Isolating LAN port on Archer C7

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware
Author Message
mrumble
DD-WRT Novice


Joined: 11 Dec 2019
Posts: 2

PostPosted: Wed Dec 11, 2019 20:17    Post subject: Isolating LAN port on Archer C7 Reply with quote
I have been hitting my head against a wall for the past few hours and hope someone can steer me in the right direction.

I have an Archer C7 V2 Qualcomm Atheros QCA9558 ver 1 rev 1.0 (0x1130) Firmware: DD-WRT v3.0-r41586 (11/21/19)

I also have a D-Link DIR-605L with stock firmware. All of my IoT devices are now connected to the DIR-605L. That router, in turn, is attached to the Archer C7 by Ethernet cable.

I want to isolate the DIR-605L from anything connected to my Archer C7. I have 1 other wired device (VoIP ATA) and the rest connects wirelessly. I thought I had it all figured out when I discovered vLANs, but after a few hours of trial and error I seem to have discovered that's not supported on Atheros. Any other ideas? Thanks.
Sponsor
ian5142
DD-WRT Guru


Joined: 23 Oct 2013
Posts: 2038
Location: Canada

PostPosted: Wed Dec 11, 2019 22:48    Post subject: VLAN tagging Reply with quote
VLAN tagging is supported on Atheros but the entire 4-port switch is a single port. You would only be able to separate it from Wireless clients.

What about via the firewall?

I am not versed in advanced firewall configurations, but some on this forum are.

_________________
Before asking a question on the forums, update dd-wrt: Where do I download firmware? I suggest reading it all.

Some dd-wrt wiki pages are up to date, others are not. PM me if you find an old one, I am trying to update them.

Atheros:
TP-Link Archer C7 v2 x2 - WDS AP, WDS Station
TP-Link TL-WDR3600 v1 - WDS Station
TP-Link 841nd v8 - WDS Station
Linksys WRT400N - bricked
D-Link 615 C1 x 4 - not used
D-Link 615 E3 x 2 - not used
D-Link 825 B1 - WDS Station
D-Link 862L A1 x2 - WDS Station
Netgear WNDR3700v2 - WDS Station
TP-Link 1043nd v1, inactive, unstable hardware
UBNT loco M2 x2 - airOS

Broadcom
Asus N66U - backup Gateway
Netgear r6300 v1 - AP
Linksys E2500 - not used
Linksys EA2700 - not used
Linksys 160N v3 x2 - not used
Netgear WNDR3700v3 - not used
MediaTek
UBNT EdgeRouter X - Gateway, DHCP, QoS
msoengineer
DD-WRT Guru


Joined: 21 Jan 2017
Posts: 628
Location: Illinois

PostPosted: Wed Dec 11, 2019 23:05    Post subject: Re: VLAN tagging Reply with quote
ian5142 wrote:
but the entire 4-port switch is a single port.


Wait a minute...how could that be possible? The switch needs to be able to tell traffic where to go...

I know TP link stuff is cheap and shady...but they can't violate that much when it comes to sending packets to the right place...

I'm no guru, but I think VLAN's are possible, you just have to know what you are doing.

You will need to see how the physical ports are allocated in the swconfig. Here is a link to the jpg with the commands you need to run in putty to learn more about the C7 architecture: http://mrjcd.com/junk/dd-wrt/EA8500/r7800-EA8500_switch-ports.png

Then more reading here:
http://mrjcd.com/EA8500_DD-WRT/vlans/

and here:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1119771#1119771

_________________
[r9000]BS 41659 (Main Router)
[EA8500]BS 41659 (Offsite)
[R7800]taking a nap
[WDR3600]BS 36808 (Offsite)


TIPS/TRICKS:

Best QCA Wifi settings to use|Latency tricks|QoS Port priority||NEVER USE MU-MIO

Why to NOT use MU-MIMO||Max Wifi Pwr by Country||MCS Index Speeds||Correct QCA 5Ghz chnls to use||WIFI Chnl Freq WIKI
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 527

PostPosted: Wed Dec 11, 2019 23:46    Post subject: Reply with quote
VLANs are not true security though, no one has to honor that flag. But it would keep traffic separate, which is maybe what you want to do.

If you truely want security, get another router and connect in a "Y" configuration, then you are totally isolated, then you have a whole separate LAN for your protected devices.


But to work with the constraints that you have given, VLANs if supported are the way to go.
ian5142
DD-WRT Guru


Joined: 23 Oct 2013
Posts: 2038
Location: Canada

PostPosted: Thu Dec 12, 2019 1:01    Post subject: VLAN vs VLAN tagging Reply with quote
VLANs: https://forum.dd-wrt.com/wiki/index.php/Switched_Ports
This is located on the router, mostly or via the CLI: Setup->Switch Config

VLAN taggin, can't seem to find the wiki at the moment. I do know it is the info on this page on the router though: Setup->Networking->VLAN Tagging

_________________
Before asking a question on the forums, update dd-wrt: Where do I download firmware? I suggest reading it all.

Some dd-wrt wiki pages are up to date, others are not. PM me if you find an old one, I am trying to update them.

Atheros:
TP-Link Archer C7 v2 x2 - WDS AP, WDS Station
TP-Link TL-WDR3600 v1 - WDS Station
TP-Link 841nd v8 - WDS Station
Linksys WRT400N - bricked
D-Link 615 C1 x 4 - not used
D-Link 615 E3 x 2 - not used
D-Link 825 B1 - WDS Station
D-Link 862L A1 x2 - WDS Station
Netgear WNDR3700v2 - WDS Station
TP-Link 1043nd v1, inactive, unstable hardware
UBNT loco M2 x2 - airOS

Broadcom
Asus N66U - backup Gateway
Netgear r6300 v1 - AP
Linksys E2500 - not used
Linksys EA2700 - not used
Linksys 160N v3 x2 - not used
Netgear WNDR3700v3 - not used
MediaTek
UBNT EdgeRouter X - Gateway, DHCP, QoS
mrumble
DD-WRT Novice


Joined: 11 Dec 2019
Posts: 2

PostPosted: Sat Dec 14, 2019 13:31    Post subject: Reply with quote
Wildlion wrote:
VLANs are not true security though, no one has to honor that flag. But it would keep traffic separate, which is maybe what you want to do.

If you truely want security, get another router and connect in a "Y" configuration, then you are totally isolated, then you have a whole separate LAN for your protected devices.


But to work with the constraints that you have given, VLANs if supported are the way to go.


This was my answer! Thank you. I had 2 routers, I just had the order backwards. Your post gave me the right words to research and I'm all set up now. Simple and effective. Thanks!
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 4875
Location: Texas

PostPosted: Sat Dec 14, 2019 13:40    Post subject: Reply with quote
Wildlion wrote:
VLANs are not true security though, no one has to honor that flag.....

I use VLAN Detached Networks ... no VLAN tagged net Twisted Evil
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5237
Location: Akershus, Norway

PostPosted: Sat Dec 14, 2019 14:08    Post subject: Reply with quote
VLAN keeps the traffic separated at layer 2.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum