Hello everyone, a long time reader, first time poster here. First of all, I would like to thank everyone for the involvement in this amazing community! Over the years, your questions / advices have helped me learn a great deal of knowledge about wireless networking on TomatoUSB family of routers. Now some background about my home wireless network and the goal I want to archive: My wife and I both work at home a lot, so having a reliable wireless network is a must to me. In other words, I don't get to "play" a lot on our main wireless router (a Linksys EA6900 running AdvancedTomato v3.5-140-AIO-64K). To improve the wireless coverage in the Kitchen area, I have a secondary wireless router (Asus RT-AC66U with the same AdvancedTomato v3.5-140-AIO-64k) running in wireless ethernet bridge mode, it's 5GHz radio connects to the main router, and it's 2.4GHz radio is running 3 APs, first one "Work" is for our work laptops to connect to when we are near Kitchen, it uses the 2.4GHz wireless interface wl0; The second AP "Play" on 2.4GHz is for my Media player / Smart TV / Amazon Echo etc., it is a virtual wireless interface (wl0.1 connected to VLAN3); The third AP "Guest" is for when we have friends / kids over and they need access to internet, it's also a virtual wireless interface (wl0.2 connected to VLAN4). My goal is to completed separate these 3 APs, so the devices connected "Guest" or "Play" can only access internet, nothing else. The devices connected to "Work" should have full access my entire home network resources, as well as to the internet. Devices on "Work" don't really need to access the devices connected to "Play" or "Guest" AP. My main router's configuration is almost like default, except I changed the IP address to 192.168.2.1, enabled DHCP, configured wireless security to WPA Personal + AES, etc. On the secondary router, this is what I have done so far: Basic Settings -> Network -> WAN Settings, "Type" disabled, "Bridge WAN port to primary LAN(br0)" checked. Basic Settings -> Network -> LAN, br0 --- STP disabled, DHCP disabled, address: 192.168.2.2; br1 --- STP disabled, DHCP enabled, address: 192.168.3.2, ip range 192.168.3.3 - 192.168.3.200; br2 --- STP disabled, DHCP enabled, address: 192.168.4.2, ip range 192.168.4.4 - 192.168.4.200; DNS & Gateway is set to 192.168.2.1; 2.4GHz is in AP mode with WPA Personal +AES (this is the "Work" AP), 5GHz is in wireless ethernet bridge mode connecting to the main router's 5GHz radio. Advanced Settings -> virtual wireless, wl0.1 in AP mode (this is "Play" AP), WPA/WPA2 Personal+AES, bridged to LAN1(br1) wl0.2 in AP mode ("Guest" AP here), WPA2 Personal+AES, bridged to LAN2(br2), Advanced Settings -> VLAN Settings, VLAN1, VID 1, Port1, default, bridged to LAN(br0); VLAN2, VID 2, WAN Port, bridged to WAN; VLAN3, VID 3, Port2, Port 4, bridged to LAN1(br1); VLAN4, VID 4, Port3, bridged to LAN2(br2). Advanced Settings -> Wireless; eth1 & eth2 are bridged to LAN(br0); wl0.1 is bridged to LAN1(br1); wl0.2 is bridged to LAN2(br2). That's all the customization I have done. Now if I connect to the primary router, everything works, I can see all my home network, I can browser Internet, I can manage the secondary router via it's GUI at 192.168.2.2. The problems are within the secondary router, Can't connect "Work", "Play" or "Guest" AP, security is ok but can't get the IP address from DHCP from primary router; If I connect to it using a fixed IP address, using secondary router (192.168.2.2) as gateway and primary router (192.168.2.1) as DNS, I can connect, and I can access my home network using IP addresses, but I can't go to Internet. Any thoughts? Thank you very much in advance. Sorry about the long post, this really drives me nuts.