Hey Collin, thanks for your response. That's all good information. I wasn't aware that there was no VLAN support.
Yes I am aware of the guest WIFI function. From what I have found out so far (PLEASE CORRECT OR CONFIRM)
1. Guest WIFi on AsusWRT doesn't function well in terms of true client isolation from other clients and also from the intranet (LAN)
2. Guest WIFI on MerlinWRT is able to provide isolation client-to-client and from the intranet (LAN), Yes?
I also looked into YazFi. From what I understand:
3. YazFi is is able to provide isolation client-to-client and from the intranet (LAN), PLUS one is able to change IP subnet as well?
I am having an issue with #3 though....I am not using a VPN and I set up 3 guest networks in Yazfi with client isolation enables and both one way and two way "off", the DNS server was set to 1.1.1.3 and 1.0.0.3 but I am still able to ping the Lan and all the other guest networks...what gives?
You hit the nail on the heart with two statements which were " if you could state a particular objective that you're trying to achieve" and also "main issue is manipulating specific router functions"
What I am trying to achieve is a degree of security through isolation. What do I mean ? Well I wanted to create 2 VLANS to keep an NVR system isolated from the LAN and also WIFI clients isolated from each other and the LAN, but allow internet access. (I am able to do this with DDWRT but due to lack of proprietary drivers etc. the wireless performance of DDWRT sucks). Some of the guest users are IoT devices: (Nest thermostats, Ring cams and WIFI Power Sockets). Its been a long journey and I suspect and like many seekers I tried all the Opensource Routers Firmware's.....DDWRT was great for many things and I went through a learning curve....tried tweaking settings but then got stuck with the lack of proprietary WIFI drivers and not able to put up with the lack of WIFI performance. Got to MerlinWRT - and Eric has done beautiful job as well as all the contributors to the additional scripts (Jack ,lonely coder etc - thank all). MerlinWRT has great WIFI performance and additional features....to circumvent the VLAN stuff I can always try to segment my network earlier but I am having issues now with YazFi. Despite my setup I can ping every client and vice versa.
As for network layout:
1. ISP MODEM (RTR. MODE/ DHCP) > NG FIREWALL/ UTM (TRANS MODE) > SWITCH for PC/NAS > WIFI ROUTER (DBL NAT)
2. ISP MODEM (BRG. MODE) > NG FIREWALL/ UTM > SWITCH > WIFI ROUTER (DBL NAT)
3. ISP MODEM > [VLAN SWITCH] >NG FIREWALL/ UTM > SWITCH for PC/NAS
>WIFI ROUTER (DBL NAT)
4. ISP MODEM > NG FIREWALL/ UTM > SWITCH for PC/NAS
> WIFI ROUTER (DBL NAT)
5. ISP MODEM > WIFI ROUTER > NG FIREWALL/ UTM > SWITCH for PC/NAS
My ISP gives me a single IP so cant really split it at the ISP modem...Out of these layouts I am using #1 BUT Thinking of switching to #5 with the rationale that the PC/ NAS resources need the most protection and Routers are Notoriously easy to hack with various MITM hacks and Exploits. I really would like some feedback and comments from you and anyone in the group who would care to chime in.
