Simply Block IP Traffic Between LAN Ports with VLAN
1 x UR35/UR75
2 x computers
VLAN stands for Virtual Local Area Network. When it's necessary to divide a LAN on a switch into multiple LANs, the divided ones are called VLANs. Because despite that the LAN ports are on same switch, traffic cannot go in between.
VLAN ID is used to mark each VLAN.
If a port is tagged, it belongs in the VLAN with fixed VLAN ID.
If CPU is tagged, router system examines the VLAN ID in frame every time a packet is received in certain LAN and then proceed. If CPU is untagged, the VLAN might fail to take effect.
Go to Network > Interface > Switch > VLAN Settings.
Click "+" to add a VLAN, set up VLAN ID as needed. Default VLAN ID is 1, for example second one uses 2.
Click "+" to add a LAN under LAN Settings, set up name as needed. Default name is vlan1, for example second LAN is named as vlan2.
Untag LAN 1, LAN 2, tag LAN 3, LAN 4
Choose 2 as VLAN ID for vlan2, set vlan2's IP Address as 192.168.20.1, the rest options remain as default.
Now the Switch tab should have settings look like this.
Set a computer's Ethernet adapter's TCP/IPv4 Properties to obtain IP address automatically, or use 192.168.10.100 as IP address, 255.255.255.0 as netmask, 192.168.10.1 as gateway address.
Connect this computer to LAN 1, use Command or other terminal to ping 192.168.10.1.
Set another computer's Ethernet adapter's TCP/IPv4 Properties to obtain IP address automatically and connect it to LAN 2.
Use Command or other terminal to ping 192.168.10.1 and 192.168.10.100(or what's obtained by 1st computer). Get response successfully.
Connect 2nd computer to LAN 3 or LAN 4, its Ethernet port should have obtained 192.168.20.x.
If not, use 192.168.20.100 as IP address, 255.255.255.0 as netmask, 192.168.20.1 as gateway address.
Use Command or other terminal to ping 192.168.20.1, get response successfully.