I need help. Not a networking guy but I can muddle my way through instructions.
I have 3x routers at home (1x RUTX50 and 2x RUT950) all connected by LAN cable / powerline. What I want to have is:
– Dual Wifi SSIDs (private and guest) on all routers.
– Dual subnets (private traffic = 192.168.1.0 and guest traffic = 192.168.88.0) on all routers.
I have set this up successfully on the RUTX50 i.e: dual Wifi SSID and dual subnets with firewall rules to keep traffic and devices secure. I can also create dual SSIDs and Interfaces on the RUT950s … but where I am struggling is Tagged VLAN setup which I get the concepts but can’t quite wrap my head around the options in RutOS to get it working.
If anyone has a Teltonika tutorial link aimed at morons such as myself, please post here. I’ve been watching these OpenWRT videos, which conceptually make sense, but I’m failing to translate the instructions into RutOS setting changes: https://youtu.be/4t_S2oWsBpE
p.s: I also think I’m failing to assign correct Physical / Bridge settings to the guest_lan interface as well (currently No Interface / not Bridged) … adding to my confusion.
Is the issue with tagged VLANs only? If so, make sure you assign VLAN Tags to end devices as well. On Windows, go to Device manager → Select your adapter → Properties → Advanced → VLAN ID and set the VLAN ID configured on the router.
imho: if guests are only wireless, then you do not need separate vlan for them.
you need create interface guest_lan, connect wireless_guest interface to it, and create one firewall rule, allowing traffic from guest_lan to wan. second rule - allow DHCP from guest_lan to router (udp 67-68 accept). any other traffic by default denied by firewall.
For anyone else struggling on this – and Google seems to bring this thread up re: RUT950 VLAN –the answer is:
Sell the RUT950 and buy RUTX10 instead.
There is a hardware limitation with the RUT950 which prevents tagged & untagged VLANS sharing the same physical port. You can have a port with all tagged VLANs, or a port with one untagged + the rest set to off… neither of which met my site requirements.
With a device capable of mixing tagged & untagged VLAN on the same hardware ethernet port (such as my main RUTX50 router and my RUTX10 access points), relaying main_lan DHCP + relaying guest_lan DHCP (and therefore extending main_wifi + guest_wifi) over one trunk cable (distributed via a home powerline) is actually very simple if you follow the Teltonika instructions for:
– first, setting up a guest VLAN on both the RUTX50 and RUTX10
– configuring the RUTX50 as a DHCP server for both main_lan/wifi and guest_lan/wifi
– configuring the RUTX10 as an Access Point with DHCP relay a/a
– configure guest_zone Firewall on the RUTX50 and RUTX10 under ‘General Settings’
– and finally make two Firewall ‘Traffic Rules’ on the RUTX50: 1) Prevent guest_zone getting onto lan. 2) Prevent guest_zone requesting to access SSH, FTP, webUI, SMB etc. etc. ports on specific hardware devices, such as the RUTX50 or any IOT devices.
That’s it. The RUT950 hardware/VLAN limitation had me going in effing circles. If Google brought you here, and the above doesn’t help, send me a DM or post Q’s here.
