CAP Portal / VLAN's how to - InterVLAN routing?

From:	person <blankinvites+m0n0 at gmail dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	CAP Portal / VLAN's how to - InterVLAN routing?
Date:	Mon, 30 Jan 2006 18:16:02 -0500

Hello,

I have a common setup in a few field offices and I am pushing to change to
m0n0wall to handle routing.

What are your best ideas on how to accomplish this;

All offices are setup the same; DSL or cable line to a Linksys wired router
then it goes to a cisco 2900 series switch. These switches do VLAN's and
switchport config, they are fully managed switches, but do not do inter-vla=
=3D
n
routing. Then 1 switchport has all "external" workstations and
switches/wireless AP's etc. attached, while the other ports are used for
machines in the secure server room.

Can inter-VLAN routing be done with m0n0wall? Is it best practice to do so?

What we want to do, is have anyone on the "external port" come up on their
own locked down VLAN to the captive portal. Then we want to use RADIUS and
machine certificates to authenticate the individual machines, not users. If
they authenticate, put them onto the private network with all access. If
they don't authenticate, just put them on a jailed VLAN that only has
internet access and DNS access but no access to internal services or other
machines.

Is this feasible?

Thanks for your help all.