I'm trying to create a guest wireless connection on tomato using vlans and only ONE router. I know this is entirely possible with DD-WRT and I know its possible with Tomato and two (or more) routers but I don't want to get another router. I'm currently using a Buffalo WHR-HP-G54 router running tomato v1.27. This is what I've figured out so far. Create new vlan (vlan2) in the CLI: Code: nvram set vlan0ports="1 2 3 4 5*" nvram set vlan2hwname="et0" nvram set vlan2ports="5" nvram commit As you can see I have not assigned any physical ports to vlan2 because I only need a wireless connection on it. According to a site I found and trial & error, ports 1-4 are the physical LAN ports on the routers, port 0 is the WAN and port 5 is the internal CPU. Advanced > DNS > dnsmasq Giving the new bridge (br1) a DHCP IP range. NOTE: The bridge is created in the next section of code. Code: interface=br1 dhcp-range=br1,192.168.11.100,192.168.11.149,255.255.255.0,1440m dhcp-option=net:br1,3,192.168.11.1 Administration > Scripts > Startup Create the new bridge (br1) on startup, give it an IP in a different subnet. Code: # Set some important values: nvram set dnsmasq_enable=1 if [ "`nvram get dhcpfwd_enable`" = "0" ]; then nvram set dns_dnsmasq=1 nvram set dhcp_dnsmasq=1 nvram set auth_dnsmasq=1 fi # Create bridge br1, move the virtual wireless interface to it, # and setup the interface's IP address: brctl addbr br1 brctl delif br0 wl0.1 brctl addif br1 wl0.1 ifconfig br1 192.168.11.1 netmask 255.255.255.0 ifconfig vlan2 up brctl addif br1 vlan2 ifconfig br1 up This is where my problem begins. The line above that says "brctl addif br1 wl0.1" is basically trying to add the device wl0.1 to the new bridge I created. But wl0.1 doesn't exist. I get the error "interface wl0.1 does not exist!". The reason I'm using "wl0.1" is because the terminology in DD-WRT is wl0 (which is the physical wireless lan) and wl0.1 (which is the virtual wireless lan). You can see what I mean in this image: http://img716.imageshack.us/img716/843/wirelessbasicsettingsdd.jpg Continuing on.... Administration > Scripts > Firewall This script basically separates the new bridge from the main bridge, so it ONLY has access to the internet and cannot access the local network. Code: if [ "`nvram get wan_proto`" = "pppoe" ]; then wanif="`nvram get pppoe_ifname`" else wanif="`nvram get wan_ifname`" fi # Make sure br1 has access to the internet: iptables -I INPUT -i br1 -m state --state NEW -j logaccept iptables -I FORWARD -i br1 -o $wanif -m state --state NEW -j ACCEPT # Keep the two wireless networks from talking to each other: iptables -I FORWARD -i br0 -o br1 -j logdrop iptables -I FORWARD -i br1 -o br0 -j logdrop Back to my problem: After doing a "nvram show" command in tomato's CLI, I can see that there are "wl0" variables used. My problem is I don't know how (or if it's possible) to create a "virtual wireless interface" (wl0.1) in tomato through the CLI. The brctl command uses the interface name of the wireless interface. In Tomato the interface name of the main wireless interface is "eth1", but the variables used are wl0. In nvram, wl0_ifname=eth1. So if I run "brctl addif br1 eth1" in the CLI, I get this error: "device eth1 is already a member of a bridge; can't enslave it to bridge br1." Anyone have any ideas? I think if I can figure out how to create the virtual wireless interface (wl0.1) in the CLI, I can do the rest with ease.