How to isolate ER605 VLANs?
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
I set up the VLANS on this router, but it looks like they can see each other by default.
I need to Isolate them, and isolate the VLANs from seeing the Admin GUI.
How can I do this? I don't want to use the Omada software, can I do this with the GUI??
I would think there should be a "Guest VLAN" option, but I don't see anything like that. This router has so many options, I'm surprised it doesn't have such a basic one.
Thanks
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I have the same problem, look this https://community.tp-link.com/en/business/forum/topic/600612
- Copy Link
- Report Inappropriate Content
my solution
1. create my_custom_script in /tmp/userconfig/etc
2. chmod +x
3. add */3 * * * * /bin/sh /tmp/userconfig/etc/my_custom_script[.]sh to crontab -> /tmp/userconfig/etc/crontab
#!/bin/sh
if iptables -C INPUT -p tcp --dport 80 -s 192.168.10.0/24 -j DROP; then
echo "Exist";
else
echo "No Exist";
iptables -I INPUT -p tcp --dport 80 -s 192.168.10.0/24 -j DROP;
iptables -I INPUT -p tcp --dport 443 -s 192.168.10.0/24 -j DROP;
iptables -I INPUT -p tcp --dport 22 -s 192.168.10.0/24 -j DROP;
iptables -I INPUT -p tcp --dport 23 -s 192.168.10.0/24 -j DROP;
fi
- Copy Link
- Report Inappropriate Content
I useed ER8411 for two weeks and this router in standalone mode doesn't have a lot of options from expected for me. For example set keepAlive config for OpenVpn.
The only solution is connect by ssh and find some workarounds
- Copy Link
- Report Inappropriate Content
Thanks for all the info! I will try it. That's a decent solution, but TPLINK should have a simple checkbox for this. Looks like they could care less though.
I thought the firewall ACL could be used, someone said to block VLAN2-> !VLAN2 for example, but that would probably block internet too?
I found this in another thread: https://community.tp-link.com/en/business/forum/topic/250216?sortDir=ASC&page=2
I think it may apply for ER605 too..
- Copy Link
- Report Inappropriate Content
are you sure that tmp directory ok to put scripts in? Do you think it may get wiped out at some point?
- Copy Link
- Report Inappropriate Content
/tmp/userconfig/ - this folder have all user config, so when you backup your config from GUI and restore you notice that your file exists
- Copy Link
- Report Inappropriate Content
How did you enable SSH? I am unable to find a ssh option in the router's website. Maybe I need to upgrade firmware?
Also is it just me or are others having issues with this site? It keeps wanting to confirm I'm human.. I write a post, press submit, and I get kicked out completely, have to login all over again and prove I'm human. I've had to do this for every post, tplink is nuts.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Thanks. This gui is not very intuituve, I'm used to dd-wrt.
Now I'm facing another error.. looks like the firmware doesn't have a secure version of ssh. It's from 2022-02-11, so it should've been fairly up to date. Tried guides for allowing legacy ssh and it still won't work. Did you run into this too?
ssh 192.168.100.1
Unable to negotiate with 192.1.100.1
port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
- Copy Link
- Report Inappropriate Content
use this command
ssh -o KexAlgorithms=diffie-hellman-group1-sha1,diffie-hellman-group14-sha1 root@192.168.1.1
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2835
Replies: 24
Voters 0
No one has voted for it yet.