What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Is this possible with Merlin? I don’t know where to start

V

vmachiel

Occasional Visitor
Hi,

So I’ve got a BE86U running the latest Merlin. Basically, I want to isolate my work laptop (which is full of “corporate malware”) from the rest of my network. I think I have to create a new network with a different subnet for that right?

BUT: I want it to be able to acces 1 device on my main network: my raspberry pi running pihole. Is this doable with vlans/subnets etc? I’m not THAT tech savvy so I don’t know what to look for. If someone can point me in the right direction that would be awesome.

Thanks!
 
Create a guest WIFI for the laptop. Install Diversion on the router and dump the Pi-Hole. Diversion does the same as Pi-hole and uses the same block lists.
 
bbunge said:
Create a guest WIFI for the laptop. Install Diversion on the router and dump the Pi-Hole. Diversion does the same as Pi-hole and uses the same block lists.
Click to expand...
That depends on what block list(s) the PiHole uses. Couldn't the user explicitly point the guest network's DNS to the PiHole using DNS Director?
 
vmachiel said:
Basically, I want to isolate my work laptop (which is full of “corporate malware”) from the rest of my network.
Click to expand...
If the laptop is connected via WiFi then create a Guest Network Pro profile and join the laptop to it. When creating the Guest Network Pro profile make sure to disable the option Use same subnet as main network.
vmachiel said:
BUT: I want it to be able to acces 1 device on my main network: my raspberry pi running pihole.
Click to expand...
You can configure LAN> DNS Director to perform this step. DNS Director has a section for Guest Network Pro profiles where you can select the Guest Network Pro profile and assign a User defined DNS field to it. You would input the Pi-Hole's IP address into that User defined DNS field on the DNS Director page. There are likely more configuration one may need to do on the DNS Director page depending on one's use case. On the Pi-Hole you will likely need to change the DNS Settings > Interface Setting from Allow only local requests to Respond only on interface so the Pi-Hole correctly accepts DNS requests from the Guest Network Pro profile's IP subnet.

Edit to add: See attached example of how I have my Pi-Hole(s) configured under 3006.102.5 firmware on a RT-AX86U Pro. In my example the Guest Network Pro Profiles (two of them) use the Pi-Hole's IP address that is input into the User defined DNS #1 field.
 

Attachments

  • DNS Director.jpg
    DNS Director.jpg
    69.9 KB · Views: 17
Last edited:
I utilize PiHole to keep as much off the router as possible. I have been using the GNP, since upgrading to RMerlin's latest, to isolate our IoT devices.
 
bennor said:
If the laptop is connected via WiFi then create a Guest Network Pro profile and join the laptop to it. When creating the Guest Network Pro profile make sure to disable the option Use same subnet as main network.

You can configure LAN> DNS Director to perform this step. DNS Director has a section for Guest Network Pro profiles where you can select the Guest Network Pro profile and assign a User defined DNS field to it. You would input the Pi-Hole's IP address into that User defined DNS field on the DNS Director page. There are likely more configuration one may need to do on the DNS Director page depending on one's use case. On the Pi-Hole you will likely need to change the DNS Settings > Interface Setting from Allow only local requests to Respond only on interface so the Pi-Hole correctly accepts DNS requests from the Guest Network Pro profile's IP subnet.

Edit to add: See attached example of how I have my Pi-Hole(s) configured under 3006.102.5 firmware on a RT-AX86U Pro. In my example the Guest Network Pro Profiles (two of them) use the Pi-Hole's IP address that is input into the User defined DNS #1 field.
Click to expand...
Cheers! I’ll try this tomorrow!
 
Clark Griswald said:
I utilize PiHole to keep as much off the router as possible. I have been using the GNP, since upgrading to RMerlin's latest, to isolate our IoT devices.
Click to expand...
One thing I don’t get when looking at the GNP for IoT stuff: the “use same subnet” option is turned off. The reply by @bennor suggested that needs to be off in order to isolate your stuff.

Are you IoT devices really isolated then if that option is on? Or did you use the default IoT config and just turned that option off?
 
vmachiel said:
One thing I don’t get when looking at the GNP for IoT stuff: the “use same subnet” option is turned off. The reply by @bennor suggested that needs to be off in order to isolate your stuff.

Are you IoT devices really isolated then if that option is on? Or did you use the default IoT config and just turned that option off?
Click to expand...
Turn option off to create isolated VLAN.
 
vmachiel said:
Are you IoT devices really isolated then if that option is on? Or did you use the default IoT config and just turned that option off?
Click to expand...
If you want to isolate your Guest Network Pro Profile clients from the main LAN/main WiFi clients you would set the option Use same subnet as main network to off/disable.

If Use same subnet as main network is enabled/on then Guest Network Pro Profile clients would receive an IP address from the main LAN IP address pool and will be accessible to main LAN clients (i.e. not isolated from main LAN).

PS: IF you still have questions about the Use same subnet as main network option, use the forum search feature to find the various past discussions that mention or discuss that option and what it does and doesn't do in the 3006.102.x firmware.
 
I use the addon sbnmerlin exactly for this, isolating my partner's work laptop. Seems to work well, been almost no trouble for about a year now.
 
Mikey Dread said:
I use the addon sbnmerlin exactly for this...
Click to expand...
Does that script work with 3006.102.x firmware?
PS: It's script page indicates it may not.
**ATTENTION**: This script is not compatible with other network isolation scripts, and with Asus' Guest Network Pro available in the 3006.102.1-beta 1 firmware version [Thanks to @visortgw ].
Click to expand...
 
Or this
www.snbforums.com

Tutorial - Pi-Hole for both LAN clients and Guest Network (VLAN) clients

This topic has been discussed several times before in these forums. One solution is to set up the RPI with the Ethernet connected to the LAN and the WIFI connected to the guest WIFI. This procedure will let you connect the RPI to the LAN Ethernet with a single cable and have IP addresses on the...
www.snbforums.com www.snbforums.com
 
You must log in or register to reply here.

Similar threads

V
Why is my DNS director not working?
Replies
8
Views
953
vmachiel
V
Z
Asus RT-BE86u Set up with different DNS per SSID
Replies
2
Views
854
Zaka7
Z
S
Which Merlin-capable routers can do this type of VLAN?
Replies
9
Views
1K
StR
S
G
Multiple APs in untrusted environment
Replies
1
Views
571
georgev
G
V
AI mesh and Pihole DNS spam: what I found out and where I’m stuck
Replies
17
Views
1K
ZebMcKayhan
Z
Similar threads
Thread starter Title Forum Replies Date
spacemanspiff RT-AX86U running Merlin serving DNS - possible Malware infection Asuswrt-Merlin 31
A Possible to disable constant DNS checks to dns.msftncsi.com? Asuswrt-Merlin 34
asceta Parental Control - are exceptions possible? Asuswrt-Merlin 1
J VPN Client - Redirect App Possible? Asuswrt-Merlin 2
A Possible to route certain sites through WAN and all others through Wireguard? Asuswrt-Merlin 5
garycnew VPNDirector Source/Destination Port-Based Split-Tunneling Rules Not Possible? Asuswrt-Merlin 6
Toad004 DHCP Reservations for IPv6 possible? Asuswrt-Merlin 4
C Compile Software on AX58U v2 possible ? Asuswrt-Merlin 8
Sundraw GT-Be 98 European Version. We need more Merlin-Gnuton :) Asuswrt-Merlin 11
H Upload Merlin Firmware Asuswrt-Merlin 9

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 684 (members: 19, guests: 665)
Back
Top