Disable direct connections between devices on the public network.
Disable direct connections between devices on the public network.
Hi, for your TP-Link TL-MR6400 setup you can disable device discovery by changing the DHCP server settings or using a static IP assignment. To ensure two specific devices can communicate, assign them unique static IPs and configure their MAC addresses accordingly. You can also enable network monitoring features to track activity and log IP traffic.
The guest network serves as a helpful solution. I’ll explore this further; I expected a simpler option like a different router or hardware firewall. Appreciate the advice!
A prosumer router or firewall device can handle this setup, though it would involve configuring VLANs and managed switches or APs. You’d need to create several subnets with routing rules that permit communication only in designated areas. If you’re interested, go ahead—consider using pfSense for the router/firewall and UniFi for the switches/APs. It requires some time to learn, but it’s manageable at first. You can completely disconnect from the internet or create unusual network behavior, which is part of the process. For a typical home, expect around $300 for UniFi equipment and a compatible PC for pfSense, possibly needing a 2-port gigabit NIC.
I didn't realize it was important or how Omada fit in, but I'm now using an Omada controller and EAP. It looks like this is similar to Unifi.
I don’t know about omada, but it seems compatible with VLANs and firewall configuration. If you can configure rules, and your APs and switches recognize VLANs, you should be able to set it up. Building a restricted SSID is often done through a guest network, as normal firewalls let all devices on a subnet communicate freely. Switches handle packets using MAC addresses, so devices in the same subnet don’t need firewall intervention for routing. This setup typically comes from the AP side, which a guest network usually supports by default.