Help with guest network on access point

fernando_om

I forgot to mention the links I used to make my temporary solution:

https://unix.stackexchange.com/questions/46104/how-to-provide-a-guest-lan-on-one-ethernet-device
https://github.com/RaspAP/raspap-webgui/issues/275
https://askubuntu.com/questions/270693/how-can-set-these-iptables-rules-to-run-at-startup
https://linuxconfig.org/how-to-make-iptables-rules-persistent-after-reboot-on-linux

fernando_om

@JKnott
I'm really interested in VLANs for a near future, I just need to wisely choose the gear as I'll need to replace some of that I already own. I built my setup over a J1800 processor in a fully integrated motherboard. It is a strange setup I bought second hand almost for free but it lacks expansion slots, it features one mini PCI-express slot (I filled with that old wireless card but the range is not useful for a guest WLAN) and one 1x (one lane) PCI-express which I installed the Gigabit ethernet port, also there is just one memory slot with a 4GB DDR3 (it supports a maximum of 8GB). It is a weird ECS-BAT-I (brand?) motherboard that even features an HDMI port and LVDS connector (for LCD screens), I think its a hybrid between a Desktop and a Laptop motherboard, with pieces of SBCs here and there. What I like is that it is a 10W TDP processor that runs pfSense quite well with a medium processor usage of 7%, so very efficient in power usage (This is consuming an average of only 19W/hour according to my Home Assistant measures, by using a PZEM-004T, I guess most of energy is lost in conversion by the old cheap ATX Power Supply, I have one TFX FSP300-60SGV which is 80Plus Gold labelled but I don't know if I can just swap an ATX for an TFX power supply, never tried).
Probably for my next shot, I'll replace this motherboard with a normal Desktop one with more PCI-e slots so I can put more interfaces and create several OPTn-s to work with the VLANs. If the consumption is not that much of a difference, of course.
Single PCI-e with more than one port is not cost-effective according to my searches (in my country, at least). For example: One adapter with 2 Gigabit ports cost much more than 2x single ports Gigabit boards.

For now, guest WLAN is working without exposing my network to unknown or infected devices right away (I guess).
And I really appreciate every one of you that shared you knowledge and time to help me out, you guys are the best!

JKnott

@fernando_om said in Help with guest network on access point:

Probably for my next shot, I'll replace this motherboard with a normal Desktop one with more PCI-e slots so I can put more interfaces and create several OPTn-s to work with the VLANs.

You might consider a mini PC, like the one in my sig. It has 4 Ethernet ports. In fact, one of my friends bought one last week and his has 2.5 Gb Ethernet ports but mine has only 1 Gb. <sniff>

You can put VLANs on the same interface as your LAN. For example, my guest WiFi VLAN is on my main LAN, so that the access point has both available.

provels

@fernando_om Thanks for the links. If you do decide to pursue a mini-PCIE card, I recommend one based on the Atheros AR9280 chip. And you can get bigger antennas. I use both an AR9280 and 9380 based cards (not half-sized) but the 9280 seems to work particularly well and the 9380 should have 3 antennas and I'm one short there. Good luck.