Hi,
I have an AC86U (running Asuswrt-Merlin) that I use as a guest/VPN network router. It's WAN port is connected to my private network via a switch that is connected to my ISP's router/modem. NAT and DHCP is enabled on both routers. As it stands now, the guest network (192.168.1.x) on the AC86U can see and connect to devices on the private network (192.168.178.x) but not the other way around.
I don't want guests to be able to reach addresses on my private network at all (ideally not even the admin interface at 192.168.178.1) but still be able to connect to the internet. I set up client isolation between guests on the UniFi APs, but I'm not sure how to do the isolation between the private and guest subnets without affecting internet connectivity on the ASUS router. Any pointers?
Just for information, my network currently looks like this. The wireless radios on both wireless routers are turned off. Everything connects to the UniFi APs, either to the private or to the guest network SSID.
I have an AC86U (running Asuswrt-Merlin) that I use as a guest/VPN network router. It's WAN port is connected to my private network via a switch that is connected to my ISP's router/modem. NAT and DHCP is enabled on both routers. As it stands now, the guest network (192.168.1.x) on the AC86U can see and connect to devices on the private network (192.168.178.x) but not the other way around.
I don't want guests to be able to reach addresses on my private network at all (ideally not even the admin interface at 192.168.178.1) but still be able to connect to the internet. I set up client isolation between guests on the UniFi APs, but I'm not sure how to do the isolation between the private and guest subnets without affecting internet connectivity on the ASUS router. Any pointers?
Just for information, my network currently looks like this. The wireless radios on both wireless routers are turned off. Everything connects to the UniFi APs, either to the private or to the guest network SSID.
Last edited:
