It is required to restrict the access of one client ip 192.168.1.100 to the server with 192.168.1.10. The lan isolation is not suitable, because other clients in the network need access to the specified server, moreover, the client isolation works only for wifi, not for a wired connection. How to make the firewall rules work in the lan zone? I tried to create firewall rules in luci, but they do not affect the lan zone in any way.
Correct, they don't/won't.
1 Like
Create another vlan for that client, and set firewall rules then.
1 Like
I don't know vlans very well? how exactly should I do this?
Start by sharing router model.
1 Like
Sorry that I didn't specify the router model right away, I for some reason I think that openwrt this is a unified system, and this is not necessary). My router AX3000T Xiaomi
So it is a DSA-based router.
- enable br-lan vlans
- add another vlan
- add ip configuration to new vlan
- move physical ports and or wifis to new vlan
- add firewall rules between networks
Basic guide would be "guest network" with some tweaking of firewall rules.
What you call multiple passwords is EAP - enterprise authentication with each user having own user id and password. You need radius server to mange this
1 Like