[bitsmt]

I am using WNR3500L with build 14896 mega and an Engenius EAP150 Wireless Access Point. The Engenius WAP is capable of 4 Wireless VLANs (tagging from 1 to 4094).

My intention is to connect an Engenius VLAN capable WAP to a port on the WNR3500L and provide a DHCP Server for each of the VLANs in the WAP.

Functional Specifications:
1. One VLAN will be allowed to communicate with the LAN.
2. All other VLANs will only have access to the Internet.
3. It would be optimal, if there could be 2 LANs, allowing for 1 Wireless VLAN to communicate with its assigned LAN but not be able to see the other two Guest VLANs.

My experience is with working with DD-WRT gui and I can easily create a Guest VAP. Due to the distance between the DD-WRT router and the location of the WAP, I must use the EAP-150 to supply wireless to the area.

Here is what I have done so far.
- In the WAP, create 4 SSIDs
+ Default
+ VLAN100 (has a VLAN tag of 100)
+ VLAN200 (has a VLAN tag of 200)
+ VLAN300 (has a VLAN tag of 300)
- Default can access the DD-WRT because it has no VLAN tag assigned to it.
- WAP is plugged into port 4.
- In DD-WRT - Setup>VLAN: Tried leaving it as is with port 4 assigned to VLAN1, but also tried assigning port for to VLAN2 and setting "Assign to Bridge" as None and LAN.
- In DD-WRT - Setup>Networking>Tagging: Tried VLAN1 Tag# 100, as well as eth0, and VLAN3.
- In DD-WRT - Setup>Networking>Create Bridge: Created br1 with STP=Off and assigned 192.168.2.1.
- In DD-WRT - Setup>Networking>Assign to Bridge: I tried assigning br1 to VLAN1, as well as VLAN3, VLAN 1.100.
- I did set up a DHCP server for the selected port that I assigned to br1.

All options didn't work for me (so I suspect I missed something).

I can't explain the appearance some of the Virtual ports and what they talk to. I am finding some are "ghosts" left from previous configs. Thus, I am "factory resetting" after a failed attempt to ensure I start with a clean slate.

I set up the VAP scenario to see how it works (maybe if I can learn how the wl0.1 is linked to the different virtual and hardwired ports, I can figure it out. Well, it seems that there is some happy magic happening in that router (am very grateful for the simplicity) so I can't figure out how VAPs work.

Thank you for your help and mercy.

[moto250]

I have similar hardware (WNR3500Lv1, EAP150) and set them up with regular and guest wifi on both.

My vlan settings are:

vlan1ports=4 3 2 1t 8*
vlan2ports=0 8
vlan3ports=1t 8

So the 4 LAN ports on the router are in vlan1, with port1 being tagged. Note that port1 is externally labeled as port4, and the ECB150 is connected to it.
Vlan1 is for regular computers.

The WAN port on the router is on vlan2.

Port1 on the router is also in vlan3, hence the need for tagging. Vlan3 is for guests.

Vlan1 is bridged to eth1 (router regular SSID), forming br0. The access point regular SSID is on vlan1.

Vlan2 is not bridged.

Vlan3 is bridged to wl0.1 (router guest SSID), forming br1. The access point guest SSID is on vlan3.


There are lots of ways to configure things, depending on just what you want to do.

[bitsmt]

My intention is to have the ECB150 connected to the physical port on the WNR3500L router (let's say port 2, thus LED 2 is lit). The ECB150 will have two SIDs Employees and GUESTS. Employees will have full access to resources on the physical port 1 (port 1 will be connected to a switch) and will get IP addresses via Router DHCP (10.10.10.xxx). GUESTS will have direct access to the Internet only and will get its IP addressess via Router DHCP (192.168.2.xxx).

I used the GUI to create VLAN1.200 (by chosing VLAN1 and then assigning 200 to it). I assumed that since the LAN ports are on VLAN1, that adding the tag 200 would allow me to tell the router to look for anything with the VLAN tag of 200. Shortly after this is where I get lost. I assume that I should create bridge br1 and give it the ip of 192.168.2.1. I assigned VLAN1.200 to this bridge. I then created a DHCP server for VLAN1.200. However, I am not sure if I need to unbridge VLAN1.200 or not. Since I have tried many different configurations, I am begining to think that this type of setup may need to be configured partially or entirely via command line (Telnet).

I keep trying, but it seems I am not 1337 in this area.

I shall keep reading and searching and testing. I could definetly use some help and guidance. I have alot of upset people at me right now.

I am currently keeping them at bay by setting up my old WRT54GL with the Internetl WLAN set as Employee and GUEST, but the range is not where near what I need and can give with the ECB150.

Here is what the command line shows:
vlan2ports=0 8
vlan1ports=4 3 2 1 8*
size: 21634 bytes (11134 left)

port5vlans=1 2 16
port3vlans=1
port1vlans=1
port4vlans=1
port2vlans=1
port0vlans=2
size: 21634 bytes (11134 left)

Thank you for chiming in. You've given me hope!

[moto250]

I can make suggestions based on what worked for me. It may not be the best way, but this is what I have to offer.

NB: In this setup, vlan1 is for Employees, vlan2 is for the WAN connection, and vlan3 is for guests. I think it is safest to use low vlan numbers (1, 2, 3).


ACCESS POINT
------------
in "Wireless / Basic"
- ESSID1: Employees
- ESSID2: GUESTS
in "Wireless / VLAN"
- virtual lan: enabled
- SSID 1 Tag: 1
- SSID 2 tag: 3


ROUTER
------
in "Setup / Basic Setup"
- address 10.10.10.1, mask 255.255.255.0
- dhcp server enabled, start 100, max 100

in "Wireless / Basic Settings"
- mode AP
- SSID: Employees
- network configuration: bridged
- virtual interface SSID: GUESTS
- network configuration: bridged

in "Setup / VLANs"
- set it like this:

vlan W 1 2 3 4 bridge
____ _ _ _ _ _ ______
_0__ _ _ _ _ _ none
_1__ _ x x x x lan
_2__ x _ _ _ _ none
_3__ _ _ _ x _ none
4-15 _ _ _ _ _ none
tagd _ _ _ x _
- note that "port3" in the settings corresponds to the one labelled "port2" on the router

in "Setup / Networking"
- remove any tagging entries
- create bridge br1, address 192.168.2.1, mask 255.255.255.0
- assign to br1: vlan3 and wl0.1
- the bridging table should also show br0, with interfaces vlan1 and eth1
- additional dhcp server on br1: start 100 max 50

in "Security / Firewall"
- if you can, disable the firewall until you get other things working. If the router is
connected directly to the internet, it would be best to have the fireall on all the time.

go in to the command line and run these commands to see what you've got:
nvram show | grep 'vlan.*ports' | sort
nvram show | grep 'port.*vlans' | sort

the nvram settings should be like this:
vlan1ports=4 3t 2 1 8*
vlan2ports=0 8
vlan3ports=3t

port0vlans=2 18 19
port1vlans=1 18 19
port2vlans=1 18 19
port3vlans=1 3 16 18 19
port4vlans=1 18 19
port5vlans=1 2 3 16

if they are not right, you can use the "nvram set" command to make them right.

[bitsmt]

Low VLAN numbers may be part of my problem I was using 200 and 300. I just finished reading a few post on DD-WRT having issues with tags greater than 15.

I did also read about the port reversal, but assumed it was for an older build. Bad to assume.

I'll give it a try. And report back. Thank you.

[phuzi0n]

Use a build over 17000 and then the VLAN GUI should work on that model. You are indeed limited to VID's 0-15 unless you get a modified kernel module (usually not worth the trouble unless you have a large existing infrastructure).

Regardless of whether you want multiple WLAN's on the router, the multiple WLAN guide explains most of what you need to do. The only additional steps are putting ports in the VLAN's you want to and then assigning the vlan interfaces to whichever bridge you want.