HI! I am setting up guest network from scratch following this guide: https://openwrt.org/docs/guide-user/network/wifi/guestwifi/configuration_webinterface
Everything is setup including firewall - such that switchport1 is my lan and switchport2 is guest lan (ports on the back of the router)
While setting everything up it caught my eye that brlan is inside my lan zone?
First device is brlan , second is switchport1
Should I remove switchport2 from brlan if that is going to be used for guest network? ( I already did this and still don't know if it's a good idea or not 
But here's a screenshot of what it looked like ...)
Specifies the wired ports to attach to this bridge. In order to attach wireless networks, choose the associated interface as network in the wireless settings
Yes, as you want it in the guest network, not the LAN network.
You should test the setup and make sure it operates as you want it.
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!
1 Like
Thanks , can I ask you about how to actually test if it works ? o:
I tried pinging 192.168.0.1 from guest network and I can't reach Luci - looks good so far
But I remember there's another address that should be protected from guest network - Edit: I found it
0.0.0.0 ( uHTTPd is the web server responsible of hosting the Luci web interface. By default uHTTPd listens to 0.0.0.0 which makes it accessible from the local network. )
I have no idea how to actually test this ? 0.0.0.0 is localhost of the PC? So pinging that doesn't actually tell me anything?
The firewall will stop access to uhttpd. The fact you can't reach Luci from your guest network means that the firewall is correctly configured to stop guests accessing your router.
If the internet works and guests can't access lan resources then you're golden!
1 Like
