  1. default user

    default user New Member Member

    and I still have to wait a whole day to post a new thread to answer my question which is:
    ive followed this tutorial (and not allowed to link)
    Setup a Guest Network for Guest WiFi with Tomato VLAN

    but my phone on the guest wifi can still see my network

    How to I prevent network visibility and just keep internet of $%@# devices to internet access only?

  2. Sean B.

    Sean B. Network Guru Member

    Exactly what build of Tomato are you running, and on what router? Post screen shots of the Advanced->VLAN page, and the LAN section in Basic->Network from the router web interface please.
  3. default user

    default user New Member Member

    Screenshot 2018-11-20 00.58.57.png Screenshot 2018-11-20 00.58.30.png Screenshot 2018-11-20 00.57.51.png Hi :)

    Tomato Version 1.28 by shibby
    on linksys E900
    internet is in port1 laptop port2

    wl0 works, has internet, but can see network (no good)
    wl0.1, no internet access
  4. Sean B.

    Sean B. Network Guru Member

    Virtual interfaces wont work for different VLANs. This is because the virtual interface inherits the MAC address of the parent interface. You can check the MACs by running this in Tools->System commands:

    ifconfig eth1 && ifconfig wl0.1
  5. default user

    default user New Member Member

    ah cool.
    Ok so scrap the virtual wifi.
    How do I make the wl0 a guest network with only internet access?
  6. Sean B.

    Sean B. Network Guru Member

    There's more to your network setup than you have stated. This router is not a router, atleast not in the way it's being used in your setup. You have another router upstream handling the network, and it's connected to this routers LAN. Therefor this router is functioning as a simple switch. In other words, you cannot control access to your main network via anything you do on this router. It has to be done on the primary router. Both routers need to support VLAN tagging in order to have access to both networks on this router. Otherwise, it can only be in your main network or the guest network.. not access points to both.

    Ontop of that, the wireless access on this router can only be in one network, as you only have one radio ( 2.4ghz ) and virtual interfaces don't work with VLANs. If you describe your full ( end at modem ) network topology, and exact goals ( what clients need access to which networks when connected to which router ) I can lay out your options.
  7. default user

    default user New Member Member

    ah. So instead of wan being disabled, it needs to be DHCP, with LAN on another subnet.

    so my network goes
    modem in bridge
    everything else

    computers, NAS on main network.

    mobile phones, tablets, internet of $%^&, guest wifi, want to be on a protected network

    Ill give wan a go and come back if it doesnt work
  8. Sean B.

    Sean B. Network Guru Member

    No, that's not what I meant. Look at it this way, your routers are security guards and data packets are people. People behind guard #2 also need to go past guard #1 to get to the internet, but if nobody tells guard #1 those people aren't allowed anywhere else.. what is going to stop them after they get past guard #2?

    A: VLAN tagging. If both routers support it, this is like slapping a sticker on each persons back that goes between guard #1 and #2 in either direction. That number tells each guard what rules that person has to follow. This allows different people to have different rules that are walking on the same path between each guard.

    B: Make the LAN port on router #1 that is connected to router #2 a guest VLAN. This tells guard #1 anybody that shows up on this path is only allowed to reach the internet and nothing else.
  9. Toxic

    Toxic Administrator Staff Member

