2 LANS over WIFI

davolnas · March 14, 2025, 12:44pm

I have Map2nd router/ap
I have 2 different lans, LAN1 - 192.168.10.1 and LAN2 - 192.168.2.1
I want to configure the router what i connect LAN1 to ETH1, LAN2 to ETH2
Both LANs can be reachable with WIFI (good Wifi with DHCP server for clients)
No internet needed for LANS

anav · March 14, 2025, 2:01pm

Are you setting this up as a ROUTER or as an AP?
post your config thus far
/export file=anynameyouwish ( minus device serial number, any public WANIP information ).

JohnTRIVOLTA · March 14, 2025, 2:32pm

Add virtual WiFi. Add 2 bridges. Put in the bridge1 eth1 and wifi for LAN1 segment. Put in the bridge2 eth2 and virtual wifi for LAN2 segment. Move IP addresses to the bridges from eth1 and eth2.

anav · March 14, 2025, 2:40pm

Okay so its acting as a router.
Okay so the purpose of the wifi is so that clients can go where??? ( if not the internet).

Should I assume the idea is that:

you have a bunch of users on one wifi that need to talk to each other → WLAN1
you have a bunch of users on a different wifi that need to talk to each other → virtualWLAN2 ( master interface is WLAN1) different SSID with different security settings.
for the most part groups of users should NOT be able to talk to each other
( any exceptions to this)

Adding two bridges is NOT necessary and the small form factor of this device in capacity would seem to indicate that assigning a LAN address to the etherports and NO bridge, is preferable.

davolnas · March 14, 2025, 10:05pm

Its in industry, controler is in Lan1, other device is in Lan2. We want conect both lans and client connecting to router via wifi can do diagnostic and other job in both lans

rplant · March 16, 2025, 1:06am

My thoughts, (and some assumptions)

I assume your clients connecting to the MAP might have their default gateway via a wired connection and you
might not want to disrupt that.

You might not want the industry devices being able to reach back to connect to the LAN devices connecting to them.
In addition these industrial devices may not have a default gateway, (or a different default gateway to the MAP).

As per @Anav, I would put IP addresses .10.1 and .2.1 on the 2 physical interfaces
(.88.1 can probably remain on the default bridge)

I would customize the MAP DHCP server, so wireless clients get routes to .2.x and .10.x and no default gateway.

/ip dhcp-server option
add code=121 name=classless value=0x18c0a802c0a8580118c0a80ac0a85801 \
  comment="classless routes to 192.168.2.0/24, 192.168.10.0/24 via 192.168.88.1"

# You may have to remove the existing default entry, to add the following
/ip dhcp-server network
add address=192.168.88.0/24 comment="no default gateway, with classless routes" dhcp-option=classless dns-none=yes

I would then put back in the default set of firewall rules.
And make both ether1 and ether2 members of the Wan interface list.

So clients connecting to the Industrial devices are NATTED and look like they are coming from 192.168.2.1 (or .10.1)
Also means Industrial devices cannot connect back to clients.

You may not want this (perhaps for logging correct client IP addresses on the industrial devices)
In which case you can disable the default edit src-nat masquerade (was dst-nat) * rule. (This does require the industrial devices have the MAP as their default gateway)