[ previous ] [ next ] [ threads ]
 
 From:  Aaron Clasby <aaron dot clasby at cox dot net>
 To:  Stephen Ronan <listsubs0506 at comcast dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] VLAN build-out
 Date:  Sat, 25 Feb 2006 12:49:44 -0600 
I have not heard of that, but I will keep that in mind for future 
reference. Though I believe it is working fine. I was able to connect to 
both SSIDs so I know they are able to communicate with the m0n0 for 
DHCP. The unsecure SSID is able to get out, I just need to clean up the 
firewall config to make sure they cannot get into secured lan. I did not 
test the internet connectivity on the secured SSID, but im sure it wont 
be hard to finish.

One last question, I guess it should be under a new topic, but can you 
use captive portal on vlans? I tried to apply it to the guest lan and it 
locked up the system so the only way I could get through is by 
connecting directly to the m0n0 via crossover.

Aaron Clasby
ph. [ 405 ] 412.9392
aaron dot clasby at cox dot net



Stephen Ronan wrote:
> Last I heard the Cisco access points running IOS could not support 
> multiple VLANs when configured as standalone repeaters. Sounds like 
> that may not be a problem for your current configuration, but perhaps 
> worth keeping in mind. (If anyone knows whether that situation re IOS 
> has changed or may be expected to I'd be very interested).
>   - Steve
>
> Aaron Clasby wrote:
>
>> I got it working after plenty of trial and error. I have so ma ny 
>> firewall rules its not even funny or pretty. I will have to go back 
>> in that on Monday to clean it up a bit.
>>
>> Thanks for letting me pick your brains a bit.
>>
>>
>> Aaron Clasby
>> ph. [ 405 ] 412.9392
>> aaron dot clasby at cox dot net
>>
>>
>>
>> Lee Sharp wrote:
>>
>>> From: "Aaron Clasby" <aaron dot clasby at cox dot net>
>>>
>>>> I just want to make sure I am in the right or if I am missing 
>>>> something.
>>>
>>>
>>>> Currently I have the wrap with 1.21 connected as follows:
>>>
>>>
>>>> WAN - cable
>>>> LAN - Cisco AP 1200 via Dell PowerConnect (no VLANs)
>>>> Opt - disconnected
>>>
>>>
>>>> All traffic comes in via the LAN interface and out the WAN.
>>>
>>>
>>>> I would like to create a secondary SSID on the AP, which would mean 
>>>> I have to use VLANS, by default, there will be VLAN1, and then 
>>>> VLAN5 for guests(insecure), and VLAN7(secured). This all would be 
>>>> via the LAN interface. I would like VLAN5 to get an IP from m0n0 
>>>> and go out the WAN int, then anyone connecting securely via VLAN7, 
>>>> I would like their DHCP requests to be forwarded via Opt1 to the 
>>>> internal net, thus also sending all this particular traffic through 
>>>> Opt1. Is this possible or am I missing something?
>>>
>>>
>>> I think you are confusing yourself with trying to think of two 
>>> things at once.  Lets start with the VLAN.
>>>
>>> If the Cisco AP 1200 supports VLANs and multiple SSIDs you can set 
>>> up multiple SSIDs on there own VLAN.  I do not know the cisco, but I 
>>> have seen this done with a VLAN compatible switch, and multiple APs.
>>>
>>> Once you have your VLAN, you treat them like the additional 
>>> interfaces they are.  They will have whatever connectivity you give 
>>> them in the firewall rules.
>>>
>>>                        Lee
>>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>