Preventing wired device from accessing LAN devices (Guest mode for Wired)

[armedmetallica]

I need to let a vendor place a device on my network. It is wired in via LAN. I want to ensure that this device cannot access any devices inside my LAN.

Sort of like a guest WLAN.. Is that possible?

For what it us worth, this is a SolarCity device that sends data back to their servers.

The only way I can think of is getting another router that can act as a client bridge, and have that connect to a guest WLAN. Seems cumbersome, but might work.

Or double NAT and setup another router/device. Im hoping to use some of the advanced power of Merlins buld to avoid additional hardware.

Asus RT-N66U

 

[sinshiva]

you could use robocfg to move a physical port to another vlan, use vconfig to create the vlan sub/virtual interface, then use brctl to keep it bridged, then use ebtables to filter access between the new vlan and the rest of the bridge.