlan 1 ports "2 5 7t"
robocfg vlan 10 ports "3 7t"
vconfig add eth0 10
ifconfig vlan10 up
brctl addif br0 vlan10
ebtables -t broute -I BROUTING -p IPv4 -i vlan10 --ip-dst 192.168.1.0/24 --ip-proto tcp -j DROP
ebtables -t filter -I FORWARD -i vlan10 -o ! eth0 -j DROP
ebtables -t filter -I FORWARD -i ! eth0 -o vlan10 -j DROP
- A trusted "administration VLAN" based on MAC-addresses (because I want to make a trusted VLAN with access to the router administration and I already know those MAC-addresses)...
- One/more restricted VLANs for guests and devices like TVs or other things that would like internet access but which I consider "unsecure" (this should be default for devices with unknown MAC-addresses)...
I consider it to be much more safe to make the adminitration VLAN based on MAC-addresses than on input ports, as everyone can connect their devices to my router ports... How should the script be changed?
If the ASUS-merlin-firmware do not allow VLANs to be created based on MAC-addresses, I think I have a managed switch that can make VLANs based on MAC-addresses, does that sound reasonable? I hope a few words can guide me in the right direction... Thanks.