[rpkn]

Hi everyone,

I'm using a Buffalo WHR-HP-G300N router, Atheros AR7240, with DD-WRT v3.0-r29409 std (04/05/16). I am using it only as a router, with the WLAN disabled.

The switch ports are connected to various LAN devices, including Ubiquiti wireless APs. Currently I have one wireless network and one guest network, managed by Ubiquiti, with the Buffalo serving as the DHCP server and internet router. The guest restrictions are enforced by Ubiquiti, and as far as the Buffalo is concerned, it's just one flat network.

Now I need to add a second network for a set of wireless clients that should be able to talk to each other, but not anybody else. This is for a tenant in my space that needs to set up their own laptops, printers, and other devices. It should seem like a normal WLAN to them, but I want them isolated from my private network.

I can do this easily with the Ubiquiti APs by creating a separate WLAN and giving it a VLAN tag. So whenever a user connects to that WLAN, the AP will automatically tag all of their packets with VLAN 2.

Now I can't figure out what to do in dd-wrt to complete this. I need to tell it that packets for VLAN 2 can come in on any of the switch ports; that VLAN 2 should have its own DHCP server, get NAT to the internet, but no route to the untagged VLAN.

Most of the docs I can find are for port-based VLANs, which I don't need here, because the tagging is already done. I just need to tell the router to also be a router for VLAN 2. Any advice?