DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Vigor 2865ac access control list!
- arrudac30
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
12 May 2023 00:54 #102481
by arrudac30
Vigor 2865ac access control list! was created by arrudac30
Hi everyone.
I have created VLANS for my household envirenment, given that there are quite a few diferent equipment, like cctv, pc's, and IOT's.
Now, my IoT's, like for example my bedside table lenovo radio/alarm/clock. When I want to youtube music from my phone to this IoT device, I am having to, at the moment, to get out of the current wifi that my phone is connected to, and connect to the same VLAN (wireless) that my IoT device is on. Only then can I connect youtube music to that device.
Now, is there a way that I can creat an access control list to allow my mobile phone (mac binding IP, so always the same IP) and allow it to acess that IoT device (also mac binding)? I could always do inter-vlan routing but i'd rather limit the amount of devices that can communicate with each other.
I could do this about 10 years ago wheh I used to do Cisco, but on the command line, never on a UGI.
I am quite new to Draytek routers but so far I am loving it.
Any help would be much appreciated.
Thanks everyone.
Albert
I have created VLANS for my household envirenment, given that there are quite a few diferent equipment, like cctv, pc's, and IOT's.
Now, my IoT's, like for example my bedside table lenovo radio/alarm/clock. When I want to youtube music from my phone to this IoT device, I am having to, at the moment, to get out of the current wifi that my phone is connected to, and connect to the same VLAN (wireless) that my IoT device is on. Only then can I connect youtube music to that device.
Now, is there a way that I can creat an access control list to allow my mobile phone (mac binding IP, so always the same IP) and allow it to acess that IoT device (also mac binding)? I could always do inter-vlan routing but i'd rather limit the amount of devices that can communicate with each other.
I could do this about 10 years ago wheh I used to do Cisco, but on the command line, never on a UGI.
I am quite new to Draytek routers but so far I am loving it.
Any help would be much appreciated.
Thanks everyone.
Albert
Please Log in or Create an account to join the conversation.
- piste basher
- Offline
- Big Contributor
Less
More
- Posts: 1199
- Thank you received: 9
12 May 2023 13:27 #102483
by piste basher
Replied by piste basher on topic Re: Vigor 2865ac access control list!
I don't think your Access Control approach can work because as far as the router is concerned there is no connection between the LANS.
Perhaps you could allow Inter-LAN routing but set a firewall rule to block everything but that one IP? I'm not sure at what "level" the firewall operates so I don't know how feasible this is but maybe worth a try?
Perhaps you could allow Inter-LAN routing but set a firewall rule to block everything but that one IP? I'm not sure at what "level" the firewall operates so I don't know how feasible this is but maybe worth a try?
Please Log in or Create an account to join the conversation.
- arrudac30
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
12 May 2023 16:00 #102484
by arrudac30
Replied by arrudac30 on topic Re: Vigor 2865ac access control list!
Thank you. I will have a try. Thanks for you sugestion.
Please Log in or Create an account to join the conversation.
- arrudac30
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
12 May 2023 17:11 #102486
by arrudac30
Replied by arrudac30 on topic Re: Vigor 2865ac access control list!
Hi.
After cross VLAN routing I can now ping the devices but they won't show on the mobile phone VLAN.
More so i can specify a rule on the firewall to allow traffic to passthrough from mobile (VLAN1) 192.168.1.4 to Alarm clock (VLAN3) 192.168.3.1, and the firewall diagnose will pick this up as either an established rule or default. I can even block it and the diagnose feature shows it working to that effect, yet I can't connect to any of them IoT devices as they won't show.
This is cracking me up but I'll keep pushing.
Thanks
After cross VLAN routing I can now ping the devices but they won't show on the mobile phone VLAN.
More so i can specify a rule on the firewall to allow traffic to passthrough from mobile (VLAN1) 192.168.1.4 to Alarm clock (VLAN3) 192.168.3.1, and the firewall diagnose will pick this up as either an established rule or default. I can even block it and the diagnose feature shows it working to that effect, yet I can't connect to any of them IoT devices as they won't show.
This is cracking me up but I'll keep pushing.
Thanks
Please Log in or Create an account to join the conversation.
- arrudac30
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
12 May 2023 17:29 #102487
by arrudac30
Replied by arrudac30 on topic Re: Vigor 2865ac access control list!
Hi all.
I have just found this article. Will give it a go.
https://baihuqian.github.io/2020-12-13-secure-home-network-using-chromecast-across-vlans/
Thanks
I have just found this article. Will give it a go.
Thanks
Please Log in or Create an account to join the conversation.
- arrudac30
- Topic Author
- Offline
- New Member
Less
More
- Posts: 9
- Thank you received: 0
31 May 2023 23:42 #102533
by arrudac30
Replied by arrudac30 on topic Re: Vigor 2865ac access control list!
Hi all.
I have done inter-lan routing and I can't still send music from my mobile phone (VLAN1) to my IoT (VLAN2).
Now I can ping the IoT device from VLAN1 PC no problem.
It still only works if my mobile phone is on the same VLAN as the IoT.
Any pointers much appreciated.
Thanks
Albert
I have done inter-lan routing and I can't still send music from my mobile phone (VLAN1) to my IoT (VLAN2).
Now I can ping the IoT device from VLAN1 PC no problem.
It still only works if my mobile phone is on the same VLAN as the IoT.
Any pointers much appreciated.
Thanks
Albert
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek