How do I isolated a wired device that can be connected at any point of the network

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

How do I isolated a wired device that can be connected at any point of the network

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
How do I isolated a wired device that can be connected at any point of the network
How do I isolated a wired device that can be connected at any point of the network
2023-05-22 02:52:21 - last edited 2023-08-09 03:58:58
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.3

I want to be able to isolate a device that has a wired connection to my Network. Would like to use VLANs but I can't restrict the ports to which I will connect the device.

I've tried using an ACL but I can't seem to set up a rule to restrict via a MAC Group.  Is there any other way to isolate the device.

  0      
  0      
#1
Options
1 Accepted Solution
Re:How do I isolated a wired device that can be connected at any point of the network-Solution
2023-06-12 10:44:21 - last edited 2023-08-09 03:58:58

  @RADEB Thanks for everyone's responses.  In the end I had to purchase a easy smart switch (SG105E V5) and use that to set up a Tagged VLAN for the device I wanted to isolated. I then used the ACL in the ER605 to control and isolate access to that device as it was on separate VLAN.

Recommended Solution
  0  
  0  
#7
Options
6 Reply
Re:How do I isolated a wired device that can be connected at any point of the network
2023-05-24 10:45:22
Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:How do I isolated a wired device that can be connected at any point of the network
2023-05-25 11:29:54

  @Virgo 

 

Thank you for your post.  Unfortunately, all the solutions mentioned involved setting up VLAN on a port basis or use the wireless guest function.  This does not help me as I need to isolate a wired device that can connect anywhere on the network and not on a specific VLAN on a particular port.

  0  
  0  
#3
Options
Re:How do I isolated a wired device that can be connected at any point of the network
2023-05-26 02:35:02

  @RADEB 

 

You can set the ACL based on the IP address, but you need to bind the IP address to the wired devices' Mac address like IP-Mac binding.

Just striving to develop myself while helping others.
  0  
  0  
#4
Options
Re:How do I isolated a wired device that can be connected at any point of the network
2023-05-26 19:59:50

  @RADEB 

 

Thank for this.  I tried but on the ER605, you can't set an ACL based on an IP Group or MAC Group.

  0  
  0  
#5
Options
Re:How do I isolated a wired device that can be connected at any point of the network
2023-05-27 12:05:02

  @RADEB 

 

You can actually set up an ACL using IP Groups. At least on Switch ACLs.

 

You could also set up an interface that is bound to all possible locations the wired device might connect to, bind an IP address to the device in the interface and create ACL's using that interface. That way you can isolate the device. I'm using IP Groups, Networks and IP Port Groups in all of my ACL's without any problem. Restricting access from wifi to wired for example but allowing the DNS-port to connect my PiHole to my wifi as well.

  0  
  0  
#6
Options
Re:How do I isolated a wired device that can be connected at any point of the network-Solution
2023-06-12 10:44:21 - last edited 2023-08-09 03:58:58

  @RADEB Thanks for everyone's responses.  In the end I had to purchase a easy smart switch (SG105E V5) and use that to set up a Tagged VLAN for the device I wanted to isolated. I then used the ACL in the ER605 to control and isolate access to that device as it was on separate VLAN.

Recommended Solution
  0  
  0  
#7
Options