Posted: Sat Dec 18, 2010 22:13 Post subject: Advanced VLAN and DHCP configuration
At the school district I am employed at we are looking at upgrading our wireless access points (WRT54Gv8's) to DD-WRT for its advanced functionality. I have played around with flashing the system and setting up virtual SSIDs and setting the antennas to be Tx/Rx but we need to have the following:
2 SSIDs, one "Secure" and one "Guest"
-The "Secure" SSID will have its DHCP come from a Windows server
-The "Guest" SSID will have its DHCP hosted by the Wireless Access Point
-The "Secure" SSID will have internet provided through the main gateway (SonicWall) and have access to server and printer resources
-The "Guest" SSID will have internet provided through an alternate internet subscription (cheap Comcast or Time Warner link) and will not have access to printer or server resources. This will be filtered by an old SonicWall and we want the Internet traffic to flow directly to this SonicWall and not affect registered computers.
-The "Guest" SSID force the user to agree to a network registration page before they are allowed to access the Internet.
Any guidance would be very appreciated. So far I am very impressed with DD-WRT and its many features for lower-quality (our) access points.
Btw I made this page to explain how to reconfigure 100mbit models so to avoid VLAN 0 so that they can be trunked with other equipment. I'll be explaining more about trunking soon but for now there's dozens of forum posts you can look up.
http://www.dd-wrt.com/wiki/index.php/Reconfigure_VLANs_for_802.1q_Compatibility _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
On that page it says to configure them all to be assigned to bridge "LAN" but should I add the other bridges to the ports. Say I set up an outside Comcast link to come in and we want the traffic only operates on VLAN 5. I would, under VLAN 5, check Ports 1,2,3,4 and assign them to br1 (the guest bridge) right? Or would it still be LAN? br1 would then be assigned to the virtual SSID, "School Guest"
The regular LAN for trusted communication to our regular outside link would go on br0 and say VLAN 1. This means the non-virtual SSID "School Secure" would be bridged to br0 which is assigned to ports 1,2,3,4 on VLAN1.
Does that sound right?
Thank you ahead of time for your help, you guys are gods.
That page is just to configure the foundation for VLAN trunking. Afterwards you have to choose which VLAN's you want each port in and configure at least one of the ports to be tagged. The tagged port will be in all the VLAN's that you want carried through the trunk (1 and 5). VLAN 1 will be the VLAN for the main LAN and VLAN 5 will be bridged with the VAP in br1 so that the traffic from all the VAP's gets carried through the trunk ports to the other gateway. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
No, use the VLAN page to enable tagging on the trunk port and put the port in both VLAN's. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)