I want to have a virtual AP that can only access the WAN, not other LAN items.
bridge1 contains:
bridge2 (guest) needs to contain:
My WAN goes out via PPPoE->vlan1->ether5.
I’m running 6.38.1 on the hAP AC 962. I have seen other instructions to do this but many seem outdated.
only create one bridge.
One for your personal network,
Create 2 virtual ap’s
and add the personal one to the bridge
add an ip address for personal use eg 192.168.0.1/24 and one for guests 192.168.10.0/24
then just add a firewall rule that blocks connections sourced from 192.168.10.0/24 going to 192.168.0.0/24
Hmm. I need more detail about how to assign the addresses to the guest network. Do I need a second DHCP server and pool, or just an entry in IP/addresses pointing at the Virtual AP, or what?
I set up an entry in IP/Addresses as well as a pool and DHCP server. I can see from the logs that an IP from the guest pool is assigned when I connect, but my laptop doesn’t believe that to be the case. I haven’t set up firewalling or anything, so it makes me think the “router” IP for the second DHCP pool is wrong or has the wrong netmask.