Hi Guys,
Need your help. I have a router to which all th devices are connected. Mostly wireless but the TV is connected via LAN cable. I have installed few apps on the TV from not trusted sources and I dont want the TV on the same network. How do I isolate the TV from the network so that it can still access the internet but cannot see anything on the network. Hope it makes sense.
Check if the router has the possibility to isolate the lan port. That way the port on the router can not talk to other devices in different ports or wlan.
Second possibility is to check if the router supports VLAN. If so you can put the TV or a port on a separate VLAN.
If all that is not possible, consider removing the cable and connect the tv wireless. That way you can put the tv on the guest WiFi network. That should come with isolation by default.
If you donāt want that either, you can resort to extra hardware. Any device with two lan ports could do. Make one port a dhcp based wan port connected to the current network and the other port goes to the tv. Run a dhcp server and nat and you have the tv isolated.
If you want to keep it wired then youāll need to put it on a separate VLAN from your other devices. A VLAN effectively allows you to create separate ethernet networks over the same physical network. We use them at work to keep factory hardware separate from office hardware and I use them at home to keep a vpn open for streaming geolocked content from another country. Traffic between the two VLANs has to be routed just like it would if they were separate physical networks.
I have an Edgerouter POE which has a small built in switch and supports VLANs so I can easily dedicate a port on the switch to a particular VLAN. In my case I route that traffic through wireguard, but in your case all you really need is setting up NAT for internet access and not route it with your other VLAN.
Any commercial grade routers support VLANs, iāve seen it on unifi, aruba and fortigate and have never heard of it not being supported.
As others have pointed out, if you have a switch between your TV and Router then thatāll need to be a managed switch that can trunk the vlan code back to the router, otherwise all the traffic will be comingled.
Other thoughts:
You might be able to arrange your IPs to sort of fake it. If your router is 192.168.1.1 and you make the TV be 192.168.1.2. Then you could give your TV a static IP configuration and tell it that itās subnet mask is 255.255.255.252. Then itād only consider the IPs 192.168.1.1-192.168.1.2 as being in itās local network and if it tries to access something else on the LAN then itāll send it to the router for forwarding.
Iām not sure what your router would do in that situation, but it seems unlikely itād manage to forward that packet. Youād have to avoid putting any device on 192.168.1.3 (as thatād be the routers broadcast address) but I think you could probably make that work. Itās not really secure (as anyone that compromises the TV could change the subnet) and itād still be possible for devices on your network to send UDP packets (but not get replies from) the TV. Itās also not really extendable and you probably canāt get a second TV to work like that (and definitely not three), but it wouldnāt require switching to commercial routers.
Thank you so much. I think iāll have to buy a switch. I have a shitty iinet tgvac789 V2 router which I think is useless.
The switch on its own will do nothing for you. Itās only useful with a router that supports VLANs
Unfortunately in your situation youāll need to replace your current router-modem combo with a dedicated modem, a commercial router (if you donāt want to build your own linux one then EdgeRouters seems pretty good value for money) and a managed switch.
Iāve got myself a second router and created a second wifi and lan with it. All my smart home devices are in there and also the tv.
You are probably a lot more technical than I am, but I would solve it by putting the TV on my guest network that comes out of the box of my mesh networkā¦
Is this your modem? https://help.iinet.net.au/how-setup-tg-789-broadband-gateway-nbn-fttbn
Can you access http://10.1.1.1 and log in as described? If so can you take a screenshot over that web site after you log in so we can see what settings are available to tweak? There might be a chance your modem-router will do just fine.
Yeap thats the one. I think this is the part that I need to configure but dont know how. The page is called āsetup gatewayā . VLAN was off which I just turned ON. How do we setup VLAN?
