Knowledge Base Secured Admin, Home, IoT, Cameras and Guest VLAN using Gateway ACL
Hey everyone,
This applies to ER-7206 at the time of writing and testing. ER-605 v2 is supposed to support it as well as the beta firmware for ER-605 v1 but I have not tested it there.
Prior to v1.2.3 ER-7206 Firmware, I rely mostly on Switch ACLs but with the latest firmware, I am able to transition my Switch ACLs to Gateway ACLs.
I attached a diagram of the network and a table with how each VLAN functions:
* Admin - this is the Native/Default VLAN 1. Access to all VLANs
* Home - Access to all except Admin VLAN
* Guest - Access to Internet only, no access to same-VLAN devices. Wireless ONLY
* Cameras - Access to same-VLAN devices only, no Internet
* IoT - Access to same-VLAN devices with Internet
I also have a full-length video full-length video (long one) that shows this, including all the tests I did. It is Part 12 of the video.
ACLs:
For Guests, make sure the Guest Network check box for Wifi is checked
- Deny Home to Admin
Direction: LAN > LAN
Policy: Deny
Protocols: All
Source > Network > Home
Destination > Network > Admin
- Deny Camera to Internet
Direction: LAN > WAN
Policy: Deny
Protocols: All
Source > Network > Camera
Destination > IP Group > IPGroup_Any
- Deny Camera to All
Direction: LAN > LAN
Policy: Deny
Protocols: All
Source > Network > Camera
Destination > Network > Admin
Destination > Network > Home
Destination > Network > Guest
Destination > Network > IoT
- Deny IoT to All
Direction: LAN > LAN
Policy: Deny
Protocols: All
Source > Network > IoT
Destination > Network > Admin
Destination > Network > Home
Destination > Network > Guest
Destination > Network > Cameras