I'm trying to setup 3 x VLANs: One, Two , Three
I thought I knew how to do it from research, but it didn't work to my surprise. I feel close though.
Here's what I tried: (starting from a reset to default settings)
- Configure the br-lan bridge. And enable VLAN Filtering. Added 3 VLAN's.
- Added 3 interfaces, one for each VLAN. DHCP turned on too.
I think this is the basic configuration that should allow my computer to be on a different VLAN, depending on whether I plug in to lan1, lan2, or lan3.
But something seems to be conflicting.
When I have more than one DHCP server enabled, I don't seem to get an IP address.
Hoping I just missed something. Thanks.
I tried again and found that I still had problems getting an IP address, if I had a DHCP server enabled on more than one VLAN.
I realized that I forgot to specify a subnet mask when configuring the VLAN interfaces.
-I am not sure if setting a subnet is required. But I found I can now get the DHCP servers working on each VLAN. So if I plug my computer into either lan1, lan2, or lan3 - It gives me the expected IP corresponding to the correct VLAN.
I put a device with static IP 192.168.20.11 on VLAN20, and I tried setting up a forwarding rule in the Firewall, so that VLAN10 can reach VLAN20. But I could not reach/ping the device.
I don't know how to resolve the forwarding from VLAN10 to VLAN20.
And I don't really understand subnets. And whether or not specifying 255.255.255.0 will prevent me from reaching a different VLAN.
- I think it's working! I think it was the subnet mask that I forgot to set, which made the difference.
I want to access the web GUI of a static IP (192.168.20.11) network camera on VLAN20 (camera), from my computer (192.168.10.101) on VLAN10 (lan).
I have set the Firewall forwarding rule. But I still can't seem to access the web GUI of the device on VLAN20 (camera), when I am on VLAN10 (lan).
Please help. Thank you.
Configured from default settings:
Success! I found the 2nd error.
There seems to have been no problem with the zone forwarding rules I set up.
The issue was that I had not set a gateway address when configuring the static IP for the device I was trying to access.
Once set to 192.168.20.1, I was then able to access the device from the other VLAN.
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Wow, is that the only response I receive?
Not sure what you were expecting.... it seems you have fixed the issue. Is that incorrect?
I'm sorry. Thank you for the assistance.
I have three VLAN's: lan, camera, guest
I have setup the firewall to prevent the camera VLAN from accessing the wan, or device zones.
Question: How do I add an exception so that the NVR on the camera VLAN can get to the wan?
Create a traffic rule in the firewall. This can be more restrictive if desired/needed, but the basic rule would be:
- protocol: all
- source zone: camera
- source IP:
- destination zone: wan
Sorry for the late update
What I tried doing was:
Going to Traffic Rules and creating a rule on TCP/UDP, for the specific IP address of the NVR on the "camera" VLAN, allowing it to get to the WAN zone.
I named it NVR-to-WAN
The NVR's internet access seemed to kick in immediately after that
I was happy it is working. But I was still unsure whether this was the correct solution. And whether or not it is safe security-wise.
I honestly am not familiar with all the different protocols. So now that I have checked back here. I will update the protocol selection from the TCP+UDP I had selected, to 'all' instead.
Thanks so much for the help
Network Diagram B - (Updated: v2)
Router/AP1 - Cudy WR3000 v1 - OpenWRT 23.05.2
AP2 - Cudy WR1300 v2 - OpenWRT 23.05.2
AP3 - Cudy WR1300 v2 - OpenWRT 23.05.2
AP2 has the "eco: 4" model of the MediaTek MT7621. I noticed that this device just wouldn't work with some 5GHz WiFi channels, whereas the "eco: 3" would.
Question: Can AdGuard Home do content filtering per VLAN?