Isolate networks using physical ports

gechu · July 6, 2025, 9:07am

I've got a 4 port Intel i350 nic.

Port 1: WAN
Port 2: Home LAN (1) - Access Point A
Port 3: Home LAN (2) - Access Point B
Port 4: Guest LAN - Access Point C

Home LAN and Guest LAN are located in different buildings, and must be fully isolated. Each network will contain Chromecasts, Spotify Connect devices etc that should only be visible for users connected to the respective networks.

Reading: https://openwrt.org/docs/guide-user/network/dsa/dsa-mini-tutorial

... the option "Multiple bridged networks" seems a good fit for my needs.

Will this option work? And do I require additional firewall configuration? Eg zones.

frollic · July 6, 2025, 9:36am

gechu · July 6, 2025, 12:49pm

Thanks for the suggestion, but it includes VLANs.

After reading the article about DSA, my understanding is that it is possible to make use of different bridges to keep the config simple yet achieve isolation.

frollic · July 6, 2025, 12:59pm

If you have a quad port card, you only have to move one port out of br-lan, and create the guest subnet.

The firewall settings would be mostly the same though.