I’ve got an Asus AC86U router running the latest ASUSWRT Merlin firmware. For my wireless, I have a setup using a tool called YazFi which creates a secondary (guest) SSID that is isolated with a one-way bridge from my main network. In other words, all devices can access devices on the guest SSID, but the guest devices can only access each other. The reason for this is, I run some IoT stuff at home, and those devices are notoriously insecure, so I’m at least trying to isolate them so they don’t become a vector to my main network.
However, I’ve also got a couple IoT hubs (Hue, Smartthings) that are hardwired via ethernet to the same router. How could I go about isolating these devices in a similar way? I have a rough idea, but could use some more direction.
I suppose the solution might involve setting the DHCP server on the router to assign IPs within a specific range to these devices by MAC address (that way the router controls which devices get isolated). So that might give me something like:
192.168.1.100-192.168.1.199: Regular DHCP IPs
192.168.1.200-192.168.1.255: IPs granted to specific MACs that should be isolated
And then I would need to actually isolate them. I think I could use a route table and target routes from the second range to the first, and have those get terminated? I’m not sure if that’s a good way, or how exactly I would do that on my router.
