Is it possible to configure the ER-X to allow devices on one VLAN to access devices on another but not the other way around?
I'm trying to set up my network so my various IoT / smart devices are as isolated as possible. I think this is possible, but would appreciate a second pair of eyes.
WAN (Virgin Media SuperHub3 in Modem Mode)
|
|-0 ER-X (Acting as DHCP server)
|
|-1 Basic unmanaged switch for trusted devices
| |-UBI AC Pro (5GHz WiFi)
|
|-2 Basic switch for Internet only devices
|
|-3 UBI AP (2.4GHz WiFi separate network for IoT)
So far so good, right? This is where it gets a bit complicated. I'm a bit paranoid and don't trust the manufacturers of Internet connected kit. So I think I want the following VLANs.
- Trusted devices. My laptop, servers, etc. Connecting to the Internet and each other.
- Internet only devices. My Xbox & PS4 need net access - but they don't need to connect to anything else, and nothing needs to connect to them.
- IoT devices. My WiFi security cameras need access to the Internet. I also need to connect to them from (1). For example, I want my tablet on (1) to be able to connect to my lightbulb on (3). I don't want the lightbulb to be able to connect to my server - or anything else on (3). (And, yes, I realise how ridiculous this is!)
Is this configuration impossible?
I'm assuming (1) and (2) are trivial. Can I configure devices on (3) to be reachable from (1) and be isolated from each other?
Hope that makes sense!
