Hello!
I'm trying to set up two hap ac2 routers to work together:
- "router" - which is connected to the internet uplink and is the main control centre and firewall, connects to the "basement" on ether4
- "basement" - which connected to the "router" by trunk-hybrid port, connects to the "router" on ether1
The general idea is to have "router" produce several VLANs: "main" one for all my private matchines, "service" one (for extra-secure hosts), "guest" and one called "not" (Network of things). Each "guest" and "not" vlans has their own 2.4GHz wifi networks.
The wifi for "main" vlan is done by external access-point, which is vlan-unaware and has a switch built-in. And to that switch I'll connect my home-assistant host, which needs to reach the "main", untagged vlan and "not" which is tagged (and in consequence, hidden from the external access point, albeit still switched by it).
I've managed to setup the "router" and it seems to work properly: when I'm connecting to trunk port, my native interface obtains proper "main" IP from DHCP, but when I add a vlan 103 interface to it, it's being given a "not" IP, so that part works perfectly. Hosts connected to different vlans on this router can ping each other (i.e. host 10.0.0.53 connected via external AP can ping 10.3.0.50 connected to "not" wifi).
However, on the other end, in the "basement" - I'm able to ping the "router" via the vlan-100 interface, however I cannot ping anything else. Seems like I messed something in the trunk configs. The "basement" still has the factory-default IP 192.168.88.1, which I plan to remove and use 10.0.0.10 there, but I cannot use it until the VLANs are working properly (I really wish that hap ac2 has a serial-console... Today, I spend 15h+ with this and every couple of tries I ended up chopping the branch I was sitting on...)
Attached you'll find my "router" and "basement" configurations. I apologize about the "router" config being messy with multiple stuff disabled, I'm yet to clean it up once I have everything working together.