Asuswrt-Merlin 384.12 Asus RT-AC86u possible to block client to client?

[box4m]

Hello,

Is it possible to block connection between 2 LAN-clients?
192.168.x.10 cannot talk to 192.168.x.11 for example?

Thanks

 

[CaptainSTX]

If one or both of them connect using WiFi then have them connect to a guest network and block access to Intranet.

If they connect using an Ethernet cable you are going to need to setup a VLAN. If his isn't possible using the GUI, search this forum you will find numerous discussions of how to write or adapt a script to do what you want.

Depending on what router you have and if Tomato is available for it you could flash Tomato and then setup VLANs using the GUI.

Finally the simplest but perhaps less elegant method is to setup VLANs for wired clients is to add a managed/smart switch to your network for US$28 (TP-Link SG108E).

 

[box4m]

If one or both of them connect using WiFi then have them connect to a guest network and block access to Intranet.

If they connect using an Ethernet cable you are going to need to setup a VLAN. If his isn't possible using the GUI, search this forum you will find numerous discussions of how to write or adapt a script to do what you want.

Depending on what router you have and if Tomato is available for it you could flash Tomato and then setup VLANs using the GUI.

Finally the simplest but perhaps less elegant method is to setup VLANs for wired clients is to add a managed/smart switch to your network for US$28 (TP-Link SG108E).

Thank you, this is good thinking outsidethebox solutions, thank you.
A question that arrises for me would then be, would being on the guestnetwork still enable the client to connect through my VPN? Which is setup now

 

[CaptainSTX]

Thank you, this is good thinking outsidethebox solutions, thank you.
A question that arrises for me would then be, would being on the guestnetwork still enable the client to connect through my VPN? Which is setup now

If a device is connected to the guest network depending how your VPN is setup some or all clients would use the VPN tunnel. I have policy routing selected so some of my IoT devices use the WAN & others route using one of two VPN clients I have running. All my IoT devices connect using either a guest network. Then for ones using WiFi the connect either using a 2.4 Ghz channel or a 5 Ghz channel. This is done using Merlin 384.14.

If you use ASUS stock firmware or set your router up with Merlin and then select route all traffic on VPN, then all regular and guest devices will use the VPN tunnel.

 

[box4m]

If a device is connected to the guest network depending how your VPN is setup some or all clients would use the VPN tunnel. I have policy routing selected so some of my IoT devices use the WAN & others route using one of two VPN clients I have running. All my IoT devices connect using either a guest network. Then for ones using WiFi the connect either using a 2.4 Ghz channel or a 5 Ghz channel. This is done using Merlin 384.14.

If you use ASUS stock firmware or set your router up with Merlin and then select route all traffic on VPN, then all regular and guest devices will use the VPN tunnel.

Yeah i also have VPN client setup with strict policy.
I dont want my PC using router VPN so im adding addresses 1by1, dont think u can add ranges of addresses to go through VPN? 192.168.1.0 would do it but that would get my pc

But if i MAC-locked a LAN client to use guest wifi, i guess it would always use that DHCP lease, so i could then set a strict policy VPN rule for that IP, as i have now