I'm creating a two SSID network with two IP ranges using the Asus RT16N and another access point. The Asus/Tomato will be the router and wireless for my 10.x.x.x range. The wired ports will be the 192.x.x.x range, the other access point is connected to the wired side.
I think I have everything working after a bit of fumbling but I wanted to make sure I did everything right:
1. Under Basic:Network I turned on DHCP on br0. I created br1 with the 10.x range. Setup the wireless security, SSID, etc.
2. Under Advanced:VLAN I created a VID of 3 since 1 and 2 were already there. VID 1 has Port 1-4 as Yes (nothing in tagged) set to br0. VID 2 only has a YES in WAN with bridge set to WAN. VID 3 has no options picked except for bridge set to LAN1 (br1). The wireless option in this page is set to bridge to eth1 to LAN1 (br1).
I don't believe I setup anything else that deals with the VLAN stuff. It appears to be working as planned. I just want to make sure I didn't leave any security holes open where someone could access the 192.x network from a 10.x device or vice versa. I tried forcing my IP to a 192.x range on the wireless side(10.x devices) to see if I could get to the 192.x devices, and as expected it didn't let me.
I have the admin page passworded and such so no one can get in to it. Only weird thing I could see is on a 10.x device I could ping 192.168.1.1, guess that makes sense that its the router. I couldn't ping anything else though.
Is there anything else I missed? I didn't change anything in the Routing page or add anything in the LAN Access page(not sure what this page is for anyways).