Hi --Very new to Ubiquiti gear. Fairly new to VLANning. I haven't done much with firewalls/routing for 5-10 years.
I have the following physical configuration:
internet <-> [ERX eth0] <-> [ERX eth1] <-> [netgear GS108Ev3] <-> [UAP]
The UAP has an SSID of FooGuest which is tagged VLAN ID 55. The netgear switch has a minimal configuration of 192.168.1.200/24, gateway is 192.168.1.254 (ERX switch0 = 192.168.1.254/24). Although there are "port based" and "802.1Q" VLAN features on this switch I've left that alone. As you can see by the included router configuration I've defined the VLAN 55 on switch0.55 with a network of 192.168.55.1/24.
I've mostly followed this support doc on How to Protect a Guest Network on EdgeRouter. I haven't done 'Step 4' here because I'm unsure what interface to use. I did try switch0.55 but that failed.
I would like to fully understand a few things:
1. A connecting wifi client can WPA authenticate and get an ip address (192.168.55.152) via SSID FooGuest. But I'm unsure if it's because of the VLAN tagging, the firewall rules I've set or both. I'd rather understand _how_ rather than moving on with _it works!_
2. The connecting wifi client on FooGuest gets an ipaddr, can ping it's gateway, but is unable to reach the internet. I don't know if this is a routing issue or firewall issue. Maybe it's because of 'Step 4' above.
3. Lastly, maybe outside the scope of the immediate issue, in numerous posts and videos I see people using 'Add Interface -> VLAN' and using ethX. When I attempt this I get 'Error using vlan on switch-port interface' As you can see in my config I've done this on switch0 instead but it's not entirely clear to me why I'm unable to use one of ethX. The error doesn't explain much to me.
Thanks for any comments!
