I want to divide my home network into 4 VLANs: one for the adults, one for the kids, one for the IoT devices, and one for guests. I have an Ethernet switch that support VLAN tagging and I have Ubiquiti access points that will advertise 4 SSIDs each on different VLANs.
I intend to make each VLAN a separate IP subnet.
My OpenWRT R2S router has a single LAN port. Now, it's fairly easy to create 4 separate static IP addresses on this single interface, but how do I tell the router to tag traffic from each of these static IP addresses with a separate VLAN?
Is that even the 'best' way to accomplish my goals?
What you need is called "trunking". You must define several VLANs on the router's ethernet port, and assign a different interface configuration to each VLAN.
On the switch, you configure all the VLANs on the port that faces the router, and one VLAN on each of the ports that face your devices.
Okay, since no good deed goes unpunished, I have a followup question.
Now that I have four virtual network interfaces, one for each VLAN, how do I configure dnsmasq to forward DNS queries to different forwarders depending on the VLAN?
I want queries on the adult network to go to my ISP's DNS server, and maybe 1.1.1.1, when they can't be resolved locally from cache. But I want queries on the kids and guest network to go to OpenDNS servers (208.67.222.222, 208.67.220.220) for resolution.
I think I have DHCP pools configured correctly by VLAN, but since my home switch is in a relatively inaccessible place, and because it's currently serving traffic for the family and I don't want to disrupt that, it's hard to test at the moment. I have an 8 port managed switch that supports VLANs on the way from Amazon that'll be here tomorrow that I can use for testing.
Vgaetera, the header of that section (and yes, I saw it before posting here) does say "Multiple DHCP/DNS server/forwarder instances," but I don't see in that section how to actually set different forwarders for different instances, despite what the heading says.
If anyone has explicit instructions, I'd appreciate the handholding.
That section is designed help configure multiple instances and explains why you may need it.
The sections related to forwarding are a bit further.
You should apply them separately and selectively to each dnsmasq instance, e.g.:
@nogginboink FYI, you could type @ before the username if you need to mention someone (like I did here). That way, they get a notification of your post (and it is also easier, acutally) .