Is it possible to make wlan interface member of several VLANs?
What I need is make wlan interface VLAN aware, have one VLAN ID for all ingress packets and be member of multiple VLANs for egress packets. All packets, transmitted over RF, shall be untagged ...
My setup is such that LAN is built around a managed switch and divided to a few VLANs. "Normal" LAN machines are members of one VLAN (e.g. default VLAN ID = 100) while GW to internet is member of two VLANs (e.g. default VLAN ID = 105, additional VLAN ID = 100). If some LAN computers are allowed to "speak" to GW, their corresponding switch ports are made members of VLAN 105. All LAN machines and GW don't know about VLANs, hence their corresponding switch ports are "access" ports.
What happens is that ingress packets from LAN machines get tagged with VLAN ID = 100 upon entering ethernet switch. As GW is also member of VLAN 100 packets get delivered to it as well. Likewise all ingress packets from GW get tagged with VLAN ID = 105. Only machines whose switch ports are members of VLAN 105 get GW packets delivered.
My RB951G-2HnD is connected to ethernet switch trunk port, receiving VLAN tagged packets. I've made wlan member of VLAN 100, wifi clients can talk to other LAN machines. However, they can not use internet as replies from GW are not handled by wlan interface.
Please note that any packet transmited over the air (WiFi) should be untagged (both ingress and egress). Just the way it can be done on wired ports.
Any idea?