Hi guys, guru, network and problem-solving lovers!
I am requesting your help and wisdom here
I know this question is mostly about topology but my devices are mostly using Asus-merlin and I believe the solution to my questions could be solved using the firmware.
My situation is as follows: due to our ISP inability (or unwillingness) to connect our house to their service, I have to share my Internet connection with my in-laws (house next door).
1. Current topology
2. Current equipment:
- Virgin Media router -> set in modem mode
- AC86U (Asus merlin) -> set in router mode
- AC68U (Asus merlin) -> set in AP mode
- Netgear JGS524Ev2
- TP-Link TL-SG1005P PoE
- 2 houses connected with a CAT6A cable.
3. We have a mix of devices:
- laptops using WiFi
- desktops using Ethernet connections
- phones
- cameras using PoE connections
- IoT devices using both WiFi and Ethernet connections
- cheap Android TV box
Challenges:
1. The yellow area is a catastrophe waiting to happen and cannot be truly managed.
My in-laws are your regular old internet users. They won't an antivirus, use cheap dodgy Chinese IoT devices, a cheap Chinese Android TV box (that was blocked by Skynet) and they share the WiFi password with anyone visiting the house.
2. The blue area is my area.
The AC86U is connected to the Netgear JGS524Ev2 (smart-managed switch).
One of the port is connected to my AC68U router set in AP mode to provide WiFi in my house and one of the port is connected to the TP-Link TL-SG1005P PoE (used for the security cameras).
There are 2 main WiFi network, and 2 guests networks (one for the kid and one for the guests visiting my house).
Hopes and dreams:
1. To isolate the yellow and blue area.
There is no need to ever have any interaction between both areas.
Unfortunately. the cheap Android TV box is connected to the AC86U so I cannot isolate the yellow area by creating a WiFi guest network using YazFi.
2. The blue area has some IoT devices that does not/should not be interacting with the other devices of the network so let's isolate them.
Unfortunately, these devices are using a mix of WiFi and Ethernet connection so I cannot rely on YazFi.
3. Using FreshJRQoS to handle the QoS.
I thought about using IP ranges or subnets to set the rules there such as IoT with lower priority for example.
Current situation:
I am stuck
- I thought about using virtual LANs.
The Netgear JGS524Ev2 handle them but it looks like the AC86U does not.
I could have created:
- one VLAN for the yellow area
- one for the IoT in the blue area
- one for some more secured devices on my network
- and one for the kid devices
- I thought about creating subnets:
- one yellow area (default one)
- one for each of the guest WiFi on the AC68U
- one for the devices of the TP-Link TL-SG1005P
Unfortunately, I realised that I didn't know how to do that one with the AC86U being the DHCP server. :-(
- Is another option to use IPTables after manually assigning an IP with the DHCP server?
I don't believe this is possible for traffic on the same network interface.
I know it is a long post and there are many solutions but I am looking for solutions with the devices I already own if possible!
Any ideas? suggestions?
I am requesting your help and wisdom here
I know this question is mostly about topology but my devices are mostly using Asus-merlin and I believe the solution to my questions could be solved using the firmware.
My situation is as follows: due to our ISP inability (or unwillingness) to connect our house to their service, I have to share my Internet connection with my in-laws (house next door).
1. Current topology
2. Current equipment:
- Virgin Media router -> set in modem mode
- AC86U (Asus merlin) -> set in router mode
- AC68U (Asus merlin) -> set in AP mode
- Netgear JGS524Ev2
- TP-Link TL-SG1005P PoE
- 2 houses connected with a CAT6A cable.
3. We have a mix of devices:
- laptops using WiFi
- desktops using Ethernet connections
- phones
- cameras using PoE connections
- IoT devices using both WiFi and Ethernet connections
- cheap Android TV box
Challenges:
1. The yellow area is a catastrophe waiting to happen and cannot be truly managed.
My in-laws are your regular old internet users. They won't an antivirus, use cheap dodgy Chinese IoT devices, a cheap Chinese Android TV box (that was blocked by Skynet) and they share the WiFi password with anyone visiting the house.
2. The blue area is my area.
The AC86U is connected to the Netgear JGS524Ev2 (smart-managed switch).
One of the port is connected to my AC68U router set in AP mode to provide WiFi in my house and one of the port is connected to the TP-Link TL-SG1005P PoE (used for the security cameras).
There are 2 main WiFi network, and 2 guests networks (one for the kid and one for the guests visiting my house).
Hopes and dreams:
1. To isolate the yellow and blue area.
There is no need to ever have any interaction between both areas.
Unfortunately. the cheap Android TV box is connected to the AC86U so I cannot isolate the yellow area by creating a WiFi guest network using YazFi.
2. The blue area has some IoT devices that does not/should not be interacting with the other devices of the network so let's isolate them.
Unfortunately, these devices are using a mix of WiFi and Ethernet connection so I cannot rely on YazFi.
3. Using FreshJRQoS to handle the QoS.
I thought about using IP ranges or subnets to set the rules there such as IoT with lower priority for example.
Current situation:
I am stuck
- I thought about using virtual LANs.
The Netgear JGS524Ev2 handle them but it looks like the AC86U does not.
I could have created:
- one VLAN for the yellow area
- one for the IoT in the blue area
- one for some more secured devices on my network
- and one for the kid devices
- I thought about creating subnets:
- one yellow area (default one)
- one for each of the guest WiFi on the AC68U
- one for the devices of the TP-Link TL-SG1005P
Unfortunately, I realised that I didn't know how to do that one with the AC86U being the DHCP server. :-(
- Is another option to use IPTables after manually assigning an IP with the DHCP server?
I don't believe this is possible for traffic on the same network interface.
I know it is a long post and there are many solutions but I am looking for solutions with the devices I already own if possible!
Any ideas? suggestions?
Last edited:
