ER605 ACL Setup - Help Please

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605 ACL Setup - Help Please

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605 ACL Setup - Help Please
ER605 ACL Setup - Help Please
2023-12-25 22:27:26 - last edited 2023-12-27 18:32:00
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: v.2.2.3

Hi All !

 

I'm trying to separate my Home IOT devices from the other sensitive things on the LAN. 

I have two Wifi routers attached to the LAN unfortunately non of them can handle VLANs so I had to come up with something different. 

 

What I did is that I have arranged the trusted devices DHCP to a certain range within  the DHCP + Static pool  this is from .189 - .254       and the NON Trusted are in the .2 - .188  range. Simply DHCP Address reserved based on Mac Address. 

 

So okay I thought let's make two IP groups  NoAccesstoLAN  this is the .2 - .188 range  and then AccesstoLAN group  which is the .189 - .254 range. 

 

in the ER605 I have created an ACL to BLOCK traffic with Source NoAccesstoLAN and Desitnation AccessToLAN (See the screenshot below)

 

To test it I have given to my own laptop ip address .185 which is falling into the NoAccesstoLAN range, but still I can reach resources in the AccesstoLAN range, therefore the below ACL is not working.   

 

What am I doing wrong ?  Or happy to hear some other ideas how to make this work using some different logic. 

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:ER605 ACL Setup - Help Please-Solution
2023-12-27 18:31:42 - last edited 2023-12-27 18:32:00

  @Clive_A 

 

 

Well, if I choose LAN to LAN (which would be the obvious choice) then I can choose inly Networks as source and destinations, and since I have only one LAN, one VLAN then it's useless for me in this situation. 

 

It's clear for me now that there is no good solution for this until I get such Wifi routerts which can handle VLANs and then I'll create a Separate VLAN for the IOT devices and then I can apply the correct ACL. 

 

But thx for brainstorming on this. 

Recommended Solution
  1  
  1  
#4
Options
3 Reply
Re:ER605 ACL Setup - Help Please
2023-12-25 22:36:19

Hmm !

 

I was just thinking that all this traffic I mentioned above is happening on Layer 2, and I guess the ACL works on Layer 3 only ? 

 

Can someone please confirm that this is the problem. 

 

If yes how to solve this problem ?  Buy Wifi routers which can handle VLANs ? 

  0  
  0  
#2
Options
Re:ER605 ACL Setup - Help Please
2023-12-26 02:26:48

Hi @MonsterVic 

Thanks for posting in our business forum.

Direction should be LAN to LAN. Not ALL.

Or get a switch and set up the SW ACL like this:

Or separate them in different VLAN interfaces.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#3
Options
Re:ER605 ACL Setup - Help Please-Solution
2023-12-27 18:31:42 - last edited 2023-12-27 18:32:00

  @Clive_A 

 

 

Well, if I choose LAN to LAN (which would be the obvious choice) then I can choose inly Networks as source and destinations, and since I have only one LAN, one VLAN then it's useless for me in this situation. 

 

It's clear for me now that there is no good solution for this until I get such Wifi routerts which can handle VLANs and then I'll create a Separate VLAN for the IOT devices and then I can apply the correct ACL. 

 

But thx for brainstorming on this. 

Recommended Solution
  1  
  1  
#4
Options