guest network using tagged VLANs
Rudy Zijlstra
rudy at grumpydevil.homelinux.org
Sun Jan 12 21:54:49 UTC 2020
On 12/01/2020 22.44, Steve Sapovits wrote:
>
> I'm wondering if this is possible ... I can't seem to find anything
> that really matches.
>
> Suppose I have a wireless access point (WAP) configured just as an AP
> -- no router or DHCP functionality enabled on the WiFi device.
>
> WAP is connected to a switch with two tagged VLANs.
>
> Switch is connected to machine running ISC DHCP. Connection is from
> a switch port assigned to both VLANS.
>
> In the ISC DHCP configuration for the VLAN subnet, some rules (for
> example MAC address) are used to assign an address from one of the two
> VLAN subnets. For example, known MAC addresses get IPs from VLAN1.
> Unknown MAC addresses get IP addresses from VLAN2.
>
> Since different interfaces are specified as subnets in the DHCP
> configuration, I don't see that I can specify one set of rules for the
> combined (trunk) VLAN. So what I'd end up with is two subnet
> specifications where a client address may come from either the same
> subnet or from the other VLAN subnet. Having an address range from a
> different subnet alone seems like it might not work (configuration
> might be rejected). Beyond that, would it then even work ...
>
> I don't really have everything needed to actually test this, which is
> why I ask.
You can solve this on condition that the WAP itself is VLAN aware and
than use 2 SSID. One assigned the your normal VLAN and the second to the
guest VLAN.
On the DHCP server you than have no problem, as each of the VLAN can
have it's own subnet definition.
Cheers
Rudy
More information about the dhcp-users
mailing list