porqchopexpress

joined 1 year ago
 

Noob here. I have new Omada gear (router and switch). What's the point of setting up just a VLAN if you can't assign a separate subnet to it and create ACLs? With a VLAN Interface, all of that's possible.

[โ€“] [email protected] 1 points 1 year ago (1 children)

It doesn't. In fact, Merlin removes any VLAN capability. I ended up returning my Asus router and going all in with TP-Link Omada hardware and I can do everything I want and more.

[โ€“] [email protected] 1 points 1 year ago

Were those wires connected to tin cans?

 

I've been diving into my recently purchased Asus router with VLAN capability, but I'm quickly realizing that I can't create VLANs and allow traffic between them. I can create Wifi networks on separate subnets, and I can assign ports as Access or Trunk ports. I've created an Access port, which then assigns it it's own subnet, but I can't allow access to that subnet from, for example, my PC on the main LAN.

What am I missing? Do I need a managed switched (in addition to a VLAN-capable router) in order to take advantage of allowing specific access between VLANs?

 

I'm a total networking noob but need help.

I have an NVR with PoE ports with which I'll be connecting wired security cameras. I have an Asus RT-AX88U Pro with VLANing capability. I want to strike a balance between security and usability. My proposed outcome is this:

Have NVR on separate VLAN/subnet from trusted network, where my desktop PC sits. Cameras will plug into NVR get their own NAT'd IPs. I want block internet access from NVR except for certain ports/protocols to allow remote access from mobile app, and to get notifications/camera alerts. I then want ONLY my PC from the trusted network to be able to access the web UI on the NVR.

First, do I create a static route to allow ONLY my PC access to the NVR/camera subnet?

Second, do I use the Network Services Filter feature to allow outbound traffic from the NVR to the Internet to allow mobile remote access, or just enable P2P? My thought is to isolate the NVR from my trusted network so that I can make remote access more convenient as opposed to requiring a VPN.

Help appreciated. Thanks.