Can I segregate the different LAN ports?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

smallnet

Occasional Visitor
The RT-AC68U router has 4 LAN ports on the back, I'll call them LAN1, LAN2, LAN3, and LAN4.
Ordinarily, if there are 4 devices plugged into the 4 LAN ports, they can talk to each other, see each other.
Is there a way for the router to segregate the device plugged into LAN1 from the others?
So, if there are 4 devices plugged in, they all have internet, but LAN1 gets and IP address that does not allow it to talk to the devices on LAN2, LAN3, and LAN4, who are each able to talk among each other?

Is this possible or is it beyond the capabilities of the RT-AC68U router running Merlin?
 

L&LD

Part of the Furniture
Yes, possible.

Search for VLANS and get ready to code/customize a script.
 

Lord Lovaduck

Regular Contributor
Yes, possible.

Search for VLANS and get ready to code/customize a script.
Been there, done that... so far not making much progress. The VLANSWITCH.SH script that @Martineau shortly trialed here could've helped but is not available. If anybody has a vlan script would certainly love to test it in my AC68U.
 

eibgrad

Very Senior Member
Been there, done that... so far not making much progress. The VLANSWITCH.SH script that @Martineau shortly trialed here could've helped but is not available. If anybody has a vlan script would certainly love to test it in my AC68U.
Sometimes ppl simply aren't using the right tools. Unless you're committed to Merlin for other reasons (Skynet, Diversion, etc.), you could try FT (FreshTomato) instead, where VLANs are native to the GUI and you don't have to mess around w/ scripting, at all.

Even if you ultimately want Merlin, you could probably use the FT GUI to establish what you want, dump the underlying data structures to learn what the router did to achieve those results, and use that information to properly configure Merlin.
 

Lord Lovaduck

Regular Contributor
Sometimes ppl simply aren't using the right tools. Unless you're committed to Merlin for other reasons (Skynet, Diversion, etc.), you could try FT (FreshTomato) instead, where VLANs are native to the GUI and you don't have to mess around w/ scripting, at all.
True, I am using Yazfi, Speedtest and Conmon and intend to use more AMTM linked tools as possible, so I am tied to Merlin for now. I didn't want to sound negative, it is simply that unless you have some command of IP Networking and shell scripting you're in for a hard landing when trying to make things (VLANS, for example) that are simple with DD-WRT or any Tomato. I have installed all of them at different times, tried and finally decided to stay with Merlin.
Besides the conversion to FT or DD-WRT from Merlin is not without risks. The "backup" router I have which I wanted to use to try (again) with DD-WRT or Fresh Tomato is an RT-N16. The wiki page for it is full of warnings since you can brick it in many ways because of NVRAM size mismatch between the firmware, the CFE and the hardware. For the AC68U it's easier but I would be forced to stop the functional network which serves an entire apartment building.


Even if you ultimately want Merlin, you could probably use the FT GUI to establish what you want, dump the underlying data structures to learn what the router did to achieve those results, and use that information to properly configure Merlin.
Yes, and I have spent quite a bit of time looking at examples that accomplish something similar to what I want to do. I didn't try with FT, good idea. I use Yazfi in my setup and I looked at how it created the subnets and bridges. Have taken a nice dump of the output from iptables -L, iptables -S, ifconfig and I was going through it. Eventually it may give fruit but if there's some work already done please share...

I just don't want anybody to think I'm not doing my homework and researching the previous posts. I am. But with the last work experience in Networking being on Token Ring Networks, IBM Mainframes and scripting in REXX not in Bash, I am just relearning everything. And I imagine that a beginner would be having the same issues, hence my comment.

Thanks guys, it's a great forum and all contributions are appreciated, don't take me wrong.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top