Hello, I’m having a really hard time configuring VLANs on my MT6000 Flint 2 router. I’ve watched several YouTube tutorials, including this one: https://www.youtube.com/watch?v=qeuZqRqH-ug, but none seem to translate well into real results.
I was able to set up my Admin and Root passwords as well as my Main (Host) and Guest Wi-Fi networks easily. However, once I move on to the advanced features—specifically VLAN setup—it all falls apart.
My goal is to configure two additional VLANs: - One for IoT devices - Another for IoT devices that need constant internet access, like smart TVs or water leak sensors The problem is that none of the videos offer detailed step-by-step instructions, and after multiple attempts, my VLAN setup keeps failing. It looks straightforward in the demos, but in practice, it just doesn’t work.
I’ve even contacted Annie in chat support and spent hours trying to troubleshoot this, but without success. At this point, I’m close to returning the router and switching to a simpler model.
Can someone please help me with a clear, step-by-step VLAN configuration guide for the MT6000 Flint 2? Please don’t share more video links unless they include detailed instructions. I know what needs to be done conceptually, I just can’t get it to work in reality and have already reset my router to factory settings multiple times.
Thank you for any real, detailed help you can provide.
Let me add more context. Initially I wanted to have 4 vlans for the following purposes to have better control/segmentation of the network.
1.) Vlan1x - for personal devices such as phone, PC with access to everything(WAN and other vlans)
2.) Vlan2x - To share with the guests with only internet access.
3.) Vlan3x - to have IOTs that do not require continuous internet connection, in other words, which can work on local network however needs the internet for firmware upgrades. Such as Smart switches etc.
4.) Vlan4x - for IOTs that require internet/cloud connection to function, such as Dehumidifier, Smart TV, Thermostat etc. this should have internet access and no access to other networks, higher subnet etc.
Goal is to keep them separate for security and privacy reasons. After going through few videos, I realized that #1 & #2 can be simply achieved with the Host and Guest Wifi networks as they are on different Subnets and with AP isolation, its even more secure.
So that leaves me wondering how to get 2 more Vlans added for the IOTs, I dont want to put them on Host/guest wifi as they share the same subnet.
What type of wired external VLAN capable Ethernet device are you trying to extend these VLANs to?
Because most VLAN capable Ethernet devices typically need to have a native untagged VLAN since native VLAN mismatch could cause the tagged VLANs not to work on the external VLAN capable external Ethernet device.
Also, if all these IOT devices are wireless and you don’t have any external Ethernet device that is VLAN capable, then I would just assign the specific IOT wireless network to the specific IOT network interface that is assigned to the specific firewall settings I wanted that wireless IOT network on.
However, if you do need to extend the networks to an external VLAN capable device like a managed mini-switch, then here’s an old post where I included some screenshots of how I extended VLANs out to my managed VLAN capable mini-switches.
I do not plan to extend them to external vlan capable devices, below is my plan
Vlan3x - Will have all the IOTs through Wifi + 2 hubs need to be connected directly to the eth. ports, these hubs are required to configure few of the devices. I plan to block their internet access once configured as they can work on the local network. I will enable their internet access on demand for FW upgrades etc or If I need to enable some feature that requires them to connect with their home cloud. in a gist - these devices will be configure then blocked to access other devices on the network and blocked to have internet access unless I need to update a FW etc.
Vlan4x - Dedicated for the devices that cant work with internet such as Smart TV, Thermostat etc. so plan is to have the following.
1.) Only internet access all the time.
2.) No access to other devices on other subnets/vlans.
If you're not extending the VLAN's to external VLAN capable ethernet devices, then you should be able to set this up without using VLANs.
Uncheck the LANx interfaces on the 'br-lan' bridge interface in the bridge ports drop-down that you want to connect to each ethernet connected hub. This will remove the LANx port(s) from the primary LAN network.
Example: Uncheck LAN3 for internet allowed network and LAN4 for as needed internet network.
.
Create two different network interfaces as Static Address interfaces for the two IOT networks using different IP subnets on each. If you don't have some external device providing DHCP services for each network, then enable the DHCP services on each IOT interface.
.
On each IOT interface, select the specific LANx ethernet port as the interface's device that will have the associated hub connected to it for that IOT network.
Example: LAN3 for the internet connected IOT network, and LAN4 for the as needed internet network.
.
Set the Firewall setting to the Guest firewall for the IOT network (on LAN3) that you want to get to the internet since the Guest firewall does not allow access to the primary LAN or other IOT network. Don't set a firewall setting on the other IOT interface (on LAN4) until you want devices on that network to get to the internet.
.
Connect the hubs to the Flint 2.
Example: Connect the hub used for internet allowed devices to LAN3, and the other hub to LAN4 for the as needed internet access.
I believe that should do it.
I'm not sure if you mean an external WiFi device or not, but you can setup additional wireless SSID networks on the Flint 2 and assign them to the specific IOT network you want them on. And even though the additional wireless network(s) must first be configured in the Advanced LUCI GUI, once they are created, the additional wireless networks will appear in the GL GUI's wireless tab which is nice.