How to access an AP on a separate VLAN?

1

I have several Linksys routers and I use one as DHCP server running Tomato and the rest as access points running stock firmware and DDWRT spread around my home office. To control bandwidth on certain APs I set a certain port on main router into a separate bridge and VLAN. Screenshot for reference.

VLAN setup bridge setup

Everything works fine and I can control bandwidth on anything connected on port 3. For some reason though I cannot access the web GUI of APs connected to port 3. I tried setting the AP's IP to 192.168.1.xxx and also 192.168.2.xxx per my bridge IP and none of them worked. Is there something wrong in my setting?

Thank you

rabbid

Posted 2015-11-09T11:11:41.360

Reputation: 351

1Can you ping them? – qasdfdsaq – 2015-11-09T11:27:55.510

1That suggests a basic connectivity problem, probably with your AP's IP address settings. – qasdfdsaq – 2015-11-09T12:26:48.247

1Perhaps. Can you give ideas? As I have said I tried setting the AP settings to 192.168.1.xx and 192.168.2.xx with no luck. Bear in mind if I link Port 3 to br0 then everything works fine. – rabbid – 2015-11-09T15:54:16.410

2If clients connected to the APs on VLAN3 can access the internet, it's probably a firewall setting on your APs. – qasdfdsaq – 2015-11-09T16:22:09.853

I don't think it is. I used a network discovery app and it could not ping anything that's on a different bridge. Any ideas? Thank you – rabbid – 2015-11-13T08:44:19.960

Do you mean with different bridge a different network ? ex: You try to ping from the 192.168.1.xx to 192.168.2.xx? If that's the case I think you're missing some routing rules. – Smeerpijp – 2015-11-13T09:47:08.770

I honestly am not too well-versed about bridges and VLANs, but I suppose from the name "Virtual LAN" it is indeed treated as a different network. Can you give any clues about routing rules? Thanks – rabbid – 2015-11-13T10:29:31.960

Take a small look at this link. This will give you some info about network routing. I find it strange you can use bandwith control of the various AP's from port 3, but can't connect to the GUI's. Or is this feature controlled from "main router" only?

– Smeerpijp – 2015-11-17T10:47:36.357

Which port is your PC plugged into? Is it on VLAN1? When you say that you tried to set the AP settings to 192.168.1.x and 192.168.2.x and had no luck, do you mean you cannot ping, access web gui? Are you pinging from the router itself or are you pinging from a PC connected to one of the VLANs? Is VLAN1 the 'native VLAN' on your router? Are there any managed Layer 2 switches in your network? If not, you might want to consider picking one up so you can configure per-port VLANs on the switch, and then use the router to route packets between VLANs. – Richie086 – 2015-11-18T12:08:23.583

@doenoe thanks for your comment. The feature is indeed controlled from the main router only. – rabbid – 2015-11-23T14:16:41.310

@Richie086 VLAN1 is "native" and VLAN2 is "guest". My laptop is connected to VLAN1 via wifi. I have already set AP settings to 192.168.2.x via Ethernet cable and connected it to port3 of the main router, which I separated to VLAN2. When I am connected to VLAN1 I cannot ping anything to VLAN2 from my laptop and vice versa. But I have been able to ping AP on VLAN2 within Tomato. I am not sure what you mean by "Layer 2 switches," but I'm guessing you mean one of them Cisco Managed Switches? I have never used one. Is VLAN a native feature on a Layer 2 Switch? Can you suggest best topology? Thanks – rabbid – 2015-11-23T14:23:04.723

@doenoe FYI I have one of Router2's LAN port connected to Main Router's LAN port, as I have always done when creating access points. Is this not correct? Because in the document you linked to Main Router's LAN port is connected to Router2's WAN port. That's confusing. Thank you – rabbid – 2015-11-23T15:58:58.790

@rabbid, (I think) your way is correct. The article I shared was to give you some information about IP routing, the physical arrangment of your network differs from the one of the article. – Smeerpijp – 2015-11-23T16:03:36.117

@doenoe could you elaborate please? I don't see how my arrangement is much different than the article's. What is the difference between using the WAN port and the LAN port of an AP? – rabbid – 2015-11-23T22:45:53.627

@rabbid, The WAN port would be used to connect for example a modem for internet access. The AP's are devices in your local area network (LAN). So these devices should be connected to the lan ports. – Smeerpijp – 2015-11-24T08:44:26.930

1@doenoe that is what I thought. Not sure I understand the doc you linked to then. BUT with that doc I managed to solve this! Turns out I had to switch my AP's mode from Gateway to Router to disable NAT. Since you linked me to the doc I would be happy to give you the credit if you post an Answer. Thanks! – rabbid – 2015-11-24T09:14:07.983

1@rabbid No problem. Glad I could help. – Smeerpijp – 2015-11-24T09:37:40.280

Answers

1

Take a look at this link

Try the following:

With the routes configured it is now safe to disable NAT on Router2 and Router3 by switching their Operating Mode from 'Gateway' to 'Router' on the Setup->Advanced Routing page.

Smeerpijp

Posted 2015-11-09T11:11:41.360

Reputation: 1 004

2

You said you are "setting the AP's IP to 192.168.1.xxx and also 192.168.2.xxx". Make sure you have netmask set to 255.255.255.0 for them as well.

Also, make sure you are setting the LAN IP of the APs.

After you confirmed the above, if you login to your Tomato, you should be able to ping your APs. But if you ping from your PC connected to Tomato and it does not work, it is likely that the APs do not know the route back because your IP's address is an IP from a different LAN of the AP. Your APs need to have a default route correspond to 192.168.1.1 and 192.168.2.1.

some user

Posted 2015-11-09T11:11:41.360

Reputation: 2 022

Thanks for you your suggestion. I tried and can ping to 192.168.2.1 from within Tomato. What does that tell me? Thank you @some-user – rabbid – 2015-11-23T14:05:34.627

You should always be able to ping 192.168.2.1 from Tomato because I believe from your post that it is one of the IP addresses of your Tomato. You should verify if you can ping your AP IP (192.168.2.xxx in your post) from your Tomato. – some user – 2015-11-23T21:51:26.887

Very confused now. I swear yesterday I can ping to my AP to its IP which is 192.168.2.3. Today I fiddled and changed it to 192.168.1.3 because of an article I read and now I can't ping it from within Tomato. What is the correct IP I should use? .2.x or .1.x? Should I connect the ethernet cable to LAN or WAN? I have a suspicion that when I'm using .1.x I should use LAN, while on .2.x I should use WAN, although that's just a guess. Thank you – rabbid – 2015-11-24T02:07:07.210

You cannot just change your IP prefix without changing the LAN it is connected to. From your screen capture, you have 3 networks - LAN (br0), WAN and LAN1 (br1). If your AP is connected to LAN (br0) and you changed its IP from 192.168.1.3 to 192.168.2.3, you won't be able to reach it again. You can however, remove the link to LAN1 (br1) and move LAN (br0) to LAN1 port and change the AP's IP back that way. – some user – 2015-11-24T07:12:08.830

That is correct, I am able to link Port 3 back to bro0 and connect to it again. I'm shooting blindly here, and instead of doing that perhaps you can suggest to me best settings to try instead? Thank you – rabbid – 2015-11-24T07:30:55.523

Asked: 2015-11-09T11:11:41.360

Viewed: 415 times

Active: 2015-11-24T09:37:19.427