Need help with improving network config and remove Nested routers

[Agent Crimson]

I have a weird setup for my home network. I have a super crappy ISP provided modem, router, wifi combo and also have 32 cameras and over 25 devices running at a time so I put a ERX in front of the modem and also made VLans in the ERX to separate the Cam network from my main home network. Now what I am unable to do is I want to configure the ERX such that the Cam VLan cannot access my Home VLan but can access the internet and I want my House VLan to access everything. The config I tried right now does not do this and allows we to access both the networks. Also the ISP provided modem router is also doing its routing so the ISP one is on 192.168.2.1 and the ERX is on 192.168.2.2 and the internal VLans are 192.169.0.0 and 0.1. I want to know if there is a way to disable routing completely from the ISP box and do everything on the ERX. I would have probably left it as is but I was trying to open ports for my CSGO sever and I was not able to because I wasn't able to figure out how to do it when 2 devices are routing. 

 

Please help me fix this rats nest of routing. Any help is greatly appreciated

 

 

[homeap5]

If you disable dhcp in router and assign static ip on it from your main router, and then plug it into network using lan1 port (not wan), you'll get managable switch (with separate wireless if your router have wifi) using ports 2 to 4. And all your devices stay with the same network.

 

If you want to control net using your own router, your main router must be working as bridge (if it has that option). But then you can't use it's wifi and you can only use one lan port to connect your second router to it.

[Agent Crimson]

2 minutes ago, homeap5 said:

If you disable dhcp in router and assign static ip on it from your main router, and then plug it into network using lan1 port (not wan), you'll get managable switch (with separate wireless if your router have wifi) using ports 2 to 4. And all your devices stay with the same network.

No but I want to use ERX as my main and use the ISP one just as a wan modem

[WereCatf]

30 minutes ago, Agent Crimson said:

Now what I am unable to do is I want to configure the ERX such that the Cam VLan cannot access my Home VLan but can access the internet and I want my House VLan to access everything. The config I tried right now does not do this and allows we to access both the networks.

Add a firewall-rule to disable traffic from Cam VLAN to Home VLAN.

30 minutes ago, Agent Crimson said:

I want to know if there is a way to disable routing completely from the ISP box

That obviously depends on the ISP-box. You need to configure it as a bridge, not router.

31 minutes ago, Agent Crimson said:

and I was not able to because I wasn't able to figure out how to do it when 2 devices are routing

You'd port-forward from the ISP-box to the other router and then from the other router to the server.

[homeap5]

18 minutes ago, Agent Crimson said:

No but I want to use ERX as my main and use the ISP one just as a wan modem

I explained it in second part of my post (edited a little later). First part is still valid for rest of your routers (if you have more).

[Agent Crimson]

18 hours ago, WereCatf said:

You'd port-forward from the ISP-box to the other router and then from the other router to the server.

This is only when the ISP-box is not in bridge mode right? If I have the ISP-box in bridge mode then I don't need to port forward on the ISP one cuz then its only acting as a modem and the main router/firewall is the only one that needs the port forwarding

[WereCatf]

2 hours ago, Agent Crimson said:

This is only when the ISP-box is not in bridge mode right? If I have the ISP-box in bridge mode then I don't need to port forward on the ISP one cuz then its only acting as a modem and the main router/firewall is the only one that needs the port forwarding

Aye, that is correct.