Primer for setting up vlans

    First time Tomato user here. My only other experience with open source firmware has been dd-wrt on a WRT54GL. On the 54GL, I used dd-wrt to set up a separate vlan for each port and unbridged the wireless, allowing me to separate networks. There was a tutorial on the dd-wrt wiki that showed me how to set up the vlans (under the setup\vlan tab), set up IP addresses (separate subnets...192.168.x.x) for each vlan (under setup\networking tab) and create multiple DHCP servers for each vlan (also under setup\networking tab).

    Additionally, under Administration\Commands, they provided copy and paste iptables rules to secure the vlans from each other.

    Is there a tutorial that will show me how to set this up in tomato? I just flashed 1.28 onto my RT-N66U.

    Thanks for your helps.
    Thanks for the links, lance. It's much more info than I have otherwise found. One of my issues was that there seemed to be no way to create multiple DHcP servers for the multiple vlans, as was required with ddwrt. Since they don't seem to mention the need in the tutorial, perhaps this is not necessary in Tomato.

    I will try the methods stated tomorrow and see how it goes.

    Thank you for commenting. :)
    Tomato just uses its internal DHCP server for the VLANs. You just need to check the box to enable DHCP for the given VLAN on the Basic -> Network page.
    Hi gfunkdave. Thanks for your remark. Do I have to create a LAN bridge for each vlan? It appears that this is the only way to assign the vlan IP subnet range. Yet I am limited to 4 bridges, whereas the number of vlans allowed seems to be 15. I am missing something obvious here, I am sure of it. I was not required to create or assign a bridge to any of the vlans in 54GL/ddwrt! In fact, But if I don't have one vlan assigned to br0, it will not save!

    What I wish to do (as I currently am doing on my 54GL/ddwrt):

    1. Have a vlan assigned to each port.

    2. These vlans are not accessible to each other, but do have internet access.

    3. The wireless is not accessible to or from any of the vlans.
