I’m using a MoCA adapter to wire an IoT device in a part of my home that is physically far from the router. For security reasons, I would like to isolate this device. Unfortunately, my router only has one port and the MoCA network is also used by devices which do need to access the upstream LAN network so I don’t believe VLAN is a possibility. The easiest way I can think of to isolate the device is to buy a secondary inexpensive router and configure that router so that any connected devices are unable to access the main upstream router/LAN. I was wondering if anyone knows of any cheaper solutions or solutions that would require less configuration but could accomplish the same thing.
2 Likes
Just found this managed switch which seems to have VLAN support and may be easier and cheaper than a router: MikroTik · RB260GS
Also this, though it only has one LAN port and I think I may want more: NanoPi R3S
You’re right on the money, just need a secondary LAN, whether it’s software-defined (VLAN) or hardware-based (2nd physical network)
Depending on bandwidth needs, any old phones, rpi’s, or laptops could get the job done. I recall seeing a few folk successfully install OpenWRT on old machines.
1 Like
The easiest way without headache - purchase router with OpenWRT. Like Gl.iNet.
And inside it’s firewall rules create zone, apply it for specific LAN port and add rule that forbidds forwarding between it and othe network
1 Like
I ended up going with the Netgear GS305E managed switch since it was only $20. It ended up being more complicated than I hoped to setup because the switch cannot create its own VLANs. Instead, it tags the data and forwards it to the router, which is responsible for actually managing the VLAN and doing the firewalling etc. The webui interface is also very unintuitive and it weirdly requires an app to scan for the webui ip address (fortunately the app supports linux with an appimage). But now that it’s set, I’m happy with it.
1 Like