I'm hoping someone here will be able to help me set up my new router. Just before Christmas, I bought a RouterBOARD 3011UiAS-RM and two TP-Link EAP225 wireless access points to replace my struggling Airport-based setup. Since then, I've been looking through the many examples of how to set up a guest network using a VLAN. I've failed to find enough consistency between some of the examples to feel confident about how to go about this, though I have learnt a few things along the way.
My setup and requirements are fairly simple:
- I have a Virgin cable router running in 'dumb' modem mode, which will connect to the RouterBoard's ether1. External IP address comes from DHCP.
- My Home (wired) network will all connect via a 3rd party switch plugged into any of ether6-10 using the 192.168.111.0 network.
- Guest (wired) ethernet will connect to ether2 using the 192.168.222.0 network (this is VLAN ID 99).
- Access points will both connect (via a separate 3rd party PoE switch) to ether3. The access points have two SSIDs (one for Home, one for Guest). The Guest SSID is assigned to VLAN ID 99.
Amongst many other threads, I read through this one: viewtopic.php?f=2&t=138232 which was somewhat mind-blowing for a beginner such as myself! It seems there has recently been a software change that means my guest vlan requirement can be satisfied within a single bridge. If I understand correctly, this is simpler but not necessarily better in all cases due to hardware limitations. However, as far as I can tell my router has hardware that is capable of handling 'bridge VLAN filtering' (QCA8337). If so, I would like to take this approach. I suspect one of the reasons I have found some inconsistency between examples is because some take the single bridge approach but many others show the older multi-bridge approach. Another factor I've struggled with is that most examples utilise on-board radio, which is not this case for me.
I have worked out some of the simple bits:
Code: Select all
/ip pool
add name=default-dhcp ranges=192.168.111.120-192.168.111.179
add name=Guest-dhcp ranges=192.168.222.10-192.168.222.254
/ip dhcp-server network
add address=192.168.111.0/24 comment=Home dns-server=194.168.4.100,194.168.8.100 gateway=192.168.111.2 netmask=24
add address=192.168.222.0/24 comment=Guest dns-server=194.168.4.100,194.168.8.100 gateway=192.168.222.2 netmask=24
/ip route rule
add src-address=192.168.222.0/24 dst-address=192.168.111.0/24 action=drop
I don't think I can fill in the interface field here until the bridge/vlan/interfaces have been defined:
Code: Select all
/ip address
add address=192.168.111.2/24 comment="Home gateway" interface=[PLEASE HELP] network=192.168.111.0
add address=192.168.222.2/24 comment="Guest gateway" interface=[PLEASE HELP] network=192.168.222.0
I'm pretty sure I accepted the default setup when I first setup the router, so I'm left with things like this which may need changing?:
Code: Select all
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=ether6-master
add bridge=bridge comment=defconf hw=no interface=sfp1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
Any help would be gratefully received!
Thank you.