TomatoUSB

I have a primary router with Tomato has two bridges. One is for the secure LAN and one for the guest network. I have a wired extension that needs to both provide access to our secure network for some clients as well as a guest wireless. I can create the guest wireless on the extension but I have to choose on the primary which bridge the extension is on. Is there a way to maybe connect it to the guest bridge and allow specific clients access the secure bridge? Or preferably have 2 bridges on the extension I can assign to the correct bridges on the primary?

Joe,

I see no answers, so I will take a shot. If you define your access point as "router" (no firewall) and connect a primary LAN port to the WAN on the access point you should be able to set the private WLAN to a bridge with the same subnet as the private on the primary, and the public similarly to the public. Make sure DHCP comes from the primary. Pretty sure that will work.

Ron <><

If I understand your meaning thats what I already have. Let me lay it out:

Internet Modem <==> Tomato1 Access Point(br0) <==> Tomato2 Router (No FW or DHCP) ^==GUEST==^
"""""""""""""""""""""=> Tomato1 Access Point(br1) == Tomato2 Router (No FW or DHCP) ^==PRIVATE==^

So, on Tomato1 I can run each virtual wireless on a different bridge. But Tomato2 is only on the bridge that is assigned to the LAN port its plugged into. I thought I could set the different gateways for bridges on Tomato2. Like br0 on Tomato2 has the gateway 192.168.1.1 and br1 has the gateway 192.168.2.1. I dont know if it would work and I cant do it anyway.

EDIT: As I re-read your post Ron I think you were thinking along the same lines as me. Ill try some more.

Hi Joe,

I guess I don't understand the issue. There is one gateway to your internet modem and both bridges use it. Routing internet traffic from GUEST and PRIVATE through the same gateway will still maintain the isolation between them. If you are worried about limiting bandwidth or access on GUEST vs PRIVATE you can still do that.

You are correct. But Tomato2 is connected to one of the LAN ports of Tomato1. Tomato1 is the DHCP server. But even if I make separate bridges on Tomato2 they both are on whichever bridge is assigned to the LAN port on Tomato1. The bridges exist on Tomato 1. Not Tomato 2.

I tried assigning br0 and br1 to Port2 and I got this message:

Port 2 cannot be assigned to more than on VLAN unless frames are tagged on all VLANs Port 2 is member

I can not check the tagged boxes. And Im guessing I need to tag the traffic at Tomato2 which is over my head at this point.

I think I though of another way to explain what I want to do. Tomato1 is connected to the internet and has two WLANs, WIFI and GUEST. Tomato2 is connected to Tomato1 by Ethernet LAN to LAN (WAN and DHCP Disabled on Tomato2). Tomato1 is the DHCP server.

Tomato1 has two bridges:
br0 = 192.168.1.1 = WIFI + LAN
br1 = 192.168.2.1 = GUEST

Tomato2 has two WLANs:
WIFI (should) = 192.168.1.1
GUEST (should) = 192.168.2.1

WIFI WIFI
| |
INTERNET -- Tomato1 -- Tomato2
| |
GUEST GUEST

I have tried making two bridges on tomato2 ".1.1" and ".2.1" But clients on ether are still assigned ".1.#"

Also, the VLAN tagging. I still dont know exactly how this should work. I understand its tagging traffic for different LANs on one interface but how do I make Tomato2 tag the data? Also the tagged checkboxes on the VLAN page are grayed out.

Joe,

That does make it more clear especially the statement about Guests getting assigned .1.x IPs by DHCP when connected on tomato2. My first suggestion was going to be to have you set up LAN Access under the Advanced menu for br0 to br1. Alternatively you might just set T2 as a router (not gateway) under Advanced—>Routing with NAT turned off and connect to T2's WAN port.