Business Community > Routers > Trying to ban VLAN from other Vlans
< Routers

Trying to ban VLAN from other Vlans

Trying to ban VLAN from other Vlans

Trying to ban VLAN from other Vlans
Trying to ban VLAN from other Vlans
3 weeks ago - last edited 2 weeks ago
Tags: #Firewall #VLAN & Multi-Networks
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.6 Build 20240718 Rel.82712

I am running a ER605 WITHOUT Omada Controller. So I am using the interface on board for the router. 

 

I have create my vlans and everything is working fine. 

 

I am trying to block traffic from each vlan. 

 

I assume I do by creating an IP group

 

Than using Firewall Access Contorl. 

 

If I have 4 Vlans do I have to enter in 3 blocks for each vlan ? 

 

Isnt there an easier way to block traffic between Vlans ? 

 

 

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:Trying to ban VLAN from other Vlans-Solution
2 weeks ago - last edited 2 weeks ago

Hi @johngalt 

Thanks for posting in our business forum.

This is how VLAN works.

It is already pretty easy that you can select the type as network and they show other VLAN interfaces.

Not sure what an easier way you are looking for. Or what you mean.

 

This is also not granular as some others complained we did not be as granular as possible.

You can pick up a source/destination which your created VLAN interface will be displayed in the list.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#2
Options
4 Reply
Re:Trying to ban VLAN from other Vlans-Solution
2 weeks ago - last edited 2 weeks ago

Hi @johngalt 

Thanks for posting in our business forum.

This is how VLAN works.

It is already pretty easy that you can select the type as network and they show other VLAN interfaces.

Not sure what an easier way you are looking for. Or what you mean.

 

This is also not granular as some others complained we did not be as granular as possible.

You can pick up a source/destination which your created VLAN interface will be displayed in the list.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#2
Options
Re:Trying to ban VLAN from other Vlans
2 weeks ago - last edited 2 weeks ago

  @johngalt 

 

I have created my Vlans and all is well. I see the network traffic under status and things seem to work. All IP address are being assigned to the correct devices etc. If I log into vlan1 and ping to vlan2 I am able to reach vlan 2. 

 

KEEP IN MIND I DO NOT HAVE THE OMADA controller. I am doing this from the router itself. 

 

I set up Firewall Acces Control Rules and it looks like this has worked to stop the traffic between the vlans. 

 

I have 2 custom Vlans

 

Vlan 1 which is my main network. 

Vlan 2 with is my cameras

Vlan 3 Mixing Audio

 

I had to create a total of four rules: 

 

Vlan2 Block Vlan 3

Vlan 3 Block Vlan 2

Vlan 2 Block Vlan1

Vlan 3 Block Vlan 1

 

Now I am trying to ban WAN from vlans. For example I dont want my Security Cameras reaching out to the internet or vice versa. 

 

When I go to Rules I select Direction LAn > WAN

 

Source I select my Vlan and now I have no clue what to pick for destination.  I would have assumed to see WAN listed. 

 

AmI doing this correctly ? 

 

 

  0  
  0  
#3
Options
Re:Trying to ban VLAN from other Vlans
2 weeks ago

Hi @johngalt 

Thanks for posting in our business forum.

johngalt wrote

  @johngalt 

 

I have created my Vlans and all is well. I see the network traffic under status and things seem to work. All IP address are being assigned to the correct devices etc. If I log into vlan1 and ping to vlan2 I am able to reach vlan 2. 

 

KEEP IN MIND I DO NOT HAVE THE OMADA controller. I am doing this from the router itself. 

 

I set up Firewall Acces Control Rules and it looks like this has worked to stop the traffic between the vlans. 

 

I have 2 custom Vlans

 

Vlan 1 which is my main network. 

Vlan 2 with is my cameras

Vlan 3 Mixing Audio

 

I had to create a total of four rules: 

 

Vlan2 Block Vlan 3

Vlan 3 Block Vlan 2

Vlan 2 Block Vlan1

Vlan 3 Block Vlan 1

 

Now I am trying to ban WAN from vlans. For example I dont want my Security Cameras reaching out to the internet or vice versa. 

 

When I go to Rules I select Direction LAn > WAN

 

Source I select my Vlan and now I have no clue what to pick for destination.  I would have assumed to see WAN listed. 

 

AmI doing this correctly ? 

 

 

Correct.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#4
Options
Re:Trying to ban VLAN from other Vlans
2 weeks ago - last edited 2 weeks ago

  @johngalt 

 

From a security stand point I turned off LAN and WAN access to my security cameras. Is there a way to turn off all traffic but allow a single application to have access ? My camera system uses a DDNS service that allows me to get camera footage while I am away from home. 

 

Is there a way to allow network traffic out to the interent and not the reverse ? 

 

Just trying to figure out the best possible way to secure Vlans. 

 

 

Also I blocked my traffic in my VLAN by Blocking all Direction and using destination IPGROUP_ANY. That was a single entry and it blocked everything. No need to create mutiple entires for each Vlan to and from each other. 

  0  
  0  
#5
Options

Information

Helpful: 0

Views: 161

Replies: 4

Tags

Firewall VLAN & Multi-Networks
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.