I prefer to have multiple wlan nets using different subnets, like 192.168.32.x and 192.168.67.x , depending on use (private, guest, iot), so I can see by the IP address which kind of client uses which network. The DHCP ranges should be associated too. I currently use DD-WRT and this works there, but would like to move to OpenWrt. Can this be done using OpenWrt?
As far as I can see, DHCP ranges can only be set for the LAN interface, the multiple wlan interfaces (one for each SSID / radio combination) don't seem to have the possibility. How?
You first create multiple network interfaces - one for each subnet/function (i.e. guest, iot), then attach them to the physical interfaces (wifi and/or ethernet). Each network will have its own DHCP pool in the respective subnet.
The OpenWrt Guest network tutorial is a good starting point -- the recipe can be modified to meet whatever requirements you might have (i.e. ethernet + wifi, firewall rules allowing certain access, etc.)
Bit of a confusion is that if you press Add under Wireless Overview, it adds a network, not an interface as in the wiki. So it wasn't clear to me without following the tutorial that a network needed to be defined first before it is shown under "interfaces" , and then under its (e)SSID name.
It would also a little bit clearer, I think, if on the wiki section "Configure the new interface" it would explicitly mention the ssid name like " .. see your new interface under its SSID name, looking ... ยจ
In the same section, where you edit the new interface, it writes about "bridge interfaces field", but I see no such field in any of the "interface" tabs and it is not in the screenshot either.
So I have most working now, 2 wan, (for now) 1 lan, 2 private ssids. 2 guest ssid2, all different subnets. I set up the firewall to move traffic from LAN to WAN and private, and from private to LAN and WAN. Guest only to WAN. The different colors are really helpful! According the manual referenced above, I should have had to define DNS and DHCP rules for at least the guest networks, However, without doing that guests work fine. Is this already done by the firewall setup?
One thing I cannot get to work yet: IP traffic from LAN to private and vice versa. If I ssh into the device, I can ping devices on LAN or private (different subnets). But a LAN device cannot ping a private device, and vice versa. I cannot figure out from the docs how to configure this. It should be transparent for any TCP/UDP traffic. Any suggestions?
Original problems is solved, 5 different internal networks with own IP ranges.
I have a problem with routing/firewall, but make another post for that.
Thanks.