Posted: Mon Oct 08, 2018 17:32 Post subject: Create VLANs in a Wireless network?
Let's say for example I have 3 internet streaming devices, 2 are wired to my managed switch while the third is only wireless because of it's location and I only want to provide internet access to them while isolating them from the rest of my personal network. Let's just say; theoretically, I don't trust these devices and worry that if they were ever compromised then I'd want to prevent them from being able to send or receive traffic from the rest of my network. To do so I could create a separate VLAN and configure them on a separate subnet. On my router I can define an ACL that denies traffic to any of the other VLANs but still allow traffic to flow out to the internet. So I can do this easily if they're directly wired to an access port on my managed switch on the "Internet Streaming" VLAN.
For the devices on the wireless network; however, I would want to logically separate the devices in the same manner and put only the internet streaming devices on the same "Internet Streaming" VLAN.
Is this something that is possible with dd-wrt? How could someone achieve this? Would it be the same thing as configuring a guest wireless network while still using a WPA password for the specific internet streaming devices?
I've noticed that there is a VLAN section somewhere in the config. It seems that I could create a wireless network just for the internet streaming devices, and then I'd bridge that network to one of the available physical ports on the Access Point. From there I'd run a cable from that port to an access port on my switch that has been configured on the same VLAN. Does that sound correct?
Alternatively is it possible to configure one of the ports on the AP as a trunk, and then tag wireless client's access based on mac address? Something like that?
Posted: Tue Oct 09, 2018 3:04 Post subject: Net Isolation
What you could do is this. Create a separate wireless network (VAP) and turn on Net Isolation. Then the devices that connect to that network can only access the internet and not anything on the internal network.
As for Vlans, Broadcom routers support Vlans. All others only support Vlan tagging with the switch acting as single location (not per ethernet port). See this: https://wiki.dd-wrt.com/wiki/index.php/Category:VLANs
In particular the article about Switched Ports.
Thank you for your response. I took a look at the wiki articles you linked to and I gotta say; I learned a lot. I've never had a clear understanding of the default internal device network and vlan tagging. That was perfect and makes perfect sense.
Given the information in there I think I can work this out; however, one thing you said makes me think I may still not be able to do this. You said;
Quote:
Broadcom routers support Vlans. All others only support Vlan tagging with the switch acting as single location (not per ethernet port).
My wireless router (which I'm only using as an AP) is a Netgear R7800 which has a IPQ8065 chipset according to the router database. So from what I'm gathering I can't do port-based VLANs.
I'm getting the feeling; though, that I might be okay with that based on the second half of what you said. It'll still support VLAN tagging. when you say; "with the switch acting as a single location", are you saying as a trunk? Could I create multiple WLANs and put separate tags on them and then trunk them all over to my managed switch and break them out from there? If I'm understanding that correctly them I'm perfectly happy with that.
Posted: Thu Oct 11, 2018 12:28 Post subject: Vlans
No idea if the article you are looking for has been written. I would suggest going through every page in the VLans Category I linked to above. _________________ Before asking a question on the forums, update dd-wrt: Where do I download firmware? I suggest reading it all.
QCA Best WiFi Settings
Some dd-wrt wiki pages are up to date, others are not. PM me if you find an old one.
Atheros:
Netgear R7800 x3 - WDS AP / station, gateway, QoS
TP-Link Archer C7 v2 x2 - WDS Station
TP-Link TL-WDR3600 v1 - WDS Station
TP-Link 841nd v8 - NU
D-Link 615 C1/E3/I1 x 7 - 1 WDS station
D-Link 825 B1 - NU
D-Link 862L A1 x2 - WDS Station
Netgear WNDR3700v2 - NU
UBNT loco M2 x2 - airOS
Broadcom
Linksys EA6400 - Gateway, QoS
Asus N66U - AP
Netgear WNDR3700v3 - not used
MediaTek
UBNT EdgeRouter X - switch