Hello all,
i have a Tplink router with a port lan.
I have two networks to manage in the same office.
The TPlink is plugged on my ISP routeur with a network 192.168.1.0/24 .
Is it to possible to add network 192.168.2.0/24 for two physical port and the 3 others portsconfigured with the network 192.168.1.0/24.
I have seen mikrotik router able to this.
Thanks
You'll likely need to understand how VLANs are configured on the various devices (interfaces and switches both) to accomplish that. Generally it can be easily done on OpenWrt devices.
Without knowing the topology you want and the devices involved, it is hard to answer further.
hi thanks for the reply
So i need to make vlan to make it work ?
I cannot achieve it without ?
Regards
If you want separation of the two, yes.
If you are OK with them running on the same âwiresâ, then you just need to add the addresses. Most people want separation.
Almost any switch can do it, VLANs have to be used (inside the switch, no external tags needed). You sure need to understand what you do but do not have to be a network engineer for that.
Basically you want two ports to be members in one VLAN (WAN) and 3 ports to be members in another VLAN (LAN) if I got your intended setup correctly. Read some basics and tune the right options.
So i was able to have two openwrt.
Ok the first openwrt router is plug to ISP modem router with wan interface and it's on the network 192.168.1.0/24 and 2 PC are plug on lan interface.
The second router is plug to first openwrt router with wan interface and it's on the network
192.168.2.0/24. And 2 pc and 1 printer are on lan interface.
Can the pc on the first network can print on the print on network 192.168.2.0/24.
Do i need to configure the firewall to prevent PC from network 2.0 to see PC of network 1.0
Thanks for reading and sorry for my bad english
Thats totally different from what I imagined 
So you want network PCs to access internet and printer and network2 just the printer?
If so,
Turn NAT off on router #2 (it is named âMasqueradingâ in firewall options). You can get rid of MSS Clamping there too.
Turn forwarding on and accept packets in both directions (LAN/WAN and WAN/LAN) on router #2
Add static route on router#1 for the printer via router#2
This will prevent computers from network 2 accessing nework 1 and internet but they will still print.
Else, please explain the end-goal
Hi
thanks for the reply
It's always better with a draw
But the PC from network 192.168.1.0/24 (PC1,PC2) need to access internet and the printer on network 192.168.2.0/24
And PC and printer from network 192.168.2.0/24 need to access to internet 
but they need to not have to network 192.168.1.0/24
Hi vov4ik_il
i have tryed but it doesnt work :confused.
If PC from network 2.0/24 have internet they can also ping PC from network 1.0/24
If PCs from segment 192.168.2.0/24 need internet:
Move the port that is connected to the printer from LAN to WAN (modify Network-> Switch configuration)
Create new firewall traffic rule(s):
(Firewall-> Traffic Rules)
"Source Zone" in "LAN" and destination "WAN"
Put the PCs from 192.168.1.0/24 in Destination Address and action: Reject or Drop
Put the rule in the top.
That should work.
