Daniel Leblanc
New Around Here
Hi,
I just bought a edgerouter x for faccing the net.
So I would like to connect my 2 router rt-n16 and ac-66u in AP mode.
I need to setup a guest SSID with vlan to restrict access to my NAS.
I read many topics here and nothing seem to work.
On the Edgerouter I have setup:
vlan 1 (default) with a DHCP for that VLAN
VLAN 10 with DHCP for that VLAN
On my RT-N16 I test these 2 scripts without success
The Rt-N16 is connect in the WAN port.
The normal SSID is working well.
first I tried
The second one without success
I just bought a edgerouter x for faccing the net.
So I would like to connect my 2 router rt-n16 and ac-66u in AP mode.
I need to setup a guest SSID with vlan to restrict access to my NAS.
I read many topics here and nothing seem to work.
On the Edgerouter I have setup:
vlan 1 (default) with a DHCP for that VLAN
VLAN 10 with DHCP for that VLAN
On my RT-N16 I test these 2 scripts without success
The Rt-N16 is connect in the WAN port.
The normal SSID is working well.
first I tried
Code:
#!/bin/sh
PATH="/sbin:/usr/sbin:/bin:/usr/bin:${PATH}"
robocfg vlan 10 ports "0t 8t"
vconfig add eth0 10
ifconfig vlan10 up
brctl addbr br1
brctl delif br0 wl0.1
brctl addif br1 wl0.1
brctl addif br1 vlan10
ifconfig br1 192.168.2.2 netmask 255.255.255.0 broadcast 192.168.2.255
ifconfig br1 up
nvram set lan_ifnames="vlan1 eth1 wl0.1"
nvram set lan_ifname="br0"
nvram set lan1_ifnames="vlan10 wl0.1"
#nvram set lan1_ifnames="vlan10 wl0.1 wl1.1"
nvram set lan1_ifname="br1"
nvram commit
killall eapd
eapdThe second one without success
Code:
#!/bin/sh
PATH="/sbin:/usr/sbin:/bin:/usr/bin:${PATH}"
#create vlan 10
robocfg vlan 10 ports "0t 1t 2t 3t 4t 8t"
robocfg vlan 1 ports "0 1 2 3 4 8t"
#add vlan 10 to eth0
vconfig add eth0 10
#bring vlan 10 up
ifconfig vlan10 up
brctl addbr br1
brctl delif br0 wl0.1
brctl addif br1 wl0.1
#brctl delif br0 wl1.1
#brctl addif br1 wl1.1
brctl addif br1 vlan10
ifconfig br1 up
nvram set lan_ifnames="vlan1 eth1 wl0.2 wl1.2"
nvram set lan_ifname="br0"
nvram set lan1_ifnames="vlan10 wl0.1"
nvram set lan1_ifname="br1"
nvram set wl0.1_closed=1
#nvram commit
killall eapd
eapd
#enable wifi guest isolation (for wifi clients only, not lan)
wl -i wl0.1 ap_isolate 1
#block lan access to/from wifi guests
ebtables -I FORWARD 1 -d Broadcast -j ACCEPT
ebtables -I FORWARD 1 -s 00:50:56:2e:33:02 -j ACCEPT
ebtables -I FORWARD 1 -d 00:50:56:2e:33:02 -j ACCEPT
ebtables -I FORWARD 4 -i wl0.1 -j DROP
ebtables -I FORWARD 4 -o wl0.1 -j DROP
#start of entware loading
RC='/opt/etc/init.d/rc.unslung'
i=30
until [ -x "$RC" ] ; do
i=$(($i-1))
if [ "$i" -lt 1 ] ; then
logger "Could not start Entware"
exit
fi
sleep 1
done
$RC start
Any Idea?
Last edited:
