William Katsak writes: > Somehow I didn’t see this email the last time I posted about this. I > was wondering too about how to nicely do the VLANs for the wifi. I > wouldn’t mind checking out your config (this will be relevant on the > Cero wide no matter what I do for the main router). Right, well I just re-did the setup from a vanilla cerowrt image, so here goes: For the secondary access point, I use the wan port as an 'uplink' port that trunks the vlans for each of the wireless networks (and one for the wired as well). Thus, vlan1 is the wired lan, vlan2 is the first 'internal' network (sw00), vlan3 is sw10, vlan4 is gw00 and vlan5 is gw10. For a vanilla cerowrt box, I shut off all daemons apart from dropbear (for ssh access) and the network config. This includes dnsmasq (DHCP is assumed to be on the upstream server). Going through init scripts to `/etc/init.d/foo stop && /etc/init.d/foo disable` until everything is shut off should do it. After that, it's really only a few modifications to /etc/config/network that is needed to achieve this: 1. Get rid of the config for the wan interface completely (the 'config interface ge00' block and the ipv6 equivalent). 2. For the se00 interface, make sure these lines are present: option 'ifname' 'se00 ge00.1' option 'type' 'bridge' replacing any lines with the same option names. The openwrt network setup automatically configures VLANs from the .N syntax. 3. Similarly, for the wireless interfaces change 'type' from 'none' to 'bridge' and add an 'option ifname ge00.N' line, with N being the vlan number as listed above. 4. Configure the IP addresses of each interface to correspond to the upstream router setup. I just add 1 to each IP and configure the DHCP server to start at (GW ip)+2 rather than (GW ip)+1. 5. Plug in the cerowrt lan port to the upstream router, and make sure that has the appropriate 5 VLANs configured with a DHCP server running on each, etc. I've used this setup for replacing the WNDR box with a beefier device for high-speed routing, as well as for adding a second WNDR for extended wifi range (doing that this way rather than meshing allows clients to roam while keeping their IP and DHCP lease, and gets me a single DNS namespace since there's only one dnsmasq instance). Hope this explanation makes sense. :) -Toke