Configure management VLAN via Web GUI.

Configuring management VLAN on the Web GUI

 

My router information is as follows:

Model: ER605

Hardware Version: V2

Firmware Version: V2.1.2

 

Background:

I have just bought and configured the ER605.

I was previously using a Ubiquity ER-X and ER-Lite3.

I have set up the ports as follows:

Port 1: WAN

Port 2: lan1+vlan1 (192.168.0.1)

Port 3: lan2+vlan2 (10.0.2.1)

Port 4: lan2+vlan2 (10.0.2.1)

Port 5: lan2+vlan2 (10.0.2.1)

What I want to do is block all traffic from port 1 and ports 3-5 from accessing the configuration page.

The only port that can access the configuration page is port 2.

What I did on Ubiquity was blocking local traffic from ports 1-5 and create a rule to allow DNS and DHCP from those ports. I want to replicate the settings, after trying something on the Web GUI, I finally make it. Below is my configuration, hopefully you can learn something from it.

 

I have set up my VLANs as above.

Here, for the first rule, the source contains an IP group containing all the IP addresses of VLAN 1. The destination "Me" contains all interface IPs of VLANs.

The second rule is necessary, otherwise all clients would have lost Internet. Remember to select DNS as the service type.

I used to encrypt my DNS by configuring DOH and DOT. Then after configuring the rules, all my clients have no internet. At the end I remove the encryption, and they have Internet since.

 

Verification: When I connect my computer to any port from 3 to 5, I cannot access the router's web interface.