Hello...I am trying to do something very basic in setting up port based vlans as outlined in this article.
Here is how my GUI is setup.
I need port 1 and ports 2-4 to be on separate VLANs with filtering so that only outbound and return traffic can leave and enter those VLANS.
root@CoreNet01:~# nvram show | grep vlan.*ports
size: 37642 bytes (27894 left)
vlan2ports=0 5u
vlan1ports=1 2 3 4 5*
I would expect the output to be
vlan2port=1 5u
vlan3ports=2 3 4 5*
In the end, this is what I want to accomplish
1) Device connected to port 1 on back of the router to only have Internet access and traffic leaving and returning to that vlan (vlan2). all other traffice denied/dropped.
2) Devices connected to ports 2-4 on the back of the rounter to have access to each other (VLAN3) , the Internet wireless devices (see steps 2 and 3 below).
3) Private Wifi in same VLAN (VLAN3) as ports 2-4 with access to those devices and the Internet.
4) Guest Wifi with only access to and from the Internet.
I got as far as getting the physical ports configured as shown in the GUI. I am able to communicate on the separate vlans/subnets (with fixed ips as desired). I put in some iptables rules which did not prevent access from VLAN2 to VLAN 3 and vice versa.
I noticed that the GUI keeps forcing port 1 to be in the LAN bridge too.
Is there a hardware schematic for the layout of the
R7000 similar to this one.
Recent comments