Hello,
I have an Asus RT-AC68U running the latest Merlin build in AP mode. The AP has the last port on the switch plugged into a Check Point firewall running vlan100 and vlan200.
I want have my main wireless bridged to a that port on the AP using vlan 100, and a guest wifi network bridged to that same port using vlan 200. The reason for this is so I can have a guest network that has no access to my internal network, but has internet access.
I had this set up in the past using DD-WRT, but I have not been able to find a DD-WRT build that passes ASUS's new certification yet, so I'm wondering if the same thing is possible with Merlin.
I currently used vconfig, brctl and robocfg to get to the following, and it seems like it might be working, but I need help with the iptables to prevent the guest net from accessing my internal network.
admin@RT-AC68R-CD58:/tmp/home/root# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.e03f4928cd58 no vlan1
eth1
eth2
vlan100
br1 8000.e03f4928cd58 no wl1.1
wl0.1
vlan200
admin@RT-AC68R-CD58:/tmp/home/root# robocfg show
Switch: enabled
Port 0: DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 1: 1000FD enabled stp: none vlan: 1 jumbo: off mac: d0:50:99:8a:c6:cd
Port 2: 100FD enabled stp: none vlan: 1 jumbo: off mac: 00:1c:7f:53:42:7e
Port 3: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 34:e6:d7:75:d2:e4
Port 4: DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:1c:7f:53:42:7e
Port 8: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 78:fd:94:11:99:2b
VLANs: BCM5301x enabled mac_check mac_hash
1: vlan1: 0 1 2 3 4 8t
2: vlan2: 8t
56: vlan56: 0 2 4t 7t 8t
57: vlan57: 2t 3 4 7t
58: vlan58: 0t 1 5t
59: vlan59: 5t 7 8u
60: vlan60: 7t 8t
61: vlan61: 2t 4t 7t
62: vlan62: 0t 4t 5t 8t
100: vlan100: 4t 8t
200: vlan200: 4t 8t
Once I get this all working, I'd also like to know what I need to do to make this config survive a reboot.
Please let me know if I left any information out that you need, and I'll get it for you ASAP.
Thanks in advance!
-broyuken
I have an Asus RT-AC68U running the latest Merlin build in AP mode. The AP has the last port on the switch plugged into a Check Point firewall running vlan100 and vlan200.
I want have my main wireless bridged to a that port on the AP using vlan 100, and a guest wifi network bridged to that same port using vlan 200. The reason for this is so I can have a guest network that has no access to my internal network, but has internet access.
I had this set up in the past using DD-WRT, but I have not been able to find a DD-WRT build that passes ASUS's new certification yet, so I'm wondering if the same thing is possible with Merlin.
I currently used vconfig, brctl and robocfg to get to the following, and it seems like it might be working, but I need help with the iptables to prevent the guest net from accessing my internal network.
admin@RT-AC68R-CD58:/tmp/home/root# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.e03f4928cd58 no vlan1
eth1
eth2
vlan100
br1 8000.e03f4928cd58 no wl1.1
wl0.1
vlan200
admin@RT-AC68R-CD58:/tmp/home/root# robocfg show
Switch: enabled
Port 0: DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 1: 1000FD enabled stp: none vlan: 1 jumbo: off mac: d0:50:99:8a:c6:cd
Port 2: 100FD enabled stp: none vlan: 1 jumbo: off mac: 00:1c:7f:53:42:7e
Port 3: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 34:e6:d7:75:d2:e4
Port 4: DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:1c:7f:53:42:7e
Port 8: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 78:fd:94:11:99:2b
VLANs: BCM5301x enabled mac_check mac_hash
1: vlan1: 0 1 2 3 4 8t
2: vlan2: 8t
56: vlan56: 0 2 4t 7t 8t
57: vlan57: 2t 3 4 7t
58: vlan58: 0t 1 5t
59: vlan59: 5t 7 8u
60: vlan60: 7t 8t
61: vlan61: 2t 4t 7t
62: vlan62: 0t 4t 5t 8t
100: vlan100: 4t 8t
200: vlan200: 4t 8t
Once I get this all working, I'd also like to know what I need to do to make this config survive a reboot.
Please let me know if I left any information out that you need, and I'll get it for you ASAP.
Thanks in advance!
-broyuken
