I am trying to set up an isolated network for my IOT, comprised of a Wifi SSID and a physical LAN port on my R7500v2. This is under 21.02.2. I have both wireless and wired IOT things I want to connect.
I went into Luci->Network->Wireless and added a new SSID called "iot", creating a Network called "iot" there and giving it an interface name of "if_iot".
config wifi-iface 'wifinet5' option device 'radio1' option mode 'ap' option ssid 'iot' option encryption 'sae-mixed' option ifname 'if_iot' option key '[redacted]' option ieee80211r '1' option ft_over_ds '1' option ft_psk_generate_local '1' option wpa_disable_eapol_key_retries '1' option network 'iot'
Then I made a new interface for IOT under Network->Interfaces:
config interface 'iot' option proto 'static' option device 'if_iot' option netmask '255.255.255.0' option ipaddr '192.168.3.1'
and turned on DHCP:
config dhcp 'iot' option interface 'iot' option start '100' option limit '150' option leasetime '12h' list dhcp_option '6,192.168.1.3' list ra_flags 'none'
and made a firewall zone:
config zone option name 'iot' option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT' list network 'iot'
That seems to work, with a firewall rule to let local DNS through, to get my IOT devices that connect via wireless into the 192.168.3.1 range and isolated on the network.
However - my SmartThings and Hue hubs can only connect via ethernet, no wifi. They are attached to a switch which is plugged into LAN port 3 on my router. How do I combine the devices on that LAN port with devices on SSID iot and get them all assigned to the same subnet & firewall zones so they can talk to each other, but remain sandboxed from the rest of the LAN?
I think I need to make a VLAN and bridge the VLAN associated with LAN port 3 with the Wireless iface I created, but this is where I'm completely lost. It doesn't look like the tutorials I've found on Youtube or elsewhere, so I can't tell what ports to choose etc.
Basic config info for my router: https://openwrt.org/toh/netgear/r7500#basic_configuration
Any help is most sincerely appreciated!