VLANs and Guest Network on 2011UAS-2HnD

yogi84 · November 15, 2012, 5:10pm

I need help stetting up a RouterBOARD 2011UAS-2HnD. I want to create a main network and a guest network with both wired and wireless connections. i am new to router os but and very experienced in networking so the breakdown is as follows

“main network”
switch ports 1-5
Wireless APN - my-net
192.168.254.0/24

Guest Network (vlan25)
switch ports 6-10
Wireless APN - guests-net
192.168.250.0/24

Also my WAN connection is on SFP 1 (copper gigabit sfp)

simonetmp · June 6, 2013, 4:00am

Did you ever figure this out, I am struggling to setup exactly what you have right now.

lunchboxrts · June 6, 2013, 4:36am

From the looks of your diagram you don’t need vlans just need to isolate your “guest” from “my network”

/interface wireless
set 0 name="my-network" ssid="my-network" disabled=no channel-width=20mhz band=2ghz-b/g/n ht-rxchains=0,1 ht-txchains=0,1
add name="guest-wireless" ssid="guest-wireless" master-interface="my-network"

/interface bridge
add name="MyNetwork"
add name="GuestNetwork"

/interface bridge port
add bridge=MyNetwork interface=ether1
add bridge=MyNetwork interface="my-network"

add bridge=GuestNetwork interface=ether6
add bridge=GuestNetwork interface=guest-network

/interface ethernet
set ether2 master-port=ether1
set ether3 master-port=ether1
set ether4 master-port=ether1
set ether5 master-port=ether1

set ether7 master-port=ether6
set ether8 master-port=ether6
set ether9 master-port=ether6
set ether10 master-port=ether6

/ip address
add address=192.168.254.254/24 interface=MyNetwork
add address=192.168.250.254/24 interface=GuestNetwork

/ip dns
set servers=8.8.8.8
set allow-remote-requests=yes

/ip firewall nat
add chain=srcnat action=masquerade out-interface=sfp1 comment="To WAN"

/ip firewall filter
add chain=forward src-address=192.168.254.0/24 dst-address=192.168.250.0/24 action=drop comment="drop MyNetwork --> GuestNetwork"
add chain=forward src-address=192.168.250.0/24 dst-address=192.168.254.0/24 action=drop comment="drop GuestNetwork --> MyNetwork"

you will need an ip for the sfp port, a gateway ip, and dns.
this was just off the top of my head so double check the settings before use