I have a fairly simple home network, that I wish to segment into vlan’s for better security and manageability.
Need help from the brains trust, on how to configure my RouterBOARD 750G r3 to accomplish this. I scoured the docs but did not find a simple use case that would be definitive.
ether1 → wan
ether2 → switch
The uiquity switch has 2 x ubiqutiy AP’s along with servers, wired ethernet clients, plugged into it. It also powers the AP’s via POE.
The AP’s have 3 x ssids each for a different purpose… eg lan, iot, mgmt so vlan 92,93,94 - each ssid will have its own dhcp range/server.
so all the action is on ether2.
it is important for vlan 92,94 maintain internet access, while internet access for IOT should be denied.
using the doc example, but modified to something like this…? I am uncertain about ether2 being both tagged and untagged. I am thinking something like the following, but unsure if it workable. I don’t fully have my head around using bridge1 as the center of vlan processing.
/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether2 hw=no
add bridge=bridge1 interface=ether3 hw=no
add bridge=bridge1 interface=ether4 hw=no
add bridge=bridge1 interface=ether5 hw=no
/interface bridge vlan
add bridge=bridge1 tagged=ether2 untagged=ether2 vlan-ids=92 #lan ssid
add bridge=bridge1 tagged=ether2 untagged=ether2 vlan-ids=93 #iot
add bridge=bridge1 tagged=ether2, bridge1 vlan-ids=94 #mgmt
/interface vlan
add interface=bridge1 vlan-id=92 name=lan
add interface=bridge1 vlan-id=93 name=iot
add interface=bridge1 vlan-id=94 name=MGMT
/ip address
add address=192.168.92.1/24 interface=lan
add address=192.168.93.1/24 interface=iot
add address=192.168.94.1/24 interface=MGMT
/interface bridge
set bridge1 vlan-filtering=yes