Computer networks

D-Link DIR-320 - setting up wireless vlan (?)?

Dano
Provider allows you to register four devices for Internet access by MAC addresses.
For each MAC address over ipv4, one IP and a limited bandwidth of traffic are issued.
For ipv6, there are no restrictions on speed or number of devices.

There are three stationary devices and many mobile devices (phones, guest laptops, etc.)

The task
is to give Internet access (both via ipv4 and ipv6) to all devices (both stationary and mobile). Give the ability to connect both
via Wi-Fi and via Ethernet (to all devices, both fixed and mobile)


Using routing (ipv4 - NAT, ipv6 - ??) is bad, because all devices will use only one band, the other three will be idle.

This option comes to mind: register with the provider the MAC addresses of stationary computers, and the MAC address is long.

Give stationary devices dedicated bands (that is, transmit their traffic outward at the data link layer), and give mobile devices IP from their internal network and route (ipv4 - NAT, ipv6 - ??) their traffic at the network level (they will all use one stripe).

Hence the question: how to implement it? (ready for flashing if necessary)

Plan:
1. need to distinguish traffic between these two groups of devices (vlan?)
1.1. or do it by MAC addresses (how?)
1.2. or physically?
1.2.1. make two different SSIDs over Wi-Fi - for stationary and for mobile (can one router broadcast on two SSIDs, while their signals do not interfere with each other?)
1.2.2. over Ethernet, allocate some ports as “for stationary computers”, and some as “for mobile devices and guests”
2. issue addresses from the internal network (ipv4 - dhcp, ipv6 - ??) only to mobile devices, stationary ones will receive addresses from the provider
3. traffic of devices from one group needs to be transmitted outward at the data link layer, the other - at the network level (for ipv4 - you need NAT, for ipv6 - I don’t know what to do, I have never done ipv6 routing)
4. the ability to exchange data between computers is not relevant, the main thing is that they had access to the Internet and to the provider's LAN
5. (this is already with a completely low priority) so that IPTV (multicast) works at least on stationary devices. Now the router just reboots when you try to watch IPTV through it .

UPD :
I configured everything except ipv6 in the guest network (I scored on multicast)
For those who need this, I will describe the sequence of actions:
0) DD-WRT v24-sp2 (12/19/10 ) std-nokaid (SVN revision 15943M NEWD Eko)
1) bridging WAN and WLAN: www.dd-wrt.com/phpBB2/viewtopic.php?t=38368 , both WLANs are bridged
3) If following the instructions from the previous paragraph, assign to as WAN br1 - strange things happen: www.dd-wrt.com/phpBB2/viewtopic.php?p=312471
4) so ​​we don’t touch the WAN port assignment, but manually add the necessary rules to iptables and restart the daemons with the necessary parameters (here they are, crutches! If watchdog or WebUI restart some daemons, they will start them with incorrect parameters)

Scripts:

# startup script<br>
killall udhcpc<br>
ifconfig vlan1 0.0.0.0<br>
brctl delif br0 wl0.1<br>
brctl addbr br1<br>
brctl addif br1 vlan1<br>
brctl addif br1 wl0.1<br>
ifup br1<br>
udhcpc -i br1 -p /var/run/udhcpc.pid -s /tmp/udhcpc<br>

# Firewall script<br>
killall nas<br>
sleep 1<br>
killall -9 nas<br>
sleep 1<br>
nas -P /tmp/nas.wl0lan.pid -l br0 -H 34954 -i eth1 -A -m 4 -k guest_key -s guest_ssid -w 6 -g 3600<br>
nas -P /tmp/nas.wl0.1lan.pid -l br1 -H 34954 -i wl0.1 -A -m 4 -k home_key -s home_ssid -w 6 -g 3600<br>
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o br1 -j MASQUERADE<br>

The question of how to configure ipv6 routing remains open.
NAT is not needed, just routing is enough and devices get their ipv6 address and gateway address.
It is desirable without the need to connect jffs and install additional packages - there is only 4 MB of space on the device.