Home / server / Questions / 88175
Accepted
Alakdae
Asked: 2009-11-26 05:57:51 +0800 CST

Disable routing between ports in ADSL router

  • 772

Does anyone know an ADSL router that allows to disable routing between switch ports? For example:
- part of network connected to port 1 on router can access the Internet but cannot see the part of network connected to port 2 on router
- the same for port 2

The whole network can access the Internet but cannot access each others segments. The subnet is the same for both ports. I don't want to use different subnets because then someone can change their address and get access to the other segment.

router

2 Answers

  1. Best Answer

    draytek vigor 2820 and upwards all do which is called Port based vlans.

    http://www.draytek.co.uk/products/vigor2820.html

    • 1

  2. Is there a reason that the IP subnet must be the same on both ports?

    What you attempting to do is normally done through the use of separate subnets/VLANs, with an ACL/firewall rule restricting access between the two subnets.

    Briefly, without using vendor specific config:

    VLAN10: 192.168.1.0/24
VLAN20: 192.168.2.0/24

Port 1 -> VLAN 10
Port 2 -> VLAN 20

ACL:
From 192.168.1.0/24 to 192.168.2.0/24 DENY
From 192.168.2.0/24 to 192.168.1.0/24 DENY
From 192.168.2.0/24 to ANY ALLOW
From 192.168.1.0/24 to ANY ALLOW

    Some of Cisco's SOHO router/firewall devices (e.g. ASA 5505 or 871 ISR) support VLANs and inter-VLAN ACLs. Other vendors such as Draytek may also provide what you need.

    • 1