Isolate IOT LAN PORT

Question

I need three separate LANs&nbsp;&nbsp;Will hardwire satellite to router using LAN port 1.&nbsp;1) Need to isolate my Ethernet only Solar panel inverter on an IoT LAN at the Router level that cannot access anything else on my network. Will hook in wireless TV to this LAN.&nbsp;Looking at the manual I need to add an LAN port to the IoT VLAN profile correct?&nbsp;&nbsp;2) set up a "family"&nbsp; WLAN for family stuff.&nbsp; Desirable to have LAN on Router and satellite&nbsp;3) Will use the Administrative VLAN and LAN port 2 on Satellite for most secure, financial internet stuff.&nbsp;Out of the box, all of the LAN ports are on VLAN1, correct?&nbsp;Is it the case that out of the box the IoT wireless cannot access the Administrative LAN?Is this also true of "employee"&nbsp;It looks like from page 233 of manual there is a suggested setup than will work, if I put solar inverter and TVs in "Guest" network but I need the Guest LAN port to be on the router, bot the Satellite&nbsp;If I follow these directions ( which set up satellite IoT LAN port, will it also map to Router?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

schumaku · Answer

Appears there is (a lot) of confusion. Why do you think about putting (wired) or wireless TVs on that network?
&nbsp;
Is there any IPTV (like live TV) available on your ISP network? What else do you have in mind to be operated on your IoT subnet?
&nbsp;
Technically, you have four VLAN, IP subnets, and SSIDs available. Don't worry to much about the default which allows to have the first VLAN predefined for simplicity.
&nbsp;
What is the projected total Internet bandwidth to start with, how much Internet bandwidth you intend to have available, and how much total Internet bandwidth is available possibly from your ISP?

FCP333 · Answer

We don't have IPTV, just basic cable and internet. Xfinity box is connected via wifi. We could use coax, but wifi works fine.

We don't need a lot of bandwidth. We do fine with 150 Mbps or less. I can't see paying for speeds we don't need. $130 a month is already too much

I currently have two routers with "double NAT " with the financial computer behind the second one, but because the family wireless is on the first router with everything, including the solar inverter goes through that, creating security concerns.

I want all the IoT devices ( Solar Panel inverter, TV box, Roku) on it's own isolated network for security reasons. I can find nothing out about the security of the inverter company and the only way to monitor it is to hook it up to the internet.

Inverter requires an Ethernet connection.

So I think what I need to do is use the IoT VLAN 30 for those devices and assign the Router LAN port 3 or 4 to IoT and also change the port mode to Access

Hard wire the Satellite to Router ( in basement) through LAN port 1

Use Satellite LAN 2 for financial computer in loft with separate Wifi ( which I have now)

Use "employee" VLAN for family stuff

If I need an LAN in loft here will assign the Satellite LAN 3 to Family

Am I correct in assuming that the LAN ports on Router and Satellite are totally separate and LAN port 3 can be assigned to IoT on Router but to "Family " on Satellite?

Continue client and network isolation for IoT but disable client isolation for Family.

Am I also correct that Administrator network can access all other networks even if on isolation?

Will use mDNS to share printer on Family LAN Satellite port

Use

FCP333 · Answer

I set up my router LAN port 3 to VLAN3 for IoT devices, one of which has to be hardwired. I also connected the Satellite port 3 to VLAN3
&nbsp;
When I connect the Iot device ( A solar inverter)via Ethernet to LAN port 3, the IP Address in the attached devices list for the inverter is 192.168.1.103, indicating it is on the default VLAN1 network, not VLAN30. I have connected and reconnected several time with same results
&nbsp;
When I connect my laptop to the same LAN port 3&nbsp; ipcofig gives me IP address of 192.168.30.3, indicating it is on the VLAN30 network.
&nbsp;
The Iot device on the Satellite LAN port 3 has the correct 192.168.30.* address.
&nbsp;
Called technical support but they were too busy but will call back tomorrow

schumaku · Answer

Based on earlier incomplete posts in the&nbsp;Orbi Pro - WiFi For Small Business&nbsp;community section, based on some keywords used, one would assume we talk of some&nbsp;Orbi Pro WiFi 6 systems here.

FCP333 · Answer

I have successfully set up three VLANs and linked them to ports to isolate my IoT devices. The Roku and TV are wireless on Iot.A Verizon "Range extender" is Ethernet wired into IoT VLAN30 on Satellite successfully with correct ip address 192.168.30.25&nbsp;The solar inverter will not connect, although the Orbi "Attached devices" shows it intermittently, but with a 172.32.50.* ip address&nbsp;Contacting the inverter company, I discovered that they fixed the IP address when they installed it. They finally gave me instructions on how to change it so I will be able to set the IP address to 192.168.30.* and it should connect.&nbsp;I have another question though about mDNS, which I tried to set up to allow VLAN1 to use printer on VLAN20, but it will not work. Other people seem to have trouble getting this to work also.&nbsp;Does this set up a two way connection? In other words when it is functioning can devices on VLAN20 see devices on VLAN1 or is it just VLAN1 to VLAN20

Forum Discussion

Isolate IOT LAN PORT

5 Replies

Related Content

Orbi Pro 6 - IOT Client Isolation

Port Isolation vs Protected Ports

LAN PORT ISOLATION

Matter IOT

Netgear Nighthawk IOT Network?

NETGEAR Academy

ProSupport for Business