Hi,
I've got the following setup on the router
ETH0 10.10.1.1/24 -> Managment network
ETH0.2 10.10.9.1/24 -> Corporate network
ETH0.3 10.10.5.1/24 -> Guest netowork
ETH1 -> WAN Interfaces with the following setup:
ETH1.6 PPPOE VLAN
pppoe0 -> Actual WAN
The switch is basicly aware of these VLAN interfaces and tags the correct ports.
I also got an AP network with an guest SSID point to vlan 3 and the corporate to vlan 2.
What I want
Management network should have access to the management network and the internet of course, and Ideally also access to the coporate network (but not the other way around)
Corporate network should have access to itself (other devices) and the internet. But no access to the router or the switch. And also no access to other VLANS.
Guest network: Should have only access to the internet, but no access to the routers config (SSH, HTTPS etc) And ideally also no access to other devices in the same VLAN. (Guests should be fully isolated)
I've read posts on the forum about inter vlan routing, and I've got a good idea to set this up but I would like to see you're guys setup, since I'm pusing this to a production network, and I don't want to accidently block too much traffic (take the network down).
http://community.ubnt.com/t5/EdgeMAX/Prevent-the-Inter-VLAN-routing/td-p/723341
Thanks in advance!