DrayTek 2820 & VLANs

[Alexjfinch]

i All,

I'm a little stuck and hoping that someone would be able to help me!

I currently manage a network for a Bar & Tapas Restaurant in the area, and they have a pretty complicated network setup that I've been playing with for years now.

The situation is this;

There is a office network of 2 Desktops and a Laptop which is managed by a Draytek router (This one) and there are also 2 access points in the bar downstairs which are connected via Lan cable to the router.

Before now it hasn't been a problem, however the users of the free WiFi downstairs can communicate with the financial software on the server etc we have setup.

I've sucessfully created a VLAN separating out the office network and the 2 AP's however laptop remains the issue.

The laptop can be used in the office and in the bar area, however now in the bar area it can't connect to the office stuff (which is perfect for us as we know that the VLAN setup has work

*Thumbs Up*)

I've googled this and it looks like I need to do something with "Trunking"? by creating certain rules for this laptop to be able to access both networks.

Is it possible for me to create a rule on this router that the Mac Address of the laptop is able to access both VLANs at any given point?

Thanks in advance.

Al

 

[Longy]

Add a office AP?

Unless your existing AP's offer mulit SSID's?

I'm sure your AP's won't allow trunking via wireless signal.

 

[Alexjfinch]

The AP's don't offer it - they are quite old actually.

I could add another AP down there and call it office, the only issue is then, I don't think there are enough LAN ports down there - I'll have to take a quick look.

Can I create a certain rule within the router itself to allow certain traffic between the VLANs? or is that a no no?

 

[Longy]

Not sure if the Draytek does tag based VLAN or just port based? but then I think you'll struggle if the laptops wireless NIC has VLAN settings on it.

 

[Longy]

If you're limited on network points then just use a RJ45 splitter or mini switch.

 

[azrael]

If you're limited on network points then just use a RJ45 splitter or mini switch.

It won't help the VLAN issue as you have to specify a physical LAN port on the router... actually scrub that

As you could connect both public Wifi AP's to the switch which in turn go to say P1 & VLAN1 on the router then you have the second cable free for the private Wifi AP connected to P2 & VLAN2 on the router.

Gotta be the easiest way

Good choice of Router BTW

 

[Alexjfinch]

It's the first time I've ever used one of these routers, we've got one in London and one in Cardiff and they are linked with a VPN with a server in Cardiff - I am mightily impressed.

Well what I have is a solid wall with 2 RJ45 sockets either side with the cable running up to the office and plugged into the back of the office then a patch cable to 2 APs. I could try and find where the cables go from the sockets up into the roof and run a patch cable along side to either side of the wall and use a switch.

Sounds mad.

I just wondered if it was possible to add an exception or something to the laptops MAC address so that the router would allow traffic to each of the VLANs.

 

[Longy]

If your APs supported layer2 isolation? Then u could use mac address control instead of vlan.

 

[Alexjfinch]

Thats gone completely over my head - I have no idea what Layer2 Isolation is.

 

[Longy]

It's a way of controlling what devices can access what resources, so eg all wireless clients can only access the mac address of the router (for Internet) but can not seeing anything else on the network unless u allow it such as the office laptop can see all.

Most zyxel ap's I've installed have this feature.

 

[Longy]

It's a way of controlling what devices can access what resources, so eg all wireless clients can only access the mac address of the router (for Internet) but can not seeing anything else on the network unless u allow it such as the office laptop can see all.

Most zyxel ap's I've installed have this feature.