ER605 ACL Setup - Help Please
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hi All !
I'm trying to separate my Home IOT devices from the other sensitive things on the LAN.
I have two Wifi routers attached to the LAN unfortunately non of them can handle VLANs so I had to come up with something different.
What I did is that I have arranged the trusted devices DHCP to a certain range within the DHCP + Static pool this is from .189 - .254 and the NON Trusted are in the .2 - .188 range. Simply DHCP Address reserved based on Mac Address.
So okay I thought let's make two IP groups NoAccesstoLAN this is the .2 - .188 range and then AccesstoLAN group which is the .189 - .254 range.
in the ER605 I have created an ACL to BLOCK traffic with Source NoAccesstoLAN and Desitnation AccessToLAN (See the screenshot below)
To test it I have given to my own laptop ip address .185 which is falling into the NoAccesstoLAN range, but still I can reach resources in the AccesstoLAN range, therefore the below ACL is not working.
What am I doing wrong ? Or happy to hear some other ideas how to make this work using some different logic.
Hi @MonsterVic
Thanks for posting in our business forum.
Direction should be LAN to LAN. Not ALL.
Or get a switch and set up the SW ACL like this:
Or separate them in different VLAN interfaces.
