Routing between VLANs

The vast majority of routers will allow you to do at least some basic config to make it operate as a dumb AP. Typically all that is required is to turn of DHCP and set the IP address in the same subnet as the respective lan to which it is connected, then connect via the lan port (instead of the wan port).

If you don't do that, you'll need to be able to turn off NAT masquerading and the firewall on those routers, and that is likely not an option you will find on all routers.

1 Like

Whit the AP config many features of the routers aren't available

What are the features that aren't available if you use a dumb AP config?

For your request to work with those devices as actual routers (instead of just APs), you must be able to disable NAT Masquerading and the firewall. Do those routers offer controls for these functions?

If not, your only options are to:

  • use a dumb AP type config (at the expense of the feautres you say become disabled on those routers)
  • purchase other devices that don't have these limitations and/or expose the option to disable masquerading and fireall (pro-tip: if they can run OpenWrt, you will be able to do exactly this).

I want the routers can use Mesh
On tplink routers you can disable nat and firewall

Ok. As long as you can disable nat and firewall, great.

Add a static route for each router’s lan network in the openwrt static routes section.

For example: via

And so on…

Then disable both nat masquerading and the firewall on routers 1-4.

And on the OpenWRT routers firewall, what I shouold do there?

Openwrt firewall is already set properly - all relevant networks in a zone together, the zone level forward rule is set to accept.

but it doesn't work

What doesn’t work?

Does the internet still work after you turn off masquerading and firewall on the other routers?

already done, thanks
yes the internet is working

So what is it that is not working?

now its working fine

and what i have to change when i want it so

Oh, great.

Just want to bring up this:

Many consumer routers do not allow you to do this with the vendor firmware. It is good you can do it on your current tp-link units.

If you need to replace these routers in the future, remember that a critical feature is the ability to turn off nat and firewall. That will be a must have control.

If openwrt can be used on a given device, this won’t present an issue, but be sure that you always have a way to access these controls either with the vendor firmware or with openwrt.


If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! :slight_smile: