Menu
What's new
By:
Filters Better Search

Seperate wifi SSID seperate subnet

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

R

Raymond74

Occasional Visitor
Hi all,

I have 1 requirement which is to seperate my IoT devices from my personal devices. So I am fine with vlan1 and then LAN subnet but want to bind the first Guest WLAN (wl0.1) to a seperate bridge and vlan (for tagging on wired ports).

vlan1 - personal stuff
vlan9 - IoT devices

Some devices need to communicate between vlan1 & vlan9 so besides outside NAT I will also need some extra iptables. My problem now is... I cannot even connect after my changes.
 
And I get blocked everytime on this forum? What is that ? I am trying to post what I did... but is it too long ?
 
Why have I been blocked?
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

What can I do to resolve this?
You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Cloudflare Ray ID: 466b07647f9f7265
 
Raymond74 said:
I have 1 requirement which is to seperate my IoT devices from my personal devices. So I am fine with vlan1 and then LAN subnet but want to bind the first Guest WLAN (wl0.1) to a seperate bridge and vlan (for tagging on wired ports).
Click to expand...

Perhaps this may be of use... WiFiVPN.sh to create the WLAN bridge(s), together with VLANSwitch.sh to allow both WLAN interfaces and a designated switch port to be on the same 'VLAN'
 
Martineau said:
Perhaps this may be of use... WiFiVPN.sh to create the WLAN bridge(s), together with VLANSwitch.sh to allow both WLAN interfaces and a designated switch port to be on the same 'VLAN'
Click to expand...
Maybe read the pastbin. I want the asus to be the router and DHCP, with IPtables. But I also want the 1 lan port in the guest vlan.

But currently I can not even connect on wl0.1 (Guest WLAN1 2.4Ghz)
 
Last edited:
And I'm not seeing my iptables entry back when added....

admin@RT-AC87U-D808:/jffs/scripts# iptables -I INPUT -i br1 -j ACCEPT
admin@RT-AC87U-D808:/jffs/scripts# iptables -L INPUT
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
logdrop icmp -- anywhere anywhere icmp echo-request
logdrop udp -- anywhere router.asus.com udp dpt:domain STRING match "ssm1.internet.sony.tv" ALGO name bm TO 65535
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
logdrop all -- anywhere anywhere state INVALID
PTCSRVWAN all -- anywhere anywhere
PTCSRVLAN all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
OVPN all -- anywhere anywhere state NEW
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
INPUT_ICMP icmp -- anywhere anywhere
logdrop all -- anywhere anywhere
 
Raymond74 said:
And I'm not seeing my iptables entry back when added....

admin@RT-AC87U-D808:/jffs/scripts# iptables -I INPUT -i br1 -j ACCEPT
admin@RT-AC87U-D808:/jffs/scripts# iptables -L INPUT
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
logdrop icmp -- anywhere anywhere icmp echo-request
logdrop udp -- anywhere router.asus.com udp dpt:domain STRING match "ssm1.internet.sony.tv" ALGO name bm TO 65535
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
logdrop all -- anywhere anywhere state INVALID
PTCSRVWAN all -- anywhere anywhere
PTCSRVLAN all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
OVPN all -- anywhere anywhere state NEW
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
INPUT_ICMP icmp -- anywhere anywhere
logdrop all -- anywhere anywhere
Click to expand...

Maybe read the iptables man page for the correct/appropriate iptables list command to actually reveal/display your custom br1 rule.
 
Anyway thanks for the people that helped, I am trashing this router as I just need a proper router/switch without hacking like Meraki for example or RouterOS. I will keep it like this for now
 
You must log in or register to reply here.

Similar threads

L
RT-AX88U Pro Max Wifi Speed
Replies
6
Views
602
glens
G
G
subnet of home LAN - did I overlook anything important?
Replies
4
Views
400
gretter
G
G
RT-AC86U VLAN-like modifications to guest network
Replies
19
Views
2K
pjd50
P
jetonr
DSL-AC68U with 3 SSID and 3 VLAN as AP slow and unstable!
Replies
5
Views
1K
drinkingbird
drinkingbird
S
VLAN Setup for IoT Devices
Replies
19
Views
3K
drinkingbird
drinkingbird
Similar threads
Thread starter Title Forum Replies Date
M [🙏 Feature request For Asus Merlin] Add Public WiFi Mode for GT-AX11000 Asuswrt-Merlin 7
Akki WIFI Calling Asuswrt-Merlin 18
B Wifi performance on RT-AX86U Pro Asuswrt-Merlin 1
c.petras 3004.388.6 AX86U poor 2.4 Wifi Asuswrt-Merlin 5
R Interface Shown As 5G Wifi When Connected To 2.5G Ethernet Asuswrt-Merlin 7
Neo-ST [AX86U Pro] WIFI not working well after updating from stock to Merlin Asuswrt-Merlin 33
B AX88U WIFI 5GHZ Issues Asuswrt-Merlin 1
G wifi devices get disconnected from router/aimesh single iphoneXS/15 pro triggers this when coming home Asuswrt-Merlin 15
O Solved Problem connecting to my wifi for ONE laptop Asuswrt-Merlin 6
R RT-AC88U on Merlin 386.12_4 Wifi Button turn off Wifi Scheduler Asuswrt-Merlin 0

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,017 (members: 20, guests: 997)
Top