[Thomas_VDB]

Hi,
I have setup 5x R7000 with ddwrt as AP's for our company (router/firewall = pfsense).
We are using VLAN's, and the dd-wrt are correctly usingthe VLAN's and are broadcasting several SSID's for the different VLAN's.

The final thing that I want to do is add a management VLAN :
The computers and laptops on the network are working in VLAN 1, and can in theory access the AP's configuration pages as the AP's management IP is also in VLAN 1.
However I want to change the management VLAN from the AP's to VLAN 15.
I have added VLAN 15 to the switch configuration. But how do I tell ddwrt thatt the management VLAN is VLAN15.
I do'nt suppose I could just change the IP-address of the LAN-IP to be in the tange of VLAN 15. That won't be enough, will it?

[ho1Aetoo]

You have to bridge br0 with VLAN15 and give the router an IP address in the VLAN15 range

You have to bridge VLAN1 + eth1 + eth2 with another bridge e.g. br1

[Thomas_VDB]

Perfect! I'll try that!

[Thomas_VDB]

Still need some help.

This is my current situation :
1. Switch config :
WAN port : tagged to VLAN1 (default network), VLAN15 (mgmt), VLAN98 (IoT) and VLAN99 (Guest)
LAN ports : access tot VLAN1

2. Networking :
-Created br1 : bridge between wl0.1 (Virtual1 2.4GHz), wl1.1 (Virtual1 5GHz) and VLAN98 (IoT)
=> br1 gets static IP in VLAN98-range
-Created br2 : bridge between wl0.2 (Virtual2 2.4Ghz), wl2.1 (Virtual2 5Ghz) and VLAN99 (Guest)
=> br2 gets static IP in VLAN99 range.

3. This result in current bridging table :
br0 no eth1 eth2 vlan1
br1 no vlan99 wl0.1 wl1.1
br2 no vlan98 wl0.2 wl1.2

Do I now bridge br0 to VLAN 15? But this results in current bridging table eth1 eth2 VLAN1 VLAN15.
I don't want to bridge VLAN 1 with VLAN15.

If I make a newe bridge (br3, I can bridge br0.0 with VLAN15). But then I need to give br3 an IP, and I can reach the web interface via thal VLAN15 IP. But what do I do with the basic setup>LAN IP addres? also put it in VLAN15? Then I have 2 IP's in VLAN15?

AM a little lost...

[ho1Aetoo]

just read what I wrote above

[Thomas_VDB]

I was able to bridge my management VLAN with br0.
It works.
However I have br1 and br2, that are the bridges between my VAP's and my other VLANs.
These bridges br1 and br2 also have IP adresses and the config webpage is also reachable from these IP's
.
I only want the config webpage to be reachable via the management VLAN.

Is this possible (via settings in the GUI, preferable not via commands/IPtables)?

[egc]

You do not need to give the bridges on the AP's an IP address that is only for management purposes

[ho1Aetoo]

The problem is that once an IP address has been assigned, it can no longer be removed via the GUI

nvram set br1_ipaddr=0.0.0.0
nvram set br2_ipaddr=0.0.0.0
nvram commit
reboot

[Thomas_VDB]

Thanks!