Hi there!
So I have a hEX routerboard to be the main router in my house.
One of its tasks to allow or deny internet access for the given devices. I have a solution for that, but it is not working as I expected. Please give me hou could I change the configuration to fulfill the tasks.
The different device types:
- routers and other network devices.
- devices of the parents.
- kid's devices
- multimedia devices
- home automation gadgets
- unknown devices
Basically the network devices, parent's stuff and all the home automation has full access to the internet. These are quiet a lot, about 50-60 pieces.
The kid's devices have not internet during the night
The multimedia devices have a different time schedule, they are not getting internet during the school time.
Everithing ellse work only in the time period during the day when we can expect guests. Basically there is a range defined for dinamyc IPs.
My solution for that was to:
- setup a DHCP to have IP ranges for the categories above
- add all the devices to the DCHP leases list
- create firewall rules to allow or deny internet according to the time periods.
So far so good... but my older child is more creative than that. If he sets the IP of his device manually and not let the DHCP do it, he can set IP outside of his range - like the home automation - and have internet access during night.
What I found yesterday is, that the ARP can also bind an IP to a MAC address. It could be a good option, however
- the ARP can be set for the Interfaces of the router, which are the ethernet ports. Maybe the correct option would be to set is reply-only. If so, all the new devices have to be added by hand to get IP. I would like to keep the option to dinamically assign IP for the devices into the "unknown devices" range.
- what if my kids figures out that he can clone MAC address as well? E.g. copies the MAC of the TV and uses it during night.
So this is where I am stucked.
Should I somehow reorganize my network to have separate subnet or something for the dinamic and the static IP range with different ARP setting? Or is it not the bet solution for that?
Why I am not using "Kid control"? It does not fulfill my needs.
Why I am not using PPPOE? The home automation devices, which requires full internet access, are not capable to use PPPOE.