guest network using tagged VLANs
Steve Sapovits
steves06 at comcast.net
Sun Jan 12 22:56:56 UTC 2020
On 1/12/2020 5:20 PM, Rudy Zijlstra wrote:
>
> On 12/01/2020 23.15, Steve Sapovits wrote:
>>> On the DHCP server you than have no problem, as each of the VLAN can
>>> have it's own subnet definition.
>>
>> Reading some networking forums, it sounds like not all WAP devices
>> retain guest separation if they're not in full router mode.
>>
>> So, assuming a WAP that can't do the VLAN separation, is there a way
>> to make the guest separation on the ISC DHCP side?
>>
>>
> When the WAP does not support VLAN separation, i think it already fails
> at the switch. How would the switch be able to differentiate? The switch
> will always tag an untagged packet to the same VLAN.
You would use a switch that allows a single port to be assigned to both
VLANs, then run that cable to a NIC on the DHCP server. Then configure
the DHCP server to listen on both VLAN subnets. From my understanding of
DHCP, that should be enough for the client to discover the DHCP server
to start the transaction. So it would seem to come down to whether ISC
DHCP can return an address that's outside of the subnet it's listening
on. My understanding is that a trunk port (one assigned to all VLANs)
assigns the right VLAN ID to any untagged packets. So the right VLAN
ID should be added once the client gets its IP address and that flows
back to the trunk port on the VLAN switch.
Caveat here is I'm really not an expert ...
--
Steve Sapovits
steves06 at comcast.net
More information about the dhcp-users
mailing list