7800DX VLAN isolation
Posted: Sat Aug 06, 2016 3:28 pm
Hi all
I've owned a 7800DX for the past couple of years and have been very impressed with it. One of the reasons I originally purchased it was to allow the creation of a "Guest" SSID that I could isolate from the rest of the network. I configured it like this since new and it has worked very well.
However, I would now like to have three SSIDs configured something like the following:
OpenWiFi - in Default VLAN/group
Using router as DNS server pointed to ISP or other unfiltered DNS provider - no restrictions
FilteredWiFi - in Filtered VLAN/group
Filtered by assigning OpenDNS DNS servers in DHCP, and "LAN side firewall" enabled to block access to router interface
GuestWiFi - in Guest VLAN/group
"Client Isolation" enabled for SSID, also filtered with OpenDNS, and "LAN side firewall" enabled again
Now the issue I have. I want to prevent hosts connected to the GuestWiFi from accessing any part of my main network (as I had it originally). I previously had “Groups Isolation” enabled to achieve this. However, as this setting applies globally to all VLANs, it also prevents hosts on the other two VLANs from communicating directly. This is generally not a problem, but would for example stop a TV on the Filtered VLAN streaming media from a server on the Default VLAN.
Is there any way a single VLAN (the Guest one) can be fully isolated without affecting the others? Perhaps this can be done via command line if not available through the web interface? If not possible, would it be feasible to implement in a new firmware release please?
I hope that all makes sense, and thanks for any help you can provide.
Kind regards
James
I've owned a 7800DX for the past couple of years and have been very impressed with it. One of the reasons I originally purchased it was to allow the creation of a "Guest" SSID that I could isolate from the rest of the network. I configured it like this since new and it has worked very well.
However, I would now like to have three SSIDs configured something like the following:
OpenWiFi - in Default VLAN/group
Using router as DNS server pointed to ISP or other unfiltered DNS provider - no restrictions
FilteredWiFi - in Filtered VLAN/group
Filtered by assigning OpenDNS DNS servers in DHCP, and "LAN side firewall" enabled to block access to router interface
GuestWiFi - in Guest VLAN/group
"Client Isolation" enabled for SSID, also filtered with OpenDNS, and "LAN side firewall" enabled again
Now the issue I have. I want to prevent hosts connected to the GuestWiFi from accessing any part of my main network (as I had it originally). I previously had “Groups Isolation” enabled to achieve this. However, as this setting applies globally to all VLANs, it also prevents hosts on the other two VLANs from communicating directly. This is generally not a problem, but would for example stop a TV on the Filtered VLAN streaming media from a server on the Default VLAN.
Is there any way a single VLAN (the Guest one) can be fully isolated without affecting the others? Perhaps this can be done via command line if not available through the web interface? If not possible, would it be feasible to implement in a new firmware release please?
I hope that all makes sense, and thanks for any help you can provide.
Kind regards
James