I have a gaming machine on my network. Previously, their machine was set up on the Guest WiFi which I run on a separte VLAN. Worked OK, but the WiFi performance wasn’t always perfect.
So we decided to move the machine to ethernet. Given physical wiring configurations, the only ethernet port available connects to a switch which connects to the main (untagged) LAN.
Questions:
-
Is there any way to have a device physically connected to the main (untagged) ethernet port, but have the peplink route it as if it was connected to a VLAN? In other words, sort of a virtual VLAN? Something like “For this one particular MAC address, force it to VLAN, but for all others treat them normally”
-
Assuming #1 is not true. Is there a way to let the gaming laptop stay on the main untagged ethernet LAN, but highly firewalled? I want the gaming laptop to have full WAN access (and be able to do UPnP and NAT-PMP) but not be able to see anything else on the untagged LAN. In other words, I think I’m asking for layer 2 isolation, but only for a single device.
I had thought I could accomplish this using internal firewall rules, but upon further reading it sounds like these don’t function for devices on the same subnet? In other words, if I set up an internal firewall rule:
Internal Firewall Rule:
GamingPCIsolation: Protocol Any, Source: [IP of laptop] Destination: Any: Deny
Does that rule actually do anything?