sfp interface connect to WAN
eth1-2 is local lan network
eth3-4 connect to IP cams using POE
eth5 is a trunk interface connects to a Cisco AP. Create a vlan interface (vlan80) under eth5. Cisco AP has two VLAN, one is a default vlan, the other is vlan80.
I created a bridge (bridgeLAN) for eth1-2 and eth5, I created another bridge (bridgeIoT) for eth3-4 and vlan80.
sfp interface wan port is not in any bridge.
bridgeLAN and bridgeIoT are using different IP scope and address pools.
Right now everything works fine. Only ports under bridgeLAN shows hardware offloading.
bridgeLAN cannot talk to bridgeIoT which is what I want. If I need to allow hosts in bridgeIoT to talk to bridgeLAN, I need to create firewall rules. So the traffic between two bridges are L3 routing using CPU, right?
After I read wiki couple times, I am not really understand the 'new' bridge and VLAN concept. My questions are:
- If I want to enable hardware offloading for all LAN ports (eth1-5), only one bridge is allowed to create?
If I bridge eth1-5, create VLAN interface under that bridge, how can I isolate the traffic between local LAN and local IoT network?
The WAN port does not need to join any bridge, right?