TLDR: I'd like a dedicated guest router, behind another router, that is unable to access the intranet of the router in front of it. So I need to keep a wired device off my local intranet, but it still needs to have internet access.
In more detail:
I have two routers, an AC3200 and an N66U behind it for guests, both running ASUS-Merlin. I occasionally have idiot, teenage house guests, that need a dedicated network that is forced through a VPN and maybe speed throttled, and does not have access to my main router's intranet.
On the N66U: Enabling isolated AP keeps guests from contacting each other, but they can still access the intranet of the router in front of them, same of course with a guest AP with intranet off, the intranet of the router in front is still accessible. This is of course totally understandable.
So I assume that I need to find some sort of solution on the main AC3200 to block the N66U's IP/MAC/Ethernet port on the AC3200 from accessing the AC3200's intranet. Perhaps I need to relook at VLAN on Merlin. Suggestions?
In more detail:
I have two routers, an AC3200 and an N66U behind it for guests, both running ASUS-Merlin. I occasionally have idiot, teenage house guests, that need a dedicated network that is forced through a VPN and maybe speed throttled, and does not have access to my main router's intranet.
On the N66U: Enabling isolated AP keeps guests from contacting each other, but they can still access the intranet of the router in front of them, same of course with a guest AP with intranet off, the intranet of the router in front is still accessible. This is of course totally understandable.
So I assume that I need to find some sort of solution on the main AC3200 to block the N66U's IP/MAC/Ethernet port on the AC3200 from accessing the AC3200's intranet. Perhaps I need to relook at VLAN on Merlin. Suggestions?