Create VLANs in a Wireless network?

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Forum Index -> General Questions
Author Message
Meph1st0
DD-WRT Novice


Joined: 19 Jun 2008
Posts: 23

PostPosted: Mon Oct 08, 2018 17:32    Post subject: Create VLANs in a Wireless network? Reply with quote
Let's say for example I have 3 internet streaming devices, 2 are wired to my managed switch while the third is only wireless because of it's location and I only want to provide internet access to them while isolating them from the rest of my personal network. Let's just say; theoretically, I don't trust these devices and worry that if they were ever compromised then I'd want to prevent them from being able to send or receive traffic from the rest of my network. To do so I could create a separate VLAN and configure them on a separate subnet. On my router I can define an ACL that denies traffic to any of the other VLANs but still allow traffic to flow out to the internet. So I can do this easily if they're directly wired to an access port on my managed switch on the "Internet Streaming" VLAN.

For the devices on the wireless network; however, I would want to logically separate the devices in the same manner and put only the internet streaming devices on the same "Internet Streaming" VLAN.

Is this something that is possible with dd-wrt? How could someone achieve this? Would it be the same thing as configuring a guest wireless network while still using a WPA password for the specific internet streaming devices?

I've noticed that there is a VLAN section somewhere in the config. It seems that I could create a wireless network just for the internet streaming devices, and then I'd bridge that network to one of the available physical ports on the Access Point. From there I'd run a cable from that port to an access port on my switch that has been configured on the same VLAN. Does that sound correct?

Alternatively is it possible to configure one of the ports on the AP as a trunk, and then tag wireless client's access based on mac address? Something like that?
Sponsor
ian5142
DD-WRT Guru


Joined: 23 Oct 2013
Posts: 1698
Location: Canada

PostPosted: Tue Oct 09, 2018 3:04    Post subject: Net Isolation Reply with quote
What you could do is this. Create a separate wireless network (VAP) and turn on Net Isolation. Then the devices that connect to that network can only access the internet and not anything on the internal network.

As for Vlans, Broadcom routers support Vlans. All others only support Vlan tagging with the switch acting as single location (not per ethernet port). See this: https://wiki.dd-wrt.com/wiki/index.php/Category:VLANs
In particular the article about Switched Ports.

This is a good wiki for Guest AP: https://wiki.dd-wrt.com/wiki/index.php/Guest_WiFi_+_abuse_control_for_beginners
You only need the instructions section.

_________________
Before asking a question on the forums, update dd-wrt: Where do I download firmware? I suggest reading it all.

Some dd-wrt wiki pages are up to date, others are not. PM me if you find an old one, I am trying to update them.

Atheros:
TP-Link Archer C7 v2 x2 - WDS AP, WDS Station
TP-Link TL-WDR3600 v1 - WDS Station
TP-Link 841nd v8 - WDS Station
Linksys WRT400N - bricked
D-Link 615 C1 x 4 - not used
D-Link 615 E3 x 2 - WDS Station
D-Link 825 B1 - WDS Station
D-Link 862L A1 - WDS Station (Entware 3X)
Netgear WNDR3700v2 - WDS Station
TP-Link 1043nd v1, inactive, unstable hardware
UBNT loco M2 x2 - airOS

Broadcom
Asus N66U - backup Gateway
Netgear r6300 v1 - AP
Linksys E2500 - not used
Linksys EA2700 - not used
Linksys 160N v3 x2 - not used
Netgear WNDR3700v3 - not used
MediaTek
UBNT EdgeRouter X - Gateway, DHCP, QoS
Meph1st0
DD-WRT Novice


Joined: 19 Jun 2008
Posts: 23

PostPosted: Wed Oct 10, 2018 14:27    Post subject: Reply with quote
ian5142,

Thank you for your response. I took a look at the wiki articles you linked to and I gotta say; I learned a lot. I've never had a clear understanding of the default internal device network and vlan tagging. That was perfect and makes perfect sense.

Given the information in there I think I can work this out; however, one thing you said makes me think I may still not be able to do this. You said;
Quote:
Broadcom routers support Vlans. All others only support Vlan tagging with the switch acting as single location (not per ethernet port).

My wireless router (which I'm only using as an AP) is a Netgear R7800 which has a IPQ8065 chipset according to the router database. So from what I'm gathering I can't do port-based VLANs.

I'm getting the feeling; though, that I might be okay with that based on the second half of what you said. It'll still support VLAN tagging. when you say; "with the switch acting as a single location", are you saying as a trunk? Could I create multiple WLANs and put separate tags on them and then trunk them all over to my managed switch and break them out from there? If I'm understanding that correctly them I'm perfectly happy with that.

In the VLAN Support article in the wiki: https://wiki.dd-wrt.com/wiki/index.php/VLAN_Support there's a quote by a user named phuzi0n that says,
Quote:
I do plan on writing a guide to extend multiple WLAN's with a VLAN trunk.

Do you know if there is such an article has been written yet? I think this is what I'd want. I suppose I could shoot him/her a PM directly.

Thanks again for your help!
ian5142
DD-WRT Guru


Joined: 23 Oct 2013
Posts: 1698
Location: Canada

PostPosted: Thu Oct 11, 2018 12:28    Post subject: Vlans Reply with quote
No idea if the article you are looking for has been written. I would suggest going through every page in the VLans Category I linked to above.
_________________
Before asking a question on the forums, update dd-wrt: Where do I download firmware? I suggest reading it all.

Some dd-wrt wiki pages are up to date, others are not. PM me if you find an old one, I am trying to update them.

Atheros:
TP-Link Archer C7 v2 x2 - WDS AP, WDS Station
TP-Link TL-WDR3600 v1 - WDS Station
TP-Link 841nd v8 - WDS Station
Linksys WRT400N - bricked
D-Link 615 C1 x 4 - not used
D-Link 615 E3 x 2 - WDS Station
D-Link 825 B1 - WDS Station
D-Link 862L A1 - WDS Station (Entware 3X)
Netgear WNDR3700v2 - WDS Station
TP-Link 1043nd v1, inactive, unstable hardware
UBNT loco M2 x2 - airOS

Broadcom
Asus N66U - backup Gateway
Netgear r6300 v1 - AP
Linksys E2500 - not used
Linksys EA2700 - not used
Linksys 160N v3 x2 - not used
Netgear WNDR3700v3 - not used
MediaTek
UBNT EdgeRouter X - Gateway, DHCP, QoS
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 4323
Location: Akershus, Norway

PostPosted: Thu Oct 11, 2018 20:33    Post subject: Reply with quote
Netgear R7800 supports VLAN better than the Broadcoms.
You can configure 128 VLANs and use all 4096 PVIDs.

There is no wiki for it. VLAN is configured with the swconfig utility.

Please post in the Atheros forum.
Display posts from previous:    Page 1 of 1
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum