Posted: Wed Dec 11, 2019 20:17 Post subject: Isolating LAN port on Archer C7
I have been hitting my head against a wall for the past few hours and hope someone can steer me in the right direction.
I have an Archer C7 V2 Qualcomm Atheros QCA9558 ver 1 rev 1.0 (0x1130) Firmware: DD-WRT v3.0-r41586 (11/21/19)
I also have a D-Link DIR-605L with stock firmware. All of my IoT devices are now connected to the DIR-605L. That router, in turn, is attached to the Archer C7 by Ethernet cable.
I want to isolate the DIR-605L from anything connected to my Archer C7. I have 1 other wired device (VoIP ATA) and the rest connects wirelessly. I thought I had it all figured out when I discovered vLANs, but after a few hours of trial and error I seem to have discovered that's not supported on Atheros. Any other ideas? Thanks.
Posted: Wed Dec 11, 2019 22:48 Post subject: VLAN tagging
VLAN tagging is supported on Atheros but the entire 4-port switch is a single port. You would only be able to separate it from Wireless clients.
What about via the firewall?
I am not versed in advanced firewall configurations, but some on this forum are. _________________ Before asking a question on the forums, update dd-wrt: Where do I download firmware? I suggest reading it all.
QCA Best WiFi Settings
Some dd-wrt wiki pages are up to date, others are not. PM me if you find an old one.
Atheros:
Netgear R7800 x3 - WDS AP / station, gateway, QoS
TP-Link Archer C7 v2 x2 - WDS Station
TP-Link TL-WDR3600 v1 - WDS Station
TP-Link 841nd v8 - NU
D-Link 615 C1/E3/I1 x 7 - 1 WDS station
D-Link 825 B1 - NU
D-Link 862L A1 x2 - WDS Station
Netgear WNDR3700v2 - NU
UBNT loco M2 x2 - airOS
Broadcom
Linksys EA6400 - Gateway, QoS
Asus N66U - AP
Netgear WNDR3700v3 - not used
MediaTek
UBNT EdgeRouter X - switch
VLANs are not true security though, no one has to honor that flag. But it would keep traffic separate, which is maybe what you want to do.
If you truely want security, get another router and connect in a "Y" configuration, then you are totally isolated, then you have a whole separate LAN for your protected devices.
But to work with the constraints that you have given, VLANs if supported are the way to go.
VLAN taggin, can't seem to find the wiki at the moment. I do know it is the info on this page on the router though: Setup->Networking->VLAN Tagging _________________ Before asking a question on the forums, update dd-wrt: Where do I download firmware? I suggest reading it all.
QCA Best WiFi Settings
Some dd-wrt wiki pages are up to date, others are not. PM me if you find an old one.
Atheros:
Netgear R7800 x3 - WDS AP / station, gateway, QoS
TP-Link Archer C7 v2 x2 - WDS Station
TP-Link TL-WDR3600 v1 - WDS Station
TP-Link 841nd v8 - NU
D-Link 615 C1/E3/I1 x 7 - 1 WDS station
D-Link 825 B1 - NU
D-Link 862L A1 x2 - WDS Station
Netgear WNDR3700v2 - NU
UBNT loco M2 x2 - airOS
Broadcom
Linksys EA6400 - Gateway, QoS
Asus N66U - AP
Netgear WNDR3700v3 - not used
MediaTek
UBNT EdgeRouter X - switch
VLANs are not true security though, no one has to honor that flag. But it would keep traffic separate, which is maybe what you want to do.
If you truely want security, get another router and connect in a "Y" configuration, then you are totally isolated, then you have a whole separate LAN for your protected devices.
But to work with the constraints that you have given, VLANs if supported are the way to go.
This was my answer! Thank you. I had 2 routers, I just had the order backwards. Your post gave me the right words to research and I'm all set up now. Simple and effective. Thanks!