- Select menu item Network > Switch and click Add button under VLAN ID section
- For the new VLAN, make sure the CPU is tagged, then select untagged for the LAN port(s) you are want to use this new VLAN. Make sure that port is off for all other VLANs. Click Save & Apply
- In the Network > Interfaces click Add new interface button (under the interface overview section)
- Name the new interface (
Guest
), select the new VLAN (likely something likeeth0.3
); the rest of the defaults are okay. Click Submit. - Set your desired IPv4 address (for the router on this VLAN), net mask, and gateway, and any other stuff here you want. Click Save.
- Click Setup DHCP Server button. Defaults here are fine, but you can change them if you want. Click Save.
- Select the Firewall Settings tab for the interface. The radio button will default to the
unspecified -or- create
box. Name your firewall zone (guest
). Click Save & Apply. - Network > Firewall > Zones section, edit the new (
guest
) zone. Checkwan
in the allow forward to destination zones area of inter-zone forwarding. Click Save & Apply. - Select Traffic Rules and go to the Open ports on router section. Name a new rule (
allow-DHCP-guest
), selectUDP
, click add. Defaults here are good except that the source zone should be the new zone you created (guest
) and the destination port should be67-68
. Click Save & Apply. - Add another open port for DNS (
TCP+UDP
, source zoneguest
, destination zonedevice (input)
. dest port53
), click Save & Apply.
From forum.openwrt.org