iKuai OS VLAN Beginner's Tutorial

# iKuai OS VLAN Beginner's Tutorial ## 📝 Video Overview This tutorial provides a beginner-friendly introduction to VLAN functionality on iKuai routers. The presenter, DP, shares practical experience using a lightweight approach (WiFi + iKuai router) that eliminates the need for complex equipment like Layer 3 switches, making it ideal for home networks and small office environments. --- ## 🎯 Core Content ### What is VLAN? VLAN (Virtual Local Area Network) serves one primary purpose: **network isolation**. The video uses an intuitive metaphor, describing VLAN as an "isolated room": - **Traditional Network**: All devices share the same IP segment (e.g., 192.168.1.x) and can communicate freely - **VLAN Network**: Specific devices are assigned to separate IP segments (e.g., 192.168.31.x), limiting communication to that segment only **Working Principle**: Devices on different IP segments cannot directly communicate, achieving network-level isolation. ### Practical Use Case: Guest WiFi Isolation The video demonstrates a typical home networking scenario: **Objective**: Create a guest WiFi network that allows internet access while preventing access to the host's local devices (NAS, computers, etc.). --- ## 🛠️ Configuration Steps ### Step 1: Create VLAN Navigation: `Network → VLAN → New` Configuration parameters: - **VLAN ID**: 31 (recommended to match network segment) - **Name**: vlan31 - **IP Address**: 192.168.31.1 - **Subnet Mask**: 255.255.255.0 - **Interface**: Select LAN1 - **Note**: LAN internal internet access only, no access to other devices ### Step 2: Configure DHCP Server Navigation: `DHCP Server → New` Configuration parameters: - **Service Interface**: vlan31 - **IP Address Pool**: 192.168.31.2 - 192.168.31.99 (expandable to 254) - **Subnet Mask**: 255.255.255.0 - **Gateway**: 192.168.31.1 - **DNS**: Configure as needed - **Verify Interface IP Validity**: Enable - **Route Selection**: All routes ### Step 3: Configure WiFi Interfaces Navigation: `WiFi Settings → WiFi Name Settings` Create two independent WiFi networks: - **Main WiFi** (i_5G): Bound to LAN1 interface, IP segment 192.168.1.x - **Guest WiFi** (i_5G_31): Bound to vlan31 interface, IP segment 192.168.31.x Both WiFi networks use the same security type and encryption, but assign different IP segments. --- ## 🔧 Critical Configuration ### LAN1 Interface Settings Navigation: `Internal/External Network Settings → Internal Network Port → LAN1` **Important**: Disable the "Allow other LAN devices to access this LAN" option—this is the key to achieving complete isolation. - **Before disabling**: VLAN31 devices can access main network devices - **After disabling**: VLAN31 devices can only access the gateway (for internet), not other main network devices --- ## ✅ Testing & Verification ### Main Network Test (192.168.1.x) ```bash ping 192.168.1.1 # Gateway - Success ping 192.168.1.2 # NAS - Success ``` Result: All devices communicate freely as expected. ### VLAN Network Test (192.168.31.x) ```bash ping 192.168.31.1 # Gateway - Success (ensures internet access) ping 192.168.1.2 # Main network NAS - Failure (isolation successful) ``` Result: Only gateway access for internet, no access to main network devices—complete isolation achieved. --- ## 🚀 Extended Application Scenarios ### Home Scenarios - **Child Network Isolation**: Restrict children's devices from accessing certain resources - **Smart Home Isolation**: Separate IoT devices from main network for enhanced security - **Guest Network**: Provide visitors with independent internet access ### Office Scenarios - **Department Network Isolation**: Separate networks for finance, IT, administration, etc. - **Temporary Work Network**: Provide restricted network access for short-term partners - **Device Classification Management**: Separate management for servers, office computers, and guest devices --- ## 💡 Advanced Techniques Leveraging VLAN IP segment characteristics enables: 1. **Traffic Control (QoS)**: Set bandwidth limits for different VLANs 2. **Static IP Assignment**: Bind fixed IPs to specific devices via DHCP 3. **MAC Address-Based Policies**: Fine-grained device management 4. **Batch Device Management**: Group similar devices in one VLAN for unified policy management --- ## 📌 Important Notes - This tutorial uses a lightweight approach suitable for beginners - Enterprise applications may require Layer 3 switches - Recommended: Keep VLAN ID consistent with IP segment (e.g., VLAN 31 = 192.168.31.x) - Ensure LAN1's "Allow other LAN devices access" option is disabled for complete isolation --- ## 🎓 Target Audience - iKuai router beginners - Home users requiring network isolation - Small office network administrators - Individual users with basic network security needs --- ## 🏷️ SEO Keywords iKuai router, VLAN tutorial, network isolation, guest WiFi setup, home network security, router configuration, DHCP setup, LAN management, beginner guide, virtual LAN