Different VLANs for WRT3200 LAN Ports

I am using a WRT3200AC router and try to configure a separate vlan for each LAN port.
The switch is configured accordingly, for each vlan an separate interface has been configured.
Each vlan has an own firewall zone; At first start, I want to allow access between the vlans but only one vlan11 should have acess to the wan port.
My problem is that I can access the different vlans via WLAN, but I can not access the other
vlans from vlan11.
Please see configuration pictures attached.
Has anybody an idea what i have configured wrong? Thanks, Mark

I think, you don't need the masquearding for all vlans, just for wan.

I have correct the masquearding only activ for wan, but the behaivour is still the same.
From VLAN11 I can ping the devices in other vlans, but I can get no acess to them. Acess to WAN from vlan11 works fine.

what do you mean by that?

For example from VLAN11, I can't access Fileservers, a Networkprinter and a Appache server etc. in other VLANs. From WLAN this is no problem.

that's strange. are you sure, that the ping is successful?

Yes, I have just tried it again. I can successful ping each LAN port VLAN from another LAN Port VLAN, but I can not connect to them via webbrowser or network share.

Is my understanding correct, that if I forward between different VLANs zones in the firewall zone section (as shown) above, they have full access to each other? Or do I have to define traffic rules in parallel?
My understanding is that I only have to define traffic rules in case that the zones are not configured in the Firewall Zone section.

hmm, I have the same understanding. You only need the zone forwardings. And the ping shows, that the routing works.

Can you post a screenshot of the firewall config page?

Do you ping from the router oder a device in vlan 11?

I do the ping from a device in vlan11 to devices in the other vlans and get succesful response. Do you mean a Firewall screenshot like shown in my post above? Compared to that screenshot I habe only removed masquearding from the vlans.

I mean with the traffic rules.

Afterwards some test it seems that the problem is not located at the router but on my 24port Switch; I have setup for portbased vlans on that switch and connected each vlan of the router to one of them; It seems that the switch is rejecting the requests, even if the vlan is portbased; If I connect only one device directly into the different vlans of the LEDE router I can connect also from VLAN11 other vlans without problems. I will search the problem now in the switch config. Thank you for your help!


sometimes it's that simple ...