we just built a house and we have the following components:
Netgear R7800 router with OpenWRT
Ruckus ICX7150-C12P switch
2x Ruckus R320 APs (one on each level)
I am completely new to Ruckus and VLANs and OpenWRT. My target is to have two VLANs, one for IOT/HomeKit components (we will go with Apple HomeKit for home automation) and the other one for laptops, iPads etc. the iPads should be able to see the IOT components, but not the other way around. I also want to be able to limit the internet access for single IOT components for privacy purposes.
In a second step I would like to channel selected components through Wireguard VPN on the router.
I hope you guys can give me some ideas on how to configure this setup!
I've been digging through the same documentation. The problems are fairly obvious:
for a total beginner re: VLANs, the wiki page is practically useless, as it does not go into detail what exactly the settings do
Since OpenWrt switched to DSA, the guides are also incorrect, making it much harder to understand what's going on and what settings your situation needs
Same goes for forum posts. I think the project as a whole would gain a lot from people rewriting most of these guides, based on a recent version, with visualisations, and frequently used solutions used as examples.
trouble is there isn't really a 'recent' version with dsa/vlan support... I think a realistic date/goal for such clear documents is around 21.02.2.
yeah... as someone with a background with vlans... even swconfig throws my head sideways... because a router has 'internal' vlans VS 'on-the-wire' vlans... which is REALLY difficult to convey... even to someone who has no problem understanding vlans at all...
I think wholistically DSA makes this abstraction somewhat clearer to an end user...
I gave this the VLAN ID 2. The standard connection is VLAN ID 1.
In the Ruckus config one can configure "Isolate wireless client traffic from other clients on the same AP." I did that as well.
On the switch, I tagged the three ports for the Wi-Fi APs and the router as tagged. Now they are "part of both VLANs". Untagged on VLAN 1 and tagged on VLAN 2.
So far, so good. Now, the OpenWRT portion gives me problems. The links above have not been too helpful up until now, unfortunately. Next step is to disable internet access for all clients for VLAN 2.
How do I do that in the OpenWRT LUCI?
Thanks in advance
P.S. I am not using the internal switch of the OpenWRT router.
Yes, I'm aware, and I'm not really complaining, rather, just making a statement that the documentation covers the old methods, while users are on the new system, which makes the documentation itself near useless for said users.
It's akin to someone asking about specifics of Windows 10, and someone linking Windows XP/7 guides to achieve the same. Are those documentations valid? Sure. Are they applicable to the current situation? Absolutely not.
