Posted: Fri Feb 04, 2011 21:32 Post subject: Multiple WLANs with multiple routers on a domain
I have a small setup consisting of two WLANs with multiple APs: one with WPA2 for staff access, and an unsecured SSID for guest access. The gateway is a Netgear WNR2000, and the APs (connected via hard wire) are a 54G2v1 and 54GSv7. Each device broadcasts staff_ssid (wl0) and guest_ssid (wl0.1) on the same channel.
The staff computers are on a domain, with a domain controller running Windows Small Business Server 2003. This controller handles DNS for the domain, so I cannot use DNSMasq for DNS (as I understand it).
I want to separate the two WLANs so that staff_ssid devices can access the web plus everything on 192.168.1.x, while restricting all guest_ssid devices to 192.168.2.x and only allowing web access.
Thoughts? Do I just follow the "Multiple WLANs" instructions on the gateway, or must I use a variation of them on each device (or use another method entirely?)
Joined: 11 Apr 2010 Posts: 311 Location: San Francisco Bay Area
Posted: Fri Feb 04, 2011 22:09 Post subject:
I would use the WVLAN wiki to setup separate wireless access points (WAPs) supporting the separate SSIDs and the VLAN wiki(s) to have both the public and private networks on their own separate VLAN. For the new WAPs I would choose different G channels. I would choose the router with WAN access to be the base router and on that router configure each VLAN to have its own separate DHCP server and unique iptables code. From each satellite WAP, I would then have the VLANs communicate back to the base via 802.11q over same Ethernet cable.
All devices that are broadcasting the 2nd SSID must be configured to have their VAP separated. I would also suggest using VLAN's to keep the VAP's all in the same broadcast domain so that you can just configure the gateway router to handle DHCP for all of them. If you don't use VLAN's then you will have to use the WAP specific instructions on the routers that are configured as WAP's which will require either doing NAT for the VAP's or setting up routing, neither of which will allow roaming but a VLAN backbone will. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
All devices that are broadcasting the 2nd SSID must be configured to have their VAP separated. I would also suggest using VLAN's to keep the VAP's all in the same broadcast domain so that you can just configure the gateway router to handle DHCP for all of them.
Thanks for your help. Can you please direct me to proper documentation that explains how I would separate the VAP on all devices broadcasting the second SSID, and if/how that would vary on the gateway device? (Sorry for the rookie questions!)
The multiple WLAN guide explains everything you need to know about configuring the VAP's. The choice is yours on whether to use VLAN's, routes, or NAT and you can find more info about them all on the wiki. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)