[ previous ] [ next ] [ threads ]
 
 From:  Aaron Clasby <aaron dot clasby at cox dot net>
 To:  Lee Sharp <leesharp at hal dash pc dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] VLAN build-out
 Date:  Fri, 24 Feb 2006 20:09:27 -0600
I got it working after plenty of trial and error. I have so ma ny 
firewall rules its not even funny or pretty. I will have to go back in 
that on Monday to clean it up a bit.

Thanks for letting me pick your brains a bit.


Aaron Clasby
ph. [ 405 ] 412.9392
aaron dot clasby at cox dot net



Lee Sharp wrote:
> From: "Aaron Clasby" <aaron dot clasby at cox dot net>
>
>> I just want to make sure I am in the right or if I am missing something.
>
>> Currently I have the wrap with 1.21 connected as follows:
>
>> WAN - cable
>> LAN - Cisco AP 1200 via Dell PowerConnect (no VLANs)
>> Opt - disconnected
>
>> All traffic comes in via the LAN interface and out the WAN.
>
>> I would like to create a secondary SSID on the AP, which would mean I 
>> have to use VLANS, by default, there will be VLAN1, and then VLAN5 
>> for guests(insecure), and VLAN7(secured). This all would be via the 
>> LAN interface. I would like VLAN5 to get an IP from m0n0 and go out 
>> the WAN int, then anyone connecting securely via VLAN7, I would like 
>> their DHCP requests to be forwarded via Opt1 to the internal net, 
>> thus also sending all this particular traffic through Opt1. Is this 
>> possible or am I missing something?
>
> I think you are confusing yourself with trying to think of two things 
> at once.  Lets start with the VLAN.
>
> If the Cisco AP 1200 supports VLANs and multiple SSIDs you can set up 
> multiple SSIDs on there own VLAN.  I do not know the cisco, but I have 
> seen this done with a VLAN compatible switch, and multiple APs.
>
> Once you have your VLAN, you treat them like the additional interfaces 
> they are.  They will have whatever connectivity you give them in the 
> firewall rules.
>
>                        Lee
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>