1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Guest VLAN setup with BW limiting - Did I do it correctly?

Discussion in 'Tomato Firmware' started by PhilP, Apr 1, 2014.

  1. PhilP

    PhilP Network Newbie Member

    I'm sorta new to all this just an FYI.:D

    I created a separate VLAN for my 2 guest rooms and I am not sure what the "STP" feature is under "Basic -> Network -> LAN" ? I see BR0 "STP" is already disabled, but for the new one I created does STP need to be disabled as well? This is not for guest wifi, but for wired connections to 2 guest rooms, with CAT5 drops. I did a test with my laptop connected to those guest ports and I can still hit 192.168.1.1 in the web browser, and be prompted for login information to the router. Can this be disabled?


    [​IMG]
    Guest ports are 3 and 4 assigned to BR1:

    [​IMG]

    Next Question is in regards to Bandwidth Limiting for those 2 rooms. I have 20mb/2mb, I want to limit those to rooms to a total of 6mb/1mb . Does it matter what I put the "download rate" at? I know the download ceil and upload ceil is the max speeds correct?

    [​IMG]

    [​IMG]
     
  2. rs232

    rs232 Network Guru Member

    I do this using standard QoS matching Guest WLAN IPs and applying policy accordingly.
    I've never been too lucky with BW limiting
     
  3. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    STP is used when you have two possible paths for data to traverse across your LAN. Example is 3 routers where each is wired to the other two (network diagram would look like a triangle). STP determines the fastest path (router A to B), avoiding an extra hop (router C). The cost is extra overhead. Leave it disabled unless you have redundant paths/loops in your network topology.
     
  4. PhilP

    PhilP Network Newbie Member

    Thanks for the clarification.
     
  5. blah123

    blah123 Reformed Router Member

    STP is spanning tree protocol. Marcel explained how it works but I should point out that it is for LANs not routing. So it is used by switches and bridges to avoid loops in the local area network if their are redundant paths. If your really had routers (something that was doing IP routing) in a triangle would would want to use static routes or a routing protocol. So you would only need it if you were worried about someone plugging in a switch to both of your guest room ports.

    Under Administration/Admin Access/Admin Restrictions/Allowed Remote IP Address you should be able put 192.168.1.0/24. This will break remote administration from the WAN if you had enabled that but otherwise it should prevent your new LAN from accessing the router
     

Share This Page