"Mike" == Mike Long via WLUG <wlug@lists.wlug.org> writes:
Mike> I have been lurking on this list of a long time and have learned much Mike> over the years. Mike> Now I'm hoping someone can point me to a good resource to Mike> understaning vlans. For some reason networking configurations Mike> beyond the most basic setups have never been something I really Mike> have gotten my head around. Databases are more my thing. So for VLANs you will also need your core switch at home (or ideally all your switches) to support VLANs properly. Or you need to have seperate physical networks, which gets un-wieldy. Mike> I have a Linksys E4200 router that I have flashed with the Mike> latest dd-wrt v24-40559_NEWD-2_K2.6_mini. My objective is to Mike> setup multiple vlans with multiple SSID's associated with the Mike> vlans to segragate my business, home, and iot devices from one Mike> another. After trying this tutorial Mike> https://www.ciscopress.com/articles/article.asp?p=1730493 and Mike> reseting the router many times I decided I need to understand Mike> how vlans work and how to set them up properly with this Mike> setup. I would like to start by understanding the default setup Mike> and what role the default bridge br0 plays in that setup and Mike> then move on from there. Can you explain (or show a diagram) of your network? So in my case, I've been starting to play around with VLANs as well, but since my wife and kids are working from home, along with me, it's hard to find time to possibly break the network screwing around with VLANs. The basic idea is that packets are tagged with the VLANid they are supposed to be presented to. So on a switch port, it will either be on all VLANs, or will only pass traffic for one or more specific VLANS. I have TP-Link EAP-EAP225 WAPs (Wireless Access Points) at my house. I finally gave up on my old Netgear WNDR3700v1,2 routers I had running DD-WRT, but only using them as WAPs. I have a PCEngines APU4 running as my firewall, running OPNsense. I like keeping these things seperate. My core switch is an ancient Dell PowerConnect 5324 with 24 1gb ports. And a small TP-link switch upstairs since I only have one path up from the basement. Anyway... I mean to setup VLANs as well, but the possibility of breaking things has stopped me for all of 2020 basically. Heh. since the Linksys E4200 only has four internal ports, I'm pretty certain you're running a switch or two behind it. So what I would do as a first step would be to setup a small switch on a single port, and set up that port on the E4200 to be in VLAN 10. Then make sure you route traffic to that VLAN. So I'd also make VLAN 10 be the subnet 192.168.10.0/24, to keep it all simple. Put a RaspberryPi or somethingh where you can access it directly, then configure it for that subnet and see if you can ping and pass traffic. At that point, you can setup things so that VLAN 10 can only send traffic to the internet, and not to any other VLANs. But I don't know how good the E4200s with DD-WRT are in terms of supporting VLANs. I seem to remember it was kinda flaky and problematic. The real trick is when you want to pass multiple VLANs down a single cable, and have the switches at each end (or a linux server with VMs and VLANs configured) pass traffic properly. Then it starts getting more hairy. I'd offer more ideas, but we really need to know more about your network setup (and your needs/desires) to make it work. I too want to put my IOT things onto a seperate VLAN on my WAPs, so I can isolate that traffic, I just need to setup the core switch properly. Ideally while everyone else is gone for a day. Or two. *grin* Please keep posting, I'm sure a bunch of us are in the same boat. John