7800DX VLAN isolation

Post Reply
JamesHenery
Posts: 2
Joined: Sat Aug 06, 2016 3:03 pm

7800DX VLAN isolation

Post by JamesHenery » Sat Aug 06, 2016 3:28 pm

Hi all

I've owned a 7800DX for the past couple of years and have been very impressed with it. One of the reasons I originally purchased it was to allow the creation of a "Guest" SSID that I could isolate from the rest of the network. I configured it like this since new and it has worked very well.

However, I would now like to have three SSIDs configured something like the following:

OpenWiFi - in Default VLAN/group
Using router as DNS server pointed to ISP or other unfiltered DNS provider - no restrictions

FilteredWiFi - in Filtered VLAN/group
Filtered by assigning OpenDNS DNS servers in DHCP, and "LAN side firewall" enabled to block access to router interface

GuestWiFi - in Guest VLAN/group
"Client Isolation" enabled for SSID, also filtered with OpenDNS, and "LAN side firewall" enabled again

Now the issue I have. I want to prevent hosts connected to the GuestWiFi from accessing any part of my main network (as I had it originally). I previously had “Groups Isolation” enabled to achieve this. However, as this setting applies globally to all VLANs, it also prevents hosts on the other two VLANs from communicating directly. This is generally not a problem, but would for example stop a TV on the Filtered VLAN streaming media from a server on the Default VLAN.

Is there any way a single VLAN (the Guest one) can be fully isolated without affecting the others? Perhaps this can be done via command line if not available through the web interface? If not possible, would it be feasible to implement in a new firmware release please?

I hope that all makes sense, and thanks for any help you can provide.

Kind regards
James

billion_fan
Posts: 5209
Joined: Tue Jul 19, 2011 4:30 pm

Re: 7800DX VLAN isolation

Post by billion_fan » Mon Aug 08, 2016 9:57 am

JamesHenery wrote:Hi all

I've owned a 7800DX for the past couple of years and have been very impressed with it. One of the reasons I originally purchased it was to allow the creation of a "Guest" SSID that I could isolate from the rest of the network. I configured it like this since new and it has worked very well.

However, I would now like to have three SSIDs configured something like the following:

OpenWiFi - in Default VLAN/group
Using router as DNS server pointed to ISP or other unfiltered DNS provider - no restrictions

FilteredWiFi - in Filtered VLAN/group
Filtered by assigning OpenDNS DNS servers in DHCP, and "LAN side firewall" enabled to block access to router interface

GuestWiFi - in Guest VLAN/group
"Client Isolation" enabled for SSID, also filtered with OpenDNS, and "LAN side firewall" enabled again

Now the issue I have. I want to prevent hosts connected to the GuestWiFi from accessing any part of my main network (as I had it originally). I previously had “Groups Isolation” enabled to achieve this. However, as this setting applies globally to all VLANs, it also prevents hosts on the other two VLANs from communicating directly. This is generally not a problem, but would for example stop a TV on the Filtered VLAN streaming media from a server on the Default VLAN.

Is there any way a single VLAN (the Guest one) can be fully isolated without affecting the others? Perhaps this can be done via command line if not available through the web interface? If not possible, would it be feasible to implement in a new firmware release please?

I hope that all makes sense, and thanks for any help you can provide.

Kind regards
James
This can't be done, the whole point of the VLAN is isolate each port or wifi network from seeing/contacting each other. (using group isolation)

When setup the default VLAN group will not be able to see the other VLAN groups

Your best bet is to add your TV for example to the main default VLAN. (so it can see your server)

JamesHenery
Posts: 2
Joined: Sat Aug 06, 2016 3:03 pm

Re: 7800DX VLAN isolation

Post by JamesHenery » Mon Aug 08, 2016 6:00 pm

Hi billion_fan

Thank you for your reply.

I appreciate what you're saying, but on the other hand, the router is capable of inter-VLAN routing as with Group Isolation disabled, devices can connect to each other on different VLANs/subnets.

It would just be nice if there was a little more granular control over it, instead of a simple on/off, a bit like the Client Isolation setting which is set per SSID.

Is it possible to request this feature in a future firmware upgrade? Or is the model no longer being actively developed?

Thanks again anyway.

All the best
James

billion_fan
Posts: 5209
Joined: Tue Jul 19, 2011 4:30 pm

Re: 7800DX VLAN isolation

Post by billion_fan » Tue Aug 09, 2016 9:14 am

JamesHenery wrote:Hi billion_fan

Thank you for your reply.

I appreciate what you're saying, but on the other hand, the router is capable of inter-VLAN routing as with Group Isolation disabled, devices can connect to each other on different VLANs/subnets.

It would just be nice if there was a little more granular control over it, instead of a simple on/off, a bit like the Client Isolation setting which is set per SSID.

Is it possible to request this feature in a future firmware upgrade? Or is the model no longer being actively developed?

Thanks again anyway.

All the best
James
You can post your suggestion on the following thread

viewforum.php?f=15

Post Reply