1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

LAN to LAN Network Services Filter?

Discussion in 'Asuswrt-Merlin' started by azdeltawye, Jun 23, 2019.

  1. azdeltawye

    azdeltawye Occasional Visitor

    Joined:
    Jan 29, 2018
    Messages:
    13
    Hello
    Noob question here..

    Is there any way to easily isolate a wired client from the rest of the local LAN?

    I want to deny a wired IOT device access to the rest of my local LAN the same way that the wireless guest network does when you select the 'Disable intranet access' option. I played around with the Network Services Filter but that only seems to block LAN to WAN packets. I know this can probably be accomplished with scripting but I was looking for a built-in UI option.

    Any help would be appreciated.
    Thx
     
  2. eibgrad

    eibgrad Senior Member

    Joined:
    Feb 20, 2017
    Messages:
    220
    IOT devices requiring isolation should be placed on their own network (in the case of Merlin, one of the 3 available Guest neworks), NOT the private network.
     
  3. CaptainSTX

    CaptainSTX Very Senior Member

    Joined:
    May 2, 2012
    Messages:
    1,881
    It can be done with some creative scripting to set up VLANS on your router if it is running Merlin. A simpler way to accomplish it using a GUI is to add a smart switch that supports VLANS. Depends on how much your time is worth. A TP-Link 8 port smart switch costs US$42. They work well and I have set up three VLANS. 1 = IoT, 2 = Video, 3 = secure using mine.

    Another option is to flash Tomato Version 1.28 on your router if it is available as it supports both VLANs and virtual APs. Both can be setup using the GUI. Tomato is getting a little long in the tooth.
     
  4. azdeltawye

    azdeltawye Occasional Visitor

    Joined:
    Jan 29, 2018
    Messages:
    13
    @CaptainSTX - Thanks for the info on the switch! I'll give it a try. I don't think I want to try and learn Tomato. I like the stability of Merlin...

    @eibgrad - I totally agree; IOT devices should NOT be on the private network. However the built-in guest network options are only for wireless clients...


    Perhaps someday, a future build of Merlin FW will have LAN-LAN & WAN-LAN options in the Network Services Filter.
     
  5. eibgrad

    eibgrad Senior Member

    Joined:
    Feb 20, 2017
    Messages:
    220
    CaptainSTX likes this.