how can I isolate music server from other devices on my LAN?

[pacoinconn]

I have a music streamer on my LAN and would like to limit it's access to only the NAS drive which hosts my music files. The device, Auralic Aries, is controlled by an app on my iPhone and iPad. Because the manufacturer updates firmware automatically and there is no way to turn off this "feature", I'm worried ab0ut my LAN security.

Ideally I would like, as I said above, to prevent anyone accessing the Aries from the outside to have any access to any other devices on my LAN. (The NAS drive is backed up. The Aries has its own credentials for access the NAS drive...I have to grant it read/write access unfortunately.) This would permit firmware updates and secure the rest of the network (I think).

Alternatively what's the best way to set up a firewall rule on the router to block the Aries' access to the WAN? This is less preferred b/c I wouldn't receive firmware updates (no way to manually upload firmware to Aries).

I'm using an ASUS RT-AC1900 with 2 Netgear EX-7000 extenders hard-wired and set up as WAPs. I have two Netgear switches plus assorted laptops, phones, NAS drives, etc. All devices on the network are assigned static addresses. The Aries is attached to the LAN through ethernet.

Thx in advance for your help.

 

[ColinTaylor]

Go to the router's Network Map. Click on the "Clients: " button. In the "Client status" list that appears click on the Aries. Turn on "Block Internet Access".

 

[pacoinconn]

Go to the router's Network Map. Click on the "Clients: " button. In the "Client status" list that appears click on the Aries. Turn on "Block Internet Access".

Thx Colin. Have now down that. Any suggestions to provide it access (so that firmware can update automatically) to the NAS but isolate it from other devices on the LAN?

 

[ColinTaylor]

Any suggestions to provide it access (so that firmware can update automatically) to the NAS but isolate it from other devices on the LAN?

The Aries gets its updates from your NAS?

You can't have the Aries accessing the NAS but not the rest of the LAN, whilst simultaneously allowing LAN access to the NAS. The NAS is either part of the LAN or separate, it can't be both. (Well you could probably create some sort of multilayered VLAN setup, but all your devices would have to support VLANs and even then I doubt you'd be able to use the iPhone app). If your NAS has two network interfaces you could use one to create a separate connection to the Aries, but the Aries wouldn't have access to the internet.

 

[pacoinconn]

The Aries gets its updates from your NAS?

You can't have the Aries accessing the NAS but not the rest of the LAN, whilst simultaneously allowing LAN access to the NAS. The NAS is either part of the LAN or separate, it can't be both. (Well you could probably create some sort of multilayered VLAN setup, but all your devices would have to support VLANs and even then I doubt you'd be able to use the iPhone app). If your NAS has two network interfaces you could use one to create a separate connection to the Aries, but the Aries wouldn't have access to the internet.

No, the Aries gets its update from the Internet. The NAS is only used to store the music files. Looks like I should explore VLAN setup to isolate the Aries+LAN (and a couple of smart TVs) from the rest of the network? If I do that, can I switch networks on my iPhone to control the Aries? I can then have the rest of my devices on the "main" VLAN network?