Use GL-MT300N-V2 as isolated IoT network

Hi, I have GL-MT300N-V2 device connected to my main router Nokia E-240W-A (that I can't change because it is provided by internet company) at fixed IP address 192.168.1.2.

I'm trying to make smart home and have several wi-fi and one lan device that I connected to GL-MT300N-V2 router under 192.168.8.0/24 network. My HomeAssistant server connected to my main router at fixed IP address 192.168.1.251.

At the moment my home assistant does not see anything in GL-MT300N-V2 network 192.168.8.0/24, but if I connect to GL-MT300N-V2 network I can easily access my main router network 192.168.1.0/24.

How can I isolate GL-MT300N-V2 network with untrusted IoT devices so they won't be able to access lan and wan devices on my main network, yet make them visible for home assistant?

Are there any tutorials that can help to solve the problem? It seems to be quite common.

First question, does the HA server need to be on 192.168.1.0/24 ?
If it was on 192.168.8.0/24 and you port forwarded to the HA Server through the Mango, then you would then have everything on the same network and would be able to start isolating the other IOT clients.

Thanks for your answer! HA is on a server that has lan connection to the main router. It shares machine with some other services (with different Ip addresses) that I want to isolate from the IoT network and requires high speed connection. So it seems like I don't have possibility to put it to 192.168.8.0/24.

I actually tested connection to 192.168.8.0/24 and it seems like it is too slow to hold all IoT devices so I'm going to switch GL-MT300N-V2 to WDS mode and unite all devices into one big network 192.168.1.0/24.

I will have 3 wi-fi networks on my main router GL-MT300N-V2 will extend on of them and take care of 1 lan and few wi-fi devices, while the rest of the devices will appear in the main router on the network GL-MT300N-V2 extended. Trusted computers will be in the other two wifi networks. Server with HA and other services will live in LAN. And they all share 192.168.1.0/24 addresses (Nokia router does not support vlans).

With this setup everything will see everything else, so I will still need to find out how to isolate specific IP addresses from IoT devices.

Hi,

When you use 'big network 192.168.1.0/24', means the Nokia router is the main network device, not the GL-MT300NV2, because the MT300N can not process any data, when it is in WDS mode for extend. Please ask Nokia how to create isolate network or purchase a new GL router for main router.

I understand that. AFAIK GL-inet does not support EPON so I have to stick to Nokia or am I wrong?

yep, GL does not support the fiber port.

Did you consider accepting the 2-layer NAT? like Nokia Internet Rouer -> GL router -> IoT devices (isolated) + personal devices (home/public)

But as you know, probably require purchasing a new GL router to provide enough performance.

I'm thinking of that, but I have quite a limited space and hard requirement to have WPS button (one of my device fail to connect without WPS). To close this topic - any tutorials that you can recommend regarding network isolation?

Sure.

There is some GL user have built their own VLAN on GL router via Luci: Flint 2 GL-MT6000 - VLAN

This is the OpenWRT official guide for the VLAN: [OpenWrt Wiki] VLAN

Here is a recent thread is discussing how to learn VLAN:

2 Likes