Lan and 3 SSID on wax206

Hi everyone.
I have a fiber modem provided by my ISP to which I have connected a small ethernet switch to which 4 network cables are connected (desktop and other devices).
The modem's Wan port is then connected to a Netgear wax 206 router which acts as a router with three activated SSIDs: main ssid 1 5ghz, ssid 2 2.4 GHz for home automation devices and old laptops, ssid 3 work only (these ssids are isolated each other, each device isolated from the others and without authorization to access the ethernet ports)

To improve performance, I would like to install the openwrt firmware but I am afraid of not being able to configure what I have done. In fact, they are stock firmware settings that already provide everything I wrote.

Is there a manual that easily explains which settings to apply?
Thank you

Typically you connect router directly to internet providers port and your switch on lan side (or another 5port router doubling as range extender in other end of house)

Client Isolation is just a tick box when you create the SSIDs.
Where I'm getting lost is you have a fibre modem with a switch attached and then you have a router connected to the fibre modem WAN port?
Is the WAX206 acting as a Router or just an Access Point?

Yes, you can have 16 different access points on mt76 per radio

To set up isolated guest networks:
You can re-assign lan ethernet ports to whichever guest network you like, default is only one LAN bridge with all ports and default sample accesspoints connected to it.

It is true. I don't use the ethernet switch integrated into the wax 206 router because I tried to move it away from the modem to improve the wifi signal (with limited success). Unfortunately the LAN cable branches are ready-made male plugs. So I connected them to a switch and then connected this to the router

So is the WAX206 just a Dumb AP:

It should be easy to migrate across, I used NMRPFlash for my WAX206.

I installed the stock version firmware.
I have enabled the 3 SSIDs but I have these problems:

  1. connected to SSID 1, I can ping devices on SSID 2
  2. I can't reach the modem's IP (

All devices appear to be on "LAN" interface, while the modem on "WAN".
What does it mean? Thanks

Can you bypass poviders modem and get a public IP adress, i.e get rid of providers modem managing your network and set up your network using OpenWRT?
It is called (optimally) pass-through or "direct" (less optimally) fullcone or DMZ

Address is in same subnet as OpenWRT-s default, you need to change one.

I think so but I don't know how. The modem is a nokia g240b
I changed the IP of the modem and now it is reachable.

Following the guide, I created:
Ssid 1 main free
SSID 2 for IoT devices (guest network)
Ssid 3 for work only (other guest network)

Everything seems to be working: isolated devices, isolated SSIDs and no LAN access.
I tried doing some pings and sniffers

The only doubt: why can you access the new modem IP from any SSID?

Thank you

Yes, you can access it as long as it does not overlap with any LAN network.

The nokia CPE is configured by your provider, if you do not find passthrough option you likely need to ask provider to let you connect your "new gaming router" to their internet connection. You will lose CPE self-service site then and it will be reduced just to cable media converter.
Then you will be able to set like TURN/STUN peer-to-peer connections for video calls and games.

Can it be prevented from being reachable from the two guest networks?

By means of disabling it away totally only (or by specific block rules)

Everything seems to be working, just as I wanted. Can I do some tests to understand if the networks are isolated, besides ping and wifi sniffing?

Could you explain to me how to do it? I'm not very practical. Thank you

You need to convince your provider or its CPE to put your OpenWRT router directly on the internet. Or drop traffic to originating from guest networks.
It is firewall/traffic rules.

I wanted to thank everyone.
Everything seems to be working perfectly.
The wifi connection has improved a lot and seems very stable even with home automation devices.

Thanks again to everyone for the precious help

probably worth closing topic, you can still reopen in 10 days.