I am a total newbie to configuring switches, routers, firewalls, etc...
I'm trying to create two networks on my Archer C7 - each with internet access, but with no access from one network to the other.
Here are my Switch and Firewall configurations:
The lan interface is on eth1.1 and the guest interface is on eth1.3.
By setting up the two separate vlans (1 & 3), I was expecting the two networks to not be able to communicate unless I explicitly setup forwarding between them.... For some reason I can access 1 from 3 and vice versa. What am I doing wrong?
When you set an Ethernet port of the switch to "tagged", the device on the other end of the Ethernet cable needs to be VLAN-capable. With ordinary devices such as laptops you would set "untagged" in one VLAN and "off" in all the others.
Thanks for the replies. I tagged port 4 because I'm going to configure an AP on that port with guest and lan networks, but first wanted to get the main router working properly.
I was mistaken, the networks cannot communicate with each other! What threw me off was that from either network you can reach x.x.x.1 of the other network, but you can't reach any other IPs.
