How to block or pass traffic between Vigor3900/2960's different LAN networks?

Assuming Vigor3900/Vigor2960 is connected with 4 LAN networks. The examples below will show you how to block or pass traffics between different LAN networks.

Pass traffic among the 4 LAN networks

Go to LAN >> General Setup >> Inter-LAN Route page, Enable Routing between internal LANs, and apply the settings.

Pass traffic from LAN4 to the other but deny traffic among LAN1/LAN2/LAN3.

1. Un-check Enable Routing Between Internal LANs option via LAN >> General Setup >> Inter-LAN Route.

2. Add 4 IP Object profiles for each LAN networks via Object Setting >> IP Object.

3. Add a Group in IP Filter

4. In that Group, add IP Filter Rule 1 to pass the packets from LAN4 to other LAN networks by configuring the rule as follows:

a. Input Profile Name
b. Enable this rule
c. Select Accept for Action
d. Select lan4 for Input Interface
e. Select ALL LANS for Output Interface

f. In Source IP, select Profile lan4 for Source IP Object.

g. In Destination IP, select Profile lan1, lan2 and lan3 for Destination IP Objects.

5. Add IP Filter Rule 2 to pass the packets from LAN1, LAN2 and LAN3 to LAN4.

a. Input Profile Name
b. Enable this rule
c. Select Action as Accept
d. Select Input Interface as ALL LANS
e. Select Output Interface as lan4.

f. In Source IP, select Profile lan1, lan2 and lan3 for Source IP Object.

g. In Destination IP, select Profile lan4 for Destination IP Object.

6. After completing the above configurations, hosts in LAN4 will be able to access hosts in other LAN networks, and vise versa. But hosts in LAN1, LAN2 or LAN3 will not be able to access each other.

Block traffic from LAN4 to other LANs but pass traffic among LAN1, LAN2 and LAN3

1. Enable Routing Between Internal LANs option via LAN >> General Setup >> Inter-LAN Route.

2. Add a Group in IP Filter

3. In that Group, Add IP Filter Rule 1 to block the packets from LAN4 to other LAN networks:

a. Input Profile Name
b. Enable this rule
c. Select Action as Block
d. Select Input Interface as lan4
e. Select Output Interface as ALL LANS

f. In Source IP, select Profile lan4 for Source IP Object

g. In Destination IP, select Profile lan1, lan2 and lan3 for Destination IP Objects.

After completing the above configurations, hosts belong to LAN1, LAN2 and LAN3 can access each other and LAN4, but hosts belong to LAN4 cannot access LAN1, LAN2 or LAN3.