I'm hoping someone here will be able to help me set up my new router. Just before Christmas, I bought a RouterBOARD 3011UiAS-RM and two TP-Link EAP225 wireless access points to replace my struggling Airport-based setup. Since then, I've been looking through the many examples of how to set up a guest network using a VLAN. I've failed to find enough consistency between some of the examples to feel confident about how to go about this, though I have learnt a few things along the way.
My setup and requirements are fairly simple:
- I have a Virgin cable router running in 'dumb' modem mode, which will connect to the RouterBoard's ether1. External IP address comes from DHCP.
- My Home (wired) network will all connect via a 3rd party switch plugged into any of ether6-10 using the 192.168.111.0 network.
- Guest (wired) ethernet will connect to ether2 using the 192.168.222.0 network (this is VLAN ID 99).
- Access points will both connect (via a separate 3rd party PoE switch) to ether3. The access points have two SSIDs (one for Home, one for Guest). The Guest SSID is assigned to VLAN ID 99.
Amongst many other threads, I read through this one: viewtopic.php?f=2&t=138232 which was somewhat mind-blowing for a beginner such as myself! It seems there has recently been a software change that means my guest vlan requirement can be satisfied within a single bridge. If I understand correctly, this is simpler but not necessarily better in all cases due to hardware limitations. However, as far as I can tell my router has hardware that is capable of handling 'bridge VLAN filtering' (QCA8337). If so, I would like to take this approach. I suspect one of the reasons I have found some inconsistency between examples is because some take the single bridge approach but many others show the older multi-bridge approach. Another factor I've struggled with is that most examples utilise on-board radio, which is not this case for me.
I have worked out some of the simple bits:
/ip pool add name=default-dhcp ranges=192.168.111.120-192.168.111.179 add name=Guest-dhcp ranges=192.168.222.10-192.168.222.254 /ip dhcp-server network add address=192.168.111.0/24 comment=Home dns-server=188.8.131.52,184.108.40.206 gateway=192.168.111.2 netmask=24 add address=192.168.222.0/24 comment=Guest dns-server=220.127.116.11,18.104.22.168 gateway=192.168.222.2 netmask=24 /ip route rule add src-address=192.168.222.0/24 dst-address=192.168.111.0/24 action=drop
I don't think I can fill in the interface field here until the bridge/vlan/interfaces have been defined:
/ip address add address=192.168.111.2/24 comment="Home gateway" interface=[PLEASE HELP] network=192.168.111.0 add address=192.168.222.2/24 comment="Guest gateway" interface=[PLEASE HELP] network=192.168.222.0
I'm pretty sure I accepted the default setup when I first setup the router, so I'm left with things like this which may need changing?:
/interface bridge port add bridge=bridge comment=defconf interface=ether2-master add bridge=bridge comment=defconf interface=ether6-master add bridge=bridge comment=defconf hw=no interface=sfp1 add bridge=bridge interface=ether3 add bridge=bridge interface=ether4 add bridge=bridge interface=ether5 add bridge=bridge interface=ether7 add bridge=bridge interface=ether8 add bridge=bridge interface=ether9 add bridge=bridge interface=ether10
Any help would be gratefully received!