I'm trying to achieve the following setup:
Most guides I found here are changing the vlan settings inside the wifi router in order to isolate the guest wifi to a single port. However in my case I'd like to have both my internal wifi as well as the guest wifi on the same or even all ports however tag them to the outside in order to connect to my pfsense box. There I'll add the tagged port (eth0 phys in the image) as a new interface and run a separate guest DHCP and only add rules to connect to the internet.
For this I'd need to configure the Port 1 as a trunk port on my AC68U right? How would I do that?
The code I have so far on the asus router running Merlin:
Most guides I found here are changing the vlan settings inside the wifi router in order to isolate the guest wifi to a single port. However in my case I'd like to have both my internal wifi as well as the guest wifi on the same or even all ports however tag them to the outside in order to connect to my pfsense box. There I'll add the tagged port (eth0 phys in the image) as a new interface and run a separate guest DHCP and only add rules to connect to the internet.
For this I'd need to configure the Port 1 as a trunk port on my AC68U right? How would I do that?
The code I have so far on the asus router running Merlin:
Code:
robocfg vlan 10 ports "1 8t"
vconfig add eth0 10
# create a bridge to isolate guest wifi - this is actually not required is it?
brctl delif br0 wl0.1
brctl addbr br10
brctl addif br10 vlan10
brctl addif br10 wl0.1
ifconfig vlan10 up
ifconfig br10 192.168.50.5
ifconfig br10 192.168.50.5 netmask 255.255.255.0 up
iptables -I INPUT 1 -i vlan10 -j ACCEPT
ebtables -F
ifconfig
#remove wl0.1 from lan ifnames
nvram set lan_ifnames="vlan1 eth1 eth2"
nvram set lan1_ifnames="vlan10 wl0.1"
nvram set lan1_ifname="br10"
killall eapd
