Forums

Create VLAN

• Author
  Posts
• February 3, 2025 at 12:10 am #6666
  CZ

  Participant

  Hi there!

  I’m new to the security and safety aspects of networking and I’m feeling a bit overwhelmed, despite having watched numerous videos and read several blogs.

  I’m looking to set up a VLAN for isolating my IoT devices. I plan to get a PcWRT router, as I currently have two other routers at home. Here’s my intended setup:

  1. The PcWRT will serve as my main router.
  2. I want to use Router 2 and Router 3 solely as access points, but they aren’t compatible with VLANs (they’re standard home routers).
  3. I’ll assign Router 2 for IoT devices and Router 3 for guest access, etc…
  4. For security purposes, I want to ensure that the VLANs on Routers 2 and 3 cannot send packets back to my main network to prevent any snooping or potential hacking attempts.

  I have 3 questions:
  1. Since the VLAN originates from the main router, can I stop packets from returning to my sensitive data area? Or do I need a secondary router with tagging/untagging features to ensure this?
  2. Would it be more effective to utilize additional routers that support VLANs to achieve my goals?
  3. Is it preferable to configure the extra routers as access points or as separate networks from the routers themselves?

  I came across this guide: “https://www.pcwrt.com/2024/12/how-to-set-up-a-second-pcwrt-router-as-an-access-point-with-vlan-support/”, but it primarily discusses setups with two VLAN-compatible routers.

  February 3, 2025 at 12:36 am #6668
  support

  Keymaster

  1. The secondary routers do not need VLAN support, if each one is used for one VLAN.
  2. No.
  3. It’s more preferable to have the secondary routers as access points, because then you can see all network activities from the main router. If you set up the secondary routers as “routers”, then the main router sees all devices connected to the secondary router as one device.

  You can achieve what you want to do with this configuration:
  1. Set Ethernet port 2 on the pcWRT router to X1 for IoT. Set Ethernet port 3 on the pcWRT to Guest for guest access.
  2. If your other routers support bridge mode, set them to bridge mode.
  3. Configure WiFi on Router 2 and Router 3 as you normally do.
  4. Connect Router 2 to port 2 on the pcWRT. Connect Router 3 to port 3 on the pcWRT.

  If you switched routers 2 and 3 to bridge mode, consult the manufacturer’s documentation on how to connect them to an upstream router.

  If routers 2 and 3 do not support bridge mode, then you need to assign static IP addresses to them before connecting them to the pcWRT router. Assign IP address 10.159.158.2 netmask 255.255.255.0 to router 2. Assign IP address 10.159.157.2 netmask 255.255.255.0 to router 3. Then connect a LAN port from routers 2 & 3 to port 2 & port 3 on the pcWRT.

  February 3, 2025 at 7:12 pm #6670
  CZ

  Participant

  Thank you for your quick response! I have one final question:

  What is the difference between configuring the router in bridge mode versus using it as an access point? I understand that the PcWRT router can create multiple Wi-Fi networks based on specific needs, such as mine (for IoT devices and another for guests). Additionally, I want to mention that I am using the extra routers primarily to enhance coverage.

  February 3, 2025 at 8:08 pm #6671
  support

  Keymaster

  You can think of bridge mode and AP as synonymous for this purpose. In router mode, the router has two sides: LAN and WAN. In bridge mode, WAN is bridged with LAN so that the router can be used as an AP. The router firmware should shutdown DHCP when set to bridge mode.

  You can use a router as an AP without switching to bridge mode too (e.g., when the router does not support bridge mode). In this case, you’ll need to connect a LAN port on the router to the upstream router, set a static IP address in the IP address range of the upstream router and disable DHCP yourself.

• Author
  Posts