I need to perform access control between the wireless and LAN devices. To do so, I disabled "Bridge interfaces" for the LAN interface, and it is left with eth0.1.
I also created a new Interface "WiFi" for wlan0 with static IP address 192.168.1.200.
Then, I created a zone "wifi" to allow forwardings from WiFi to LAN.
Finally, I created a firewall rule to forward all traffic from WiFi to LAN.
My wireless devices are able to receive DHCP addresses. Before I begin to apply access control, I noticed wireless devices cannot even reach the WiFi interface - they cannot ping 192.168.1.200. They also cannot ping 192.168.1.1.
Thanks for chipping in! I will delete the unecessary firewall rule. But how do I fix the issue? Should I configure the LAN interface? For LAN, should I select eth0 (Ethernet Switch) instead of eth0.1 (Switch VLAN)?
Also, I am wondering if mistakes to my LAN interface configuration will prevent my wireless clients from reaching the wireless interface (ping 192.168.1.200).
Nope. As @mpa noticed, you need to fix the IP addresses, because right now they are conflicting. You can have lan 192.168.1.1/24 and wifi 192.168.2.1/24
Then add the lan interface into lan firewall zone as I mentioned before.