so with how i and with a help from psherman setup vlan it's rock solid, but i've been trying to make new vlan/network for just me and myself to have network adblock that wouldn't make other people in the house mad, could somebody lend me a hand for setting this up correctly on my dumb AP?
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
Your main router has a lot of stuff going on, too much for me to review exhaustively. There are a lot of things that look questionable or unusual,
but I don't have the ability to go through everything at this time. However, I did notice some errors and I have a few questions and comments.
Why did you have the ipv6 weight, ip6ifaceid, DNS, and dns_metrics added to the lan network?
The DNS entries don't do what you would expect here... it's not really useful to add it here. But a major problem exists here in that you've got a /16 defined. This should be a /24 based on your other networks.
Your limit is wrong here, causing the DHCP server to be invalid. The DHCP pool is:
start to (start + limit - 1)
That means that when the start is 100 on a /24, the max value of limit is 155.
It is also incorrectly set on your guest network.
On your new DomNetwork, the DHCP server is disabled, and you have a netmask that line in the DHCP server that needs to be removed (it is unnecessary, and the value is wrong):
Your firewall has a lot of extra rules -- I haven't gone through to see what is useful/necessary vs what might be incorrect or unusual. But you also have a management network that seems unusual and unnecessary... So there's a lot in there that maybe should be reconsidered.
That said..
On your AP, you'll setup bridge VLANs and then some unmanaged networks. This assumes eth0 is used to connect to the upstream network:
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'eth0:u*'
list ports 'eth1:u*'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'eth0:u*'
list ports 'eth1:u*'
config bridge-vlan
option device 'br-lan'
option vlan '3'
list ports 'eth0:t'
config bridge-vlan
option device 'br-lan'
option vlan '4'
list ports 'eth0:t'
Now edit the lan network to use br-lan.1:
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ip6assign '60'
list ipaddr '10.0.0.93/24'
option gateway '10.0.0.1'
list dns '10.0.0.1'
And setup 2 unmanaged interfaces:
config interface 'guest'
option device 'br-lan.3'
option proto 'none'
config interface 'DomNetwork'
option device 'br-lan.4'
option proto 'none'
Now you can setup wifi SSIDs against the respective networks.
for the metrics and ipv6 stuff i was battling against router advertisements from my google nest devices which are sending RA so i wanted to make my ULA ipv6 to be the main RA instead of the RA from google devices.
also this AP won't do Guest network because the USB wifi stick i have in my nanoPi r5c can't do multiple ssids (mt7921au).
What i want to do is for this dumb AP to have 2 vlans. Vlan4 which is my DomNetwork where i will have adblock for my pc and VR wi-fi. Vlan1 which is my main LAN for my second Wi-Fi radio which is for other devices. I want to make Vlan4 to see vlan1 devices and vice versa and to grab dhcp from vlan1
Also what makes my dhcp pool invalid? from my knowledge /24 network is 255.255.255.0 which makes 254 available addresses. i use my main LAN as 10.0.0.1-10.0.0.99 for static ip addresses and the rest of the network (10.0.0.100-10.0.0.254) for dhcp. how come i only can have 55 ip addresses for dhcp?
Oh wait. disregard, i think i understand what you mean on the dhcp pool. i completely misunderstood the limit meaning in this scenario.
I am encountering weird issue where my pc is getting dhcp from VLAN1 (10.0.0.x/24 network) instead of VLAN4 (10.0.3.x/24 network) and i can't access my dumb AP anymore.
I can access Main router but it can't ping my dumb AP
Please draw a complete topology diagram that includes all of the infrastructure devices, the ports, VLANs and IP addresses for each. This will help me understand the complete picture of your physical setup so we can then review the configs with all the context.