Guest network over wifi mesh

Hello Everyone, I have a 802.11s mesh setup going and it works excellent. So thanks for all the work in making free software great!
What I now want to do is get a guest network going on all the nodes(same network and same SSID for all nodes).
Currently my setup is:

What I want to do is have the same guest network on node2 and node3 but isolate it from the main(lan network). I want one DHCP and one DNS server for guest which is already running on node1. I did some looking around and it seems VLANs is the answer.

  1. Am I right?
  2. If yes, what I don't understand is how will VLAN on node1 connect to VLAN on node2/3? will I need another separate mesh setup for that?(current the VLAN named "lan" is connected over the existing mesh setup)

You need to use gre encapsulation for extra networks.

Is there an example or some thread I can refer to for understanding what that is and making it easier to work with ?

Take a look here... it uses B.A.T.M.A.N:

... or here which uses vxlan:

(I haven't tried either of these)

gre is most compact by means of extra headspace needed, you can use ipsec, or udp-based vxlan or whatever, main point is wifi cannot have 1Q VLAN tag but at least can sustain 2kB MTU for all your encapsulation needs.

1 Like

This video was the easiest thing to follow:

and then one change from the defaults in 23.05 which I found in YouTube comments:

9 months ago (edited)
At first it didn't work for me (no IP address assigned to the guest interface on the second device) until I found out that "Input" for the new guest -> wan firewall rule was set to reject by default. Setting it to accept like it was visible on your video made it work. Afterwards guests were able to access the main router, to avoid this I configured traffic rules for DHCP and DNS as decribed in your other video and set Input back to reject afterwards again. Now it seem to work fine, thank you very much :)

This setup seems to work!!

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.