On Thu, Aug 30, 2018 at 5:16 PM, r hayman <rhayman at pureice.com> wrote: > Like Ioannis, I control my own LAN and isolate it from the "LAN" of the > ISP-provided device. > > I currently have an Ubiquity EdgeRouter and its WAN port is the only thing > connected to the ISP-provided device. > I set the ISP-provided device into bridge mode (if I can't I have my ISP do > it). > > When this is complete, my EdgeRouter WAN directly faces the Internet (gets > an Internet routable address). > I have the EdgeRouter set up as a DHCP server on the LAN side and have all > incoming and outgoing routes denied by default. > I add rules to allow only what I want in and out of my network. > > I also have the ability to support VLANs for IoT devices that I don't want > on my LAN - they get a separate VLAN > > Set up like this, my entire LAN operates within the LAN even when the ISP or > the WAN goes dark. This sounds like what I'm looking for. So - - - am I understanding correctly? You have 2 routers with one serving as a connection to the WAN and the second is the one that connects from the WAN to itself and #2 runs the LAN. Any ideas on documentation to 'make' this happen? I'm new to any sys admin/computer under the hood stuff so its useful for me to find a crib sheet where things are laid out. Thanking you for your idea/s !!! Regards Dee