[SOLVED] VLAN on WAN port

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello everybody,

this is my config:

OpenWRT ( LEDE Reboot 17.01.4 r3560-79f57e422d / LuCI lede-17.01 branch (git-17.290.79498-d3f0685) on a NETGEAR WNDR4300 router.
Wifi is acting as a client and bridging internet connection to lan ports. I configured phisical WAN port to be bridges as well.

Now I'd like to create a separate VLAN on the WAN port (no interaction between clients connected on LAN ports and clients on WAN) but I'm having trouble understanding how to do this.

Here are some screens of my configuration:




Can somebody help me please?

2

You already have a VLAN on the WAN Port, VLAN2.

1 Like
3

yep, but vlan1 and vlan2 share same ip subnet, they are in the same network. I'd like to separate them, for example:
vlan1 192.168.1.0/24
vlan2 10.0.0.0/24

4

Create a new network (e.g. "guest") with your 10.0.0.1 IP and and attach eth0.2 to it. Of course also remove eth0.2 from the LAN bridge.

2 Likes
5

That's the point I'm missing. How to do it? I can't find any documentation about this

6

Screenshot%20from%202018-08-28%2010-57-59

The "add new interface" button.

You would do that part under "Physical settings" on the newly mad interface.

1 Like
7

Ok, so far I created the new "guest" interface, assigned to eth0.2, detached eth0.2 from the lan bridge.

But the new "guest" network, has no internet connection (since I detached to lan bridge).
If I create a second bridge (WWAN > GUEST) I lose connection on LAN aswell.

:thinking:

Cattura1 Cattura2 Cattura3

btw I'm following this https://wiki.openwrt.org/doc/recipes/guest-wlan-webinterface

8

You need assign Guest interface into LAN zone by Firewall Settings tab.

9

I solved, thankyou everybody.

I'll write the final move here, maybe could help somebody.

Basically the eth0.2 device was the same for GUEST, WAN, WAN6. But since the firewall rule was the same for WAN, WAN6 and WWAN (this is the actual internet gateway) it would create conflict when I assign also GUEST.
So I create a third VLAN (eth0.3) and assigned GUEST to it. Then following the advices in this post and this guide for the firewall riles and everything is working now :beers: .

Thankyou for your tips! I'm learning a lot in this forum!

10

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.