ER605 Standalone network segregation

ER605 Standalone network segregation

ER605 Standalone network segregation
ER605 Standalone network segregation
2024-05-06 20:45:34 - last edited 2024-05-06 22:29:13
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.1.1 build 20210723

Hello.

 

I work from home, and in the fine print, I apparently agreed that my employer can feel free to browse my home network at will. I don't think they are actually doing anything like that, but they have the ability to and I signed a piece of paper giving them permission to.

 

As a temporary stopgap, their Cisco VPN router is currently plugged into a Raspberry Pi running OpenWRT and it is sharing its wi-fi as if it is the internet. When I plug my laptop into the pi's ethernet port, I cannot ping, ssh, ftp, etc any computer on my home network. As far as I can tell with any network scanners I have played with, anything plugged into that port thinks that it is the only computer on the network, but it has internet access. So when I plug their VPN router in, it should see the same. While this works, it is a Raspberry Pi using it's wifi... Applications and web browsing work OK, but anything with bandwidth demands grinds and stutters and... just... no... It's a stop-gap solution.

I purchased the tp-link ER605 in hopes of solving for this, but no matter how much I play with it, I cannot recreate what the pi is doing without even trying.

 

I hope to have port 2 set up on it's own vlan 10.8.8.x while Port 3-5 are my home network and wifi routers with the home network handing out 10.0.0.x IPs.

 

AP -> port 1

Work Router -> port 2

Empty (for now) -> port 3

Empty (for now) -> port 4

Home router -> port 5


I have the ER605 handing out Ips to a vlan on port 2, but cannot seem to stop traffic between that vlan and my home network.
 

To simplify things and eliminate my home network being the issue I currently have laptops plugged into port 2 and 5 and nothing else plugged in.

 

The laptop on port 2 gets an IP 10.8.8.199

The laptop on port 5 gets an IP 192.168.0.123

 

I can ping and ssh into 192.168.0.123 from 10.8.8.199.

 

How do I stop this?

Is there a way to segregate the 10.8.8.x network from everything but the wan port? It needs internet, and nothing more. I don't need someone from my work controlling my IP security cams, printing on my 3D Printer, or browsing my personal NAS, especially that one folder... 

 

I need my work router to think it is the only reason I have internet and that there is nothing else on my network. The Pi is currently doing this, but it is painful to join a video call.

I have not used the Omada software, and hope to avoid using it if possible. Is there a rule or a setting I am missing in the standalone web app?

  0      
  0      
#1
Options
1 Accepted Solution
Re:ER605 Standalone network segregation-Solution
2024-05-06 22:29:07 - last edited 2024-05-06 22:29:13

  @Gabriel_8 Nevermind, all... I read this article and made it work.

http://www.tp-link.com/en/support/faq/3061/

 

 

Recommended Solution
  0  
  0  
#2
Options
1 Reply
Re:ER605 Standalone network segregation-Solution
2024-05-06 22:29:07 - last edited 2024-05-06 22:29:13

  @Gabriel_8 Nevermind, all... I read this article and made it work.

http://www.tp-link.com/en/support/faq/3061/

 

 

Recommended Solution
  0  
  0  
#2
Options