I've decided to segment my IoT devices from the rest of the LAN. So I created a new interface and then a 2.4GHz vAP as well as a 5GHz vAP for this new zone and bridged them all together. I have one device that's wired on one of the router's switch ports (LAN4) that needs to be part of this new network. So I figured the best way was to create a vlan (vlan 3) and put that port/vlan into the bridge group. Since E0 us used for WAN trafffic and E1 is used for LAN traffic I figured I wanted to make this new vlan a logical interface off E1. Can someone who's done this before make sure I did this right and don't have any security holes? For VLAN3 does CPU eth1 need to be tagged or is that only if I have a switch off that interface and plan to put other wired IoT devices on the downstream switch?
Any VLAN that needs to be routed must connect to a CPU.
If you're referring to VLAN3 attached to Port4, it looks fine.
It's fine as long as your firewall rules are OK.
1 Like
Makes sense regarding vlans that need to be routed. Thanks for the second pair of eyes.
1 Like