i have 1 ZyXEL NBG6817 acting as main router and AP and 2 GL.iNet GL-AR300M acting as Wifi-AP's (connected by cable to the Zyxel). Zyxel is running on V19.07, the AR300's run on V18.06
I would like to create a VLAN for my IOT-things, which only has access to my local LAN, not the WAN.
Is it possible to add a Wifi-VLan over all 3 AP's?
In my understanding, yes. I have to create the VLAN on each single AP, right?
Do i need to create the bridge on all 3 AP's, or just on the Zyxel?
Does your IoT devices have static IPs, or do they use DHCP?
If you provide them with IPs on a separate subnet, it should be enough to set up a FW rule, and block internet access.
Leaving out the default GW would also do the trick.
Yes, you need to create the VLANs on each AP. Also, on the main router, you need to "trunk" all the VLANs on the wire that connects to the APs.
On the main router, you need to bridge each SSID with a different VLAN on the wire, so each network can coexist separately on the same wire. Then, do the same on the APs.