10
Votes

Better access control: Blocking devices from accessing the Internet -- but not the local network

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
 
10
Votes

Better access control: Blocking devices from accessing the Internet -- but not the local network

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Better access control: Blocking devices from accessing the Internet -- but not the local network
Better access control: Blocking devices from accessing the Internet -- but not the local network
2022-12-30 20:18:43
Model: Archer AX50  
Hardware Version: V1
Firmware Version: 1.0.11 Build 20210730 rel.54485(4555)

Hello there!

 

I'm having an issue regarding blocking my devices from the internet, while keeping them on the local network. I wrote a forum post here, and got the advice to file a feature request here. So here it is.

 

Here's the thing: like so many people I have devices in my network that are old, not updated anymore and untrustworthy, but that I do want to keep using. For example, my printer, my IP cameras, some LED controllers for lights and an old Android tablet. All of these things do NOT need Internet access to be useful, and I would really prefer to keep them off the open Internet for obvious security reasons. But I do need them to be able to access or be accessible on the local network. My IP cameras and LED lights communicate with my NAS, my printer and the Android tablet communicate with other computers in the network, et cetera.

 

I was fully expecting this to be a no-brainer, and to be able to set up a VLAN or an access control list or something with a few clicks in the web interface of my not-very-old Archer AX50 router.

 

However:

  • Using "Access Control" under "Security" only allows to block clients from using the network entirely, and gives no option to allow traffic to flow on the local network. I really don't see the point of this feature at all for a home and small business router, if that's all it can do. I have control over the devices in my network, and I can usually just disconnect them client side. If this allowed for more fine-grained routing control, it could be super useful though!
  • Setting up a group of devices using "Parental controls" only seems to be doing anything on the DNS or HTTP layer..? I have "paused" Internet access on a group with my test device, but the device is still able to ping Google. Using parental controls for this application was suggested in this thread, but as evidenced by this thread and my own experience it doesn't really block Internet traffic, so my devices are still very much not safe from hacking attempts.

 

A quick search on these forums found many other people looking for a similar solution, but I've left my review of those search results out of this feature request for brevity. See my original post for a more complete overview.

 

So I'd really like to see this feature in your firmwares! Having a separate "block WAN access" and "block LAN access" under "Access control" would make much more sense in my opinion, and would solve this issue. Seeing as people get more and more outdated devices in their networks, I can only see the need for something like this grow in the years to come.

 

If people are currently trying to "secure" their network with parental controls -- that don't really block network connections -- then that's just downright a security vulnerability. I'm sure you'll all agree with that assessment and I'm sure we can do better! 

#1
Options
3 Reply
RE:Better access control: Blocking devices from accessing the Internet -- but not the local network
2023-01-21 10:33:56
I have the Archer C50 and need the same feature.
#2
Options
RE:Better access control: Blocking devices from accessing the Internet -- but not the local network
2023-04-11 10:01:35
That would be very useful.
#3
Options
RE:Better access control: Blocking devices from accessing the Internet -- but not the local network
2023-04-29 19:03:26
100% need this.
#4
Options