Tomato v.1.28-136 K36ARM
Home router use One tagged VLAN on WAN - works fine.
I have assigned a total of 5 VLAN bridges with each physical port on its own VLAN, and Wireless Wl0 (eth0) to VLAN5. No Wl1 (eth1) for the moment.
My goal is to have isolation between the VLANS, except for VLAN1 (port1) can access the default LAN, There is a section on the Tomato setup called ADVANCED/LAN ACCESS. Each of the VLAN bridges can be assigned to one of the other bridges, except not to itself. But do I need a separate line for every VLAN, or just VLAN1 so it can talk to the router? What is happening with this screen? If All the VLAN bridges get associated with the default bridge br0, then are all bridges connected together without VLAN isolation?
One other observation is from the VLAN screen itself on ADVANCED/VLAN, I can actually "tag" each LAN VLAN (just check the box) and everything seems to work, even though I am not sending tagged frames to the physical ports. Shouldn't the router reject frames that are not tagged with the VLAN tag VID in the setup?
Thank you for any help. There's no owners manual for Tomato, but it is still infinitely better than dealing with Netgear stock firmware.
SpaceX
scratch the 5 VLANS, since the firmware will only allow 3 bridges. Nonetheless, my question is still the same: what setup steps to perform to insure VLAN isolation? If a number of VLANS were to be assigned to one physical port, I am guessing that an additional VLAN aware switch would be needed to process the tagged VLANS?