What's new

[Q] Network configuration/isolation

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

FalconB

Regular Contributor
Hi,

Long post, much text, sorry for that.

I'm scratching my head over how to configure my RT-AC68U regarding network isolation. I've been reading up on the forum about ebtables but can't get it to work :(, hence this thread.

So, what do I want to do then? Well, here's the wish-list ;):
  • Separate my network traffic into 3 parts (all with internet acccess): Private, IoT and Guest
  • The networks shall support both wireless and wired access (Guest WiFi already working through built-in feature in the router FW)
  • Each of these networks shall be isolated from each other apart from some IoT-devices that need connections to some of the devices on the Private net (i.e. the smart-TV shall be able to access the media-server)
  • IoT- and Guest-devices shall NOT be able to login to the router
  • I also have a network-printer which Private and Guest devices shall be able to use
As of now, all devices are connected to the same switch which in turn is connected to my router. The switch is unmanaged. However, I do have some more unmanaged switches lying around, and one idea I thought of was to connect 2 of these switches to my router, say LAN port 3 and 4, and use them for the networks IoT and Guest.

As I said, I've tried to read up about how to do this but to no avail. I can't get it to work. I can create two VLAN's and assign them to a chosen LAN port on the router. I can also use ebtables to block network traffic from these VLAN's to the private network (which is good!), but I can't open up a connection between a specific device on a above mentioned VLAN to my private network. The "ebtables -t broute -I BROUTING"-command blocks traffic between the networks but no matter how hard I try I can't find any "ebtables - filter -I FORWARD"-command that let's traffic pass through. But I might have misunderstood how it all works :oops:.

Does anyone has any advice, it would be much appreciated!
 
Apologies for digging up a thread from April 2018 but I'm wondering if you ever found a solution or even made progress to your end goal? The setup you describe is very much what I'm trying to accomplish.
 
I created a guest LAN with a Layer 3 switch. Isolation is as good as the access control rules you create for the VLAN.
 
Apologies for digging up a thread from April 2018 but I'm wondering if you ever found a solution or even made progress to your end goal? The setup you describe is very much what I'm trying to accomplish.
Haha, no worries. I ended up trying to get this to work, but didn't succeed. I then created another thread:

https://www.snbforums.com/threads/help-setting-up-vlan-on-asus-rt-ac68u.49312/

That time I got help from @Martineau who helped me with basically everything to get it all going. So, I thank @Martineau for his great help and support. But since I didn't get it to work myself I have to refer you to @Martineau and the thread above. Good luck!
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top