Help with Network Configuration

SNBBear · Nov 3, 2018

I'm posting this to the Asuswrt-Merlin forum because I use it on my Asus 68u. Thanks @Merlin, I have donated a few times

I would ask the forum for some help in configuring my network. I'm becoming more and more concerned with security that hence the desire to make some changes.

Below is a picture of my layout and representative devices.

Objectives:

1) All devices have access to the internet
2) My iMac and iPhone has access to all devices
3) Some devices like the Chromecast can access my NAS (note the NAS has four NICs on it)
4) No devices can access my PCs (except as in #2, my iPhone can)
5) The Apple TV must be able to access the Ecobee
6) The TV must be able to access the NAS

Extra Credit:
7) VPN into my Asus and restrict the VPN to only accessing the NAS.

The managed switches I have can do either port based vLANs or 802.1q vLANs. If need be, I could move my LAN2 to connect with the 24-Port switch instead of the router if that makes things easier.

Since my iPhone must have access to everything, should I use vLANs or should I consider two private networks - 192.x & 10.x. ?

I would need to some how need to bridge them for my iPhone to get access to both networks (not sure if technically possible, but I'm not a network guy

)

Thanks for all suggestions (any and sample scripts

)

Martineau · Nov 4, 2018

SNBBear said:
I'm posting this to the Asuswrt-Merlin forum because I use it on my Asus 68u. Thanks @Merlin, I have donated a few times

I would ask the forum for some help in configuring my network. I'm becoming more and more concerned with security that hence the desire to make some changes.

Below is a picture of my layout and representative devices.

Objectives:

1) All devices have access to the internet
2) My iMac and iPhone has access to all devices
3) Some devices like the Chromecast can access my NAS (note the NAS has four NICs on it)
4) No devices can access my PCs (except as in #2, my iPhone can)
5) The Apple TV must be able to access the Ecobee
6) The TV must be able to access the NAS

Extra Credit:
7) VPN into my Asus and restrict the VPN to only accessing the NAS.

The managed switches I have can do either port based vLANs or 802.1q vLANs. If need be, I could move my LAN2 to connect with the 24-Port switch instead of the router if that makes things easier.

Since my iPhone must have access to everything, should I use vLANs or should I consider two private networks - 192.x & 10.x. ?

I would need to some how need to bridge them for my iPhone to get access to both networks (not sure if technically possible, but I'm not a network guy )

Thanks for all suggestions (any and sample scripts )

View attachment 14995

OK, as per your unsolicited PM.....

SNBBear said:
The managed switches I have can do either port based vLANs or 802.1q vLANs.
If need be, I could move my LAN2 to connect with the 24-Port switch instead of the router if that makes things easier.

For ease of use 802.1q VLANs should initially suffice, and simply create two trunk ports on the RT-AC68U (or cascade all three downstream switches off one RT-AC68U switch port)
NOTE: You have not disclosed which model Netgear switches you have, but as per "Networking 101" remember that although Layer 2 VLANs can exclude other Layer 2 traffic based on configuration, in a routed network you would need Layer 3 ACLs to block networks from one another etc.

Anyway, to get you started (assuming you are able to configure the Netgear switches to create/host egress VLANs 20,30 and 40) I would suggest you give the following a try:

Code:

/jffs/scripts/VLANSwitch.sh 10 2 bridge notag autodnsmasq   # VLAN122 via Switch Port 2 aka LAN1
/jffs/scripts/VLANSwitch.sh 20 3              autodnsmasq   # VLAN20  via switch Port 3 aka LAN2
/jffs/scripts/VLANSwitch.sh 30 4              autodnsmasq   # VLAN30  via Switch Port 4 aka LAN3
/jffs/scripts/VLANSwitch.sh 40 4              autodnsmasq   # VLAN40  via Switch Port 4 aka LAN12

NOTE: Script GS108E.sh is simply a convenient command-line shortcut to manage/display a group of VLANs.

SNBBear · Nov 4, 2018

Martineau,

Thanks for your reply.

re: "Ok, as per your unsolicited PM...." My apologies.

I'm very new to posting to forums (3 posts) and I'm still learning the ropes and etiquette. I saw many folks reaching out to you in this thread - https://www.snbforums.com/threads/help-setting-up-vlan-on-asus-rt-ac68u.49312/page-4

Per your text, I guess the proper way for me to solicit help would have been for me to post to that thread also. Again, my apologies.

re: Switches. I have 1 Netgear 24-Port JGS524Ev2 and 4 GS108Ev3.

I was following this post to understand how to configure the switches.

https://nguvu.org/pfsense/pfsense-router-on-a-stick-with-netgear-gs108/

Thank-you kindly for the sample code and the scripts.

SNBBear

Thread starter	Title	Forum	Replies	Date
	need help with network loop.	Asuswrt-Merlin	9	Apr 1, 2024
C	Help about dual Gateway	Asuswrt-Merlin	1	Monday at 3:55 AM
C	Solved Need help with nat-start scripts	Asuswrt-Merlin	3	Apr 24, 2024
G	Need help with VPN	Asuswrt-Merlin	2	Apr 23, 2024
P	Help with traffic filtering	Asuswrt-Merlin	0	Apr 19, 2024
C	Need some help with a DHCP problem	Asuswrt-Merlin	9	Apr 14, 2024
S	Help Required AC68U (TM-AC1900) troubleshooting after power outage	Asuswrt-Merlin	3	Apr 9, 2024
C	Need help with GT-AXE11000 and DNS Director	Asuswrt-Merlin	0	Apr 5, 2024
J	Help - duckdns has started returning an IPv6 IP address	Asuswrt-Merlin	1	Mar 27, 2024
A	Help Required Upgrading AC68U from Stock FW to Merlin Please?	Asuswrt-Merlin	15	Mar 25, 2024

Search

Search

Help with Network Configuration

SNBBear

New Around Here

Martineau

Part of the Furniture

SNBBear

New Around Here

Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Members online