NR7101 Why multiple LAN Interface Groups?
What's the idea of having multiple LAN Interface Groups?
- Default: 192.168.0.1
- Bridge1: 192.168.1.1
- Bridge2: 192.168.2.1
- Bridge3: 192.168.3.1
- Bridge4: 192.168.4.1
All Replies
-
I think the idea is that if you have the device connected to another (primary) router in IP passthrough mode, and that existing router already uses 192.168.1.x this gives you a way to connect to this device through that router…
…but it doesn't seem to work
The setting doesn't seem to take/stick. Mine came configured with 192.168.1.1 as the default and a second group named bridge1, with IP 192.168.2.1. Selecting it and clicking 'Apply' simply takes me back to the home page
0 -
IN the menu under Network Settings > Interface Grouping
The configuration page says:
Interface Grouping supports multiple ports and bridging groups. Each group will perform as an independent network.
To support this feature, you must create mapping groups with appropriate LAN and WAN interfaces using the Add button. The Remove button will remove the grouping and add the ungrouped interfaces to the Default group. Only the default group has IP interface.
1. Enter a unique Group name.2. If you like to automatically add LAN clients to a WAN Interface in the new group, add the DHCP vendor ID string. By configuring a DHCP vender ID string, any DHCP client request with the specified Vendor ID (DHCP option 60), will be denied an IP address from the local DHCP server.
(1) If a Vendor ID is configured for a specific client device, please REBOOT the client device attached to the router, to allow the client device to obtain an appropriate IP address.(2) Total criteria rules can not add over than 15.
Doesn't make a lot of sense to me.
0 -
Not for me either
0 -
Can you screen shot the interface grouping page?
Did you set it yourself or it comes by default?
What is your FW version? Can you do reset to default to check?
0 -
I try to use the grouping function to have a separate network without access to main LAN (br0), from my test, I can create a additional group, select IP address and DHCP server for it, I can connect to it (must have a reboot if not I got mixed result..), but from additional LAN (br1), I can access the formed LAN (not working in opposite direction from my limited test), How to do to have complete isolation between the 2 LAN ?
0 -
I think that what Zyxel call a LAN grouping, Cisco and others call a VLAN.
Sometimes an independent network is needed so that only the hosts in that independent network can only communicate with themselves and the Internet WAN and no others.
It would be a security segregation approach.
Kind regards, Tony
0 -
Well, that's exactly what I'm looking after, an independant network that can only communicate with themselves and the internet WAN AND NO OTHER.
But all my test show that this is not the case. When I try a group LAN, I'm able to acces my main network from it, this is NOT normal.
I even try a guest AP (external guest), and again, If I connect on guest acess, I'm able to see my main network, this is not normal.
Any solution to really create an safe isolation ? (I have a AX7501-B0 btw)
0 -
Hello @rastapoupoulos
The AX7501 user guide at says the following about Interface Groups:
and different networks need a routing function to communicate with each other.
But the AX7501 also has VLANs, see below.
So I think that you might be able to use VLAN functionality to get segregation rather than Interface Groups…
Kind regards,
Tony
0 -
Hello tonygibbs16
Thank for your times, but after lots of trial, I'm not able to do any sensed thinks with this router, thus it will most probably end its life in bridge mode and thats it (I'm a bit sad for the price of the unit and the wifi6 that will become useless)
This really a pitty that:
- guest Wifi access give access to LAN (even if set as external guest)
- grouping lan create a new DHCP server (so far so good), but does not give isolation purpose (possible from new group LAN to go to main LAN (but not opposite direction)
- vlan does not bring anything (or I miss an important point, but there so little options box that it seem complicated to miss something)
- firewall rules: I was not able to block anything….
This product is a joke.
1
Ally Member
Guru MemberCategories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 52 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight
