News: This forum is now permanently frozen.
Pages: [1]
Topic: VLANs- Advice  (Read 4784 times)
« on: May 02, 2011, 04:59:23 »
danc *
Posts: 2

Hello everyone- I'm in the middle of setting up a guest wireless network in our church, and i'm hoping that someone more knowledgeable than I might be able to validate and/or point out a general flaw in my design (sorry I don't have more specific logs at the moment).
The issue I have that I believe is different from some of the others doing guest networks is that I already have multiple dd-wrt APs scattered about the church, all hard wired together, and clients can roam between them somewhat seamlessly.  What i'd like to do is spawn a virtual wlan interface on each one of these for the guest network, and then communications back to the server room will occur on a vlan tagged port, essentially giving me two completely seperate networks on one physical network. 
In the server room, a m0n0wall router will take the vlan tagged signals and do the following:

1) guest vlan (setup as LAN in m0n0wall): perform DHCP duties, and limit traffic from entering private LAN- allowing traffic to only go to internet.
2) private vlan (setup as OPT1 in m0n0wall): simply bridge with WAN - DHCP will be handled by existing Win2k3 server on the private LAN.

I attempted this earlier today,with the following result:
Guest WLAN
 1) Connecting to guest network yielded a guest netowrk IP- so m0n0wall DHCP works
 2) NSLOOKUP to internet works
 3) Traffic does NOT pass to internet.

Private LAN
 1) No DHCP
 2) Internet works when I hard code all of the IP settings (in private LAN subnet)

I believe the VLAN tagging is working because I see traffic on the VLAN interfaces in m0n0wall.
I've attached a diagram of what i'm trying to do- i hope it makes sense!  At this point i'm just looking to see if my general idea will even work, before I get into the nitty gritty with debugging.  Thank you!

* Church.jpg (85.83 KB, 519x699 - viewed 567 times.)
« Reply #1 on: May 02, 2011, 19:57:06 »
gus *
Posts: 27

Can you verify that you do not have the default rule to block RFC 1918 addresses?  That is probably causing these symptoms.
« Reply #2 on: May 03, 2011, 01:50:54 »
danc *
Posts: 2

Hi Gus- thanks for your reply! Yes I'm pretty sure I have that block turned off, but I'll definitely check that. Good call. I tried to keep the firewall rules barebones- *'s everywhere for the time being.  Considering that i do that correctly, Does it seem like this architecture ought to work (no blaring no no's)?
Pages: [1]
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines