NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
SXK80: Allow Specific Client/s across VLAN
I have the SXK80 for my home since I really wanted the VLAN feature set and especially network isolation between my main LAN and IoT.
I know in the settings I can disable network isolation completely for all devices. I was just wondering though if this could be done for a client/s.
My use case which a lot of people probably run into is I keep my phone on the main LAN. Since I do this there is a small delay in IoT updates and commands since everything must go to the cloud and back down into my IoT VLAN. If my phone is on the IoT VLAN everything is nice and snappy. It's not a huge deal but I would love to know if I could take the cloud out of the equation and open up a cross VLAN path for bidirectional traffic for my phone.
BruceGuo it's actually pretty amazing. From my tests, I can keep network isolation on for the source vlan and access still works. Further, the gateway is doing single direction resolution. In the past, I've tried to use the avahi gateway but ran into issues with it essentially echoing back to hosts their own name which causes Apple produces to change their name to "some device (123)" and on macOS display a dialogue about the name being taken. This resolves that.
So, it looks like the gateway is discovering devices according to the Shared Service Type, creates iptables prererouting/redirect rules, and then relaying the broadcast? This is far better than what was done before and I'm impressed.
The only thing I'd ask to change is that the dropdown for services is someone restrictive. AFP is dying, AirPlay and Chromecast are good as are scanners and printing, but there should be a middle ground before hitting "All Services". For example, HomeKit is missing which is probably the second most used behind AirPlay/Chromecast. I would suggest giving people a custom option to add something like "_scanner._tcp", "_sonos._tcp", or whatever else.
Anyways, tomorrow I'll finally move my IoT devices off to their own VLAN and begin long term testing.
Once again, great work and thanks BruceGuo
15 Replies
IIRC, this was discussed here a few months back. In order to do this, mDNS support is required. Apparently a beta was created that included mDNS support, but it was never actually included in a production build.
Should anyone care, I would also like this facility.
My Bad. I had searched and didn't see anything that matched my question 100%. Must have missed it.
Thanks for filling me in.Hi
Can you check if this firmware works for your need? (by default, it allows mDNS traffic across subnets). 1 user replied it works.
Thanks
Bruce
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
