we just built a house and we have the following network components:
Netgear R7800 router with OpenWRT
Ruckus ICX7150-C12P switch
2x Ruckus R320 APs (one on each level)
I am completely new to Ruckus, VLANs and OpenWRT. My target is to have two VLANs, one for IOT/HomeKit components (we will go with Apple HomeKit for home automation) and the other one for laptops. Both VLANs should be independently from another with the exception of Homekit and Homebridge (I run Homebridge on a QNAP NAS). I also want to be able to limit the internet access for single IOT components for privacy purposes.
In a second step I would like to channel selected components through Wireguard VPN on the router.
What have I done so far:
1. Got the setup working without VLANs etc.
2. Set up the separate Wi-Fis (one for default and one for IOT).
3. I gave the IOT W-Fi the VLAN ID 2 and the default one has 1 by default.
4. I tagged the ports for the APs and the one for the router as tagged in VLAN 2 and left them as untagged in VLAN 1.
This is where the problems starts and I am stuck. VLAN 2 components do not have access to the internet anymore. I already watched a bunch of videos and read through the forum, but I was not able to get it set up properly. It would be great, if you guys could enlighten me some.
Thanks a lot in advance!
Which firmware are you using on Ruckus APs, try using unleashed.
Try as below
1: Configure the VLANs on the ICX7150 Switch(Vlan 1 and Vlan 2).
2: Configure SSIDs on the unleashed AP and map to newly created vlans as needed.
3: In the OpenWRT router firmware configure routing for the new vlans created on the switch for communication.
1: Use this doc for vlan mapping to the SSID.
a: Create WLAN>>>Show Advanced Options>>>WLAN Priority>>>Access VLAN (Enter VLAN ID)
2: For Switch Config
Use this guide, first verify the software version on the ICX for support as well.
This video explains, how you can do inter vlan routing on the switch.
I still have issues with tagging the VLANs.
I have the two VLANs created, but am struggling with tagging (or not) the ports correctly.
1/1/2 and 1/1/4 are my AP ports, so I assume I need to tag them into both VLANs and leave them as untagged in the default VLAN?
1/1/1 is my "uplink" port to the router. I left it as untagged in VLAN 1 and added it as tagged to VLANs 2 and 3.
With this configuration only the default VLAN has internet connection. How do I need to do the tagging, so that for now all 3 VLANs have the internet connection through 1/1/1?