I have been trying to set this up and its not working.
What I am trying to achive:
To be able to use VLAN to have WAN connectivity over LAN together with PoE - essentially everything over the LAN port. I have tried the article that describes that solution but it does not work. Loadbalancing does not work in this scenario.
To be able to use a seperate LAN and WAN cable, but using doubleNAT for WAN and essentially just using the LAN plug for power (no LAN connectivity). This works (also the loadbalancing), but I still have access to the WAN/DoubleNAT infra (for example, I can connect to Router 1 interface from RUT 240 over WAN port. Even the HOTSPOT has access to the doubleNAT router (!) but not to RUT 240.
[INTERNET]--[Router 1 - 10.0.1.1]----[RUT 240 - 10.0.2.1]---[WIFI RUT 240 DHCP enabled 10.0.2.100] -- [Mobile WAN enabled]
I think the issue is the FW config - but not too sure. Is there a rule or a way for me to have nothing from LAN to access WAN other than public IPs? Maybe a drop rule?