fist of all i want to thank everyone who tries to get the problem and also for helping out with ideas and solutions =)
is this working with just one wired connection from AP1 to AP2?
also does it make sense / is possible to use eth0 (the wan port) at AP2 to extend the switch for more wired connections? (AP1 lan -> AP2 wan)
eth0 at AP1 is connected to one of the lan ports of the ISP, which works flawlessly.. ('cause of different subnets)
EDIT2 - cause im not able to post more than 19 times (newbie restrictions)
ok.. ill try to sum up everything..:
every AP resetted to factory
connect AP1s wan to one of the lan ports of the ISP (NATing 192.168.10.0 to 192.168.20.0)
ill delete the wan interfaces at AP2 + AP3
set the lan interface to a static ip (every ap - .1 /.2 /.3)
bridge eth0 to eth1 (just AP2/3 to extend the switch +1)
setup the guest and private wireless interfaces at AP2/3 like at AP1 (first of all without any restrictions)
-> for now i dont do a seperation of the switch, every wired connection should be handed over to the private lan
bridge guest and private wireless interface to the lan interface
disabling DHCP at AP2/3 private (lan) and guest interfaces
set all APs interfaces gateway and dns to the ISPs ip
connect AP3 to AP2 via WDS
use batman-adv at AP2/3 so AP3 clients are able to get an ip from AP1 (guest and private)
-> or did i get you guys wrong and should use a DHCP at each AP like at the right side description at the picture of the first post?
and if this works ill setup the restrictions for the guest subnets?
@dlakelan you exactly got what i want to do. Just having 2 subnets covered by all APs and a not used 3rd at the ISP. As i mentioned above, ill stop for now with more edits to not get the admins get angry ill clear this thing up tomorrow if im able to do new posts.
As I read the diagram I think there are supposed to be TWO networks: LAN and GUEST, but there are 3 APs handling these subnets, and ONE router (AP1). While the ISP device also has its own subnet but is basically nearly unused. So basically there are two bridged subnets.
I think the solution you are recommending is routed subnets: AP1 has its own subnet for LAN and GUEST, AP2 has its own subnet for LAN and GUEST, and AP3 has its own subnet for LAN and GUEST... This is a config you can set up, but you need to provide different SSIDs for each subnet, resulting in a total of 6 SSIDs and there is no possibility of roaming.
Roaming is what I think is meant by:
So what's needed is just two subnets one for LAN and one for GUEST and to provide a bridge that bridges AP1,AP2,AP3 for both VLAN subnets.
Unfortunately as I said, WDS won't do this. You need a more advanced protocol, which is BATMAN-adv
Yes absolutely, you use tagged VLANs on both AP1 and AP2 and the switch de-multiplexes based on the VLAN tag. In order to get those separate VLANs to travel across the wireless connection from AP2 to AP3 and back you need the BATMAN-adv method or some other similar method (you can do other things like GRE tunneling, but I think BATMAN is what you want)
@tmomas, clearly @KleBoR is not a bot or spammer, can we just manually accelerate the full user status here so things don't get more confusing from the 19 post limit?
Also I've rewritten the title to more correctly describe what the OP wants, he doesn't want cascaded routers but rather two bridged networks:
I don't know about this forum platform, but would it be feasible to specify that if a user's post get replies form other existing users, their basic quota is increased or lift?
No need for any acceleration.
KleBoR advanced in the meantime to trust level 1 (Basic User), without any admin intervention, just by reading postings and showing interest in different topics
Users at trust level 1 canβ¦
Use all core Discourse functions; all new user restrictions are removed
finally the restrictive time is over so those are the edits from the post above.
ok.. ill try to sum up everything..:
every AP resetted to factory
connect AP1s wan to one of the lan ports of the ISP (NATing 192.168. 10 .0 to 192.168. 20 .0)
ill delete the wan interfaces at AP2 + AP3
set the lan interface to a static ip (every ap - . 1 /. 2 /. 3 )
bridge eth0 to eth1 (just AP2/3 to extend the switch +1)
setup the guest and private wireless interfaces at AP2/3 like at AP1 (first of all without any restrictions)
-> for now i dont do a seperation of the switch, every wired connection should be handed over to the private lan
bridge guest and private wireless interface to the lan interface
disabling DHCP at AP2/3 private (lan) and guest interfaces
set all APs interfaces gateway and dns to the ISPs ip
connect AP3 to AP2 via WDS
use batman-adv at AP2/3 so AP3 clients are able to get an ip from AP1 (guest and private)
-> or did i get you guys wrong and should use a DHCP at each AP like at the right side description at the picture of the first post?
and if this works ill setup the restrictions for the guest subnets?
@dlakelan you exactly got what i want to do. Just having 2 subnets covered by all APs and a not used 3rd at the ISP. As i mentioned above, ill stop for now with more edits to not get the admins get angry ill clear this thing up tomorrow if im able to do new posts.
So thank you guys for the help for now!
@tmomas even im at trust lvl 1 i had to wait until the restrictive time is over
@dlakelan ill try to get familiar with batman-adv and the vlan seperation
@dlakelan do you have some config templates for 2 vlans and maybe also for a batman-adv setup? i do kinda have some problems while setting this up.. (might just be some understanding problems)
could you give me a hint how it is possible to do the connection like this:
AP1 LAN -- WAN AP2 (so ive one additional port at the switch)
i might have configured something wrong by setting up the vlan/bridging of the interfaces
Usually the wan port is not special it's just another port on the switch. In any case choose two VLAN tags to be your LAN and GUEST tags, maybe 2 and 3. Then for each device make one Ethernet port be tagged for both vlans and make the CPU port be tagged for both vlans, then put a cable between the tagged ports. Now set up your two interfaces on OpenWrt to physically use eth0.2 or eth0.3 and voila the two devices are connected and the two networks are separated.
See the wiki for guest Network to get an idea how to set up firewalls to isolate the two networks.
On models where everything goes through the switch, there should be two pre-defined VLANs:
LAN (4 ports, untagged)
WAN (one port, untagged)
Naturally you'd add a VLAN 3 for guests. Then change one of the Ethernet ports to be tagged in VLAN1 and 3, but off in 2. This will be the cable to the AP. It needs the same setup of tagged in 1 and 3 and those passed through to the CPU and the software network bridges.
at AP1 there are 2 interfaces.. private and guest. both setup with DHCP and pointing to the ISP (ISP LAN -> AP1 WAN)
everything while connected to AP1 works btw.
for now i connected AP1 LAN1 (tagged) to WAN of AP2 (also tagged). but im not able to get an ip adress if im connecting to each of the interfaces.
at both APs the guest and private interfaces are just attached to each vlan and of course wireless radio.
whats the point i got wrong in this?
do i need a 3rd vlan for guest and leave vlan1 as it is by default?
Does your ISP router do a guest network and VLANs?
In the conventional approach, at some point you have to route both the LAN user network and the guest network separately to the Internet. In the conventional approach this is done in the main router which is closest to the Internet.