My objective is to have 3 new SSIDs/separate networks that insulate home/work/IoT traffic from each other… and am going mad over how difficult this seems to be!
For context, running FLINT as a router connected via WAN port to my isp modem (which is in bridge mode) (isp is BT Business in the UK).
**although the SSIDs appear, no internet connectivity on any of them but my main! **
Going absolutely crazy and would appreciate any insights into what I might be doing wrong or could change, or even just starts for troubleshooting.
In Luci - Network - Switch, I’ve created three VLAN ids, 13, 14, 15, each with Port 1 and CPU (eth0) tagged. [Note: top bar says - Switch switch0 has an unknown topology - the VLAN settings might not be accurate.]
I manually altered my config file to have ‘1’ below instead of ‘0’ for enable vlan.
config switch option name ‘switch0’ option reset ‘0’ option enable_vlan ‘1’
Network - Interfaces - Devices I created three VLAN (802.1q) devices called eth0.13/eth0.14/eth0.15 – each with eth0 as base device and my VLAN IDs there also.
Network - Interfaces I created three Static Address protocols linked to the above VLAN devices with IPv4 addresses progressing from my original ssid/the router id range, from 192.168.9.1-192.168.11.1 respectively. Each with IPv4 netmask of 255.255.255.0 and IPv6 assignment length of 60. Each with DHCP Server setting starting at 100, limit 150, lease time 12h, and dynamic DHCP.
Firewall - Zones
I created three zones equating to my three new network interfaces, each with input/output/forward on ‘accept’, mss clamping ticked, covering their respective networks, and each allowing forwarding to the WAN destination zone.
System - Wireless
Two of the networks I created under 5ghz, one under 2.4ghz. All have mode as ‘access point’, each linked to their respective network from above interfaces.
My WAN is still running in pppoe with an ip-specific username and password; off device ‘eth0’ rather than a virtual LAN (i’d received some advice elsewhere to make one specially for the WAN but it stopped working with an error each time i connected the WAN interface to that virtual lan device – if this is key, no idea how to get it working!]
Finally, I tried using the bridge br-lan VLAN filtering settings with each of my vlan ids mentioned - this has caused the original ssid to finally become unusable, so may factory refresh once more tomorrow.