Hi, this is my first post. i installed openwrt the latest version on Linksys wrt3200, i have also followed instructions trying to setup VLANs for two of the ports as much as i have tried, i cannot get it to work. my question is, does VLAN work on wrt3200? if yes, who can help me and what is needed. if no, what cheap router i can use to do this.
You might want to take a look at the entry for your router in OpenWrt's Table of Hardware to see what capabilities a particular model has:
https://openwrt.org/toh/linksys/linksys_wrt3200acm
According to its hardware info table, the router is VLAN-capable.
The next thing to do is to familiarize yourself with how VLANs work in OpenWrt by reading its documentation:
https://openwrt.org/docs/guide-user/network/vlan/start
For your particular case, the How-To document would probably be the most useful one if you are trying to set up a VLAN and it is not working like you would expect.
HTH.
1 Like
I can confirm VLANs work in this device.
2 Likes
I will read through the docs, and will report back. i must be doing something real stupid
There is no need to attach any VLAN to both CPU ports. Have it tagged in one and off on the other.
A port should be untagged in exactly one VLAN, or tagged in one or more VLANs. Mixing tagged and untagged on the same port usually does not work in consumer-grade switch equipment. What are your intentions for port 4? Only tag an external port if the device on the other end of the cable is configured to understand VLAN tags.
my goal is two setup two separate network in my house that cant see each other, port 4 is just a test
i also redid it, removed the tag from one cpu, but regardless it creates two vlan switches. still dont work
In the switch, make a new VLAN. I suggest numbering it 3 instead of 78.
CPU eth0 should be tagged in both VLAN1 (the existing LAN) and the new one.
CPU eth1 remains tagged in only VLAN2, which is your existing WAN.
Turn off one of the external LAN ports from the existing LAN and instead make it untagged in the new VLAN.
Now you have eth0.1 = LAN, eth1.2 = WAN, and eth0.3 = the new guest network.
Make a new network interface called 'guest' of type Static IP. Connect it to eth0.3. Set the static IP to 192.168.Y.1, where Y is a number that makes it unique from both your LAN and WAN. Enable a DHCP server on the guest network.
Make a new firewall zone 'guest' and associate it with network 'guest'. Enable inter-zone forwarding from 'guest' to 'wan'.
You now have a basic guest network. Guests can access the Internet but can't see anything on your LAN other than the router itself. There are some additional firewall rules that can be imposed if you really don't trust the guests to prevent them any access to the router.
1 Like
thx so much this worked Mike, really appreciate it
@msadat If your problem is solved, please consider marking this topic as [Solved]. (Click the pencil behind the topic...)
Pls show me how
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.