Block Devices on same Subnet

LIGISTX · January 23, 2022, 8:12am

Hi, I have an IoT subnet set up and I got a Shelly smart switch… Looks like its very easy to go to the WebUI of the switch and power it on. Problem is, this is my garage door. I was wondering if it would be possible to restrict access to only a single IP (Home Assistant) within the same subnet?

I seemingly have the rules correct, but they don’t seem to work. I assume this is due to the switch sending the traffic without even consulting the firewall since the data is not actually traversing the firewall with it being within the same subnet, is this correct? Is there any way to force this rule (I doubt it seeing as I don’t have switches with any smart routing functionality, beyond just simple unifi mini’s).

LTS_Tom · January 23, 2022, 11:16am

You are correct that traffic on the same subnet does not go through the firewall so it would have to be done by a switch that supports that.

FredFerrell · January 23, 2022, 3:51pm

Not sure what switch you have but Cisco’s support port ACLs so you could limit traffic based on MACs, IPs, or ports. Easiest thing if your switch doesn’t support it would be to create a new subnet just for that device.

Barrow · January 27, 2022, 4:05pm

Would putting a password on the web gui not solve this issue or do you want no access at all from other devices