A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.comp.home-networking (UK home networking)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.comp.home-networking (UK home networking) (uk.comp.home-networking) Discussion of all aspects of computer networking in the home, regardless of the platforms, software, topologies and protocols used. Examples of topics include recommendations for hardware or suppliers (e.g. NICs and cabling), protocols, servers, and specific network software. Advertising is not allowed.

Draytek VLAN and Wi-Fi isolation



 
 
Thread Tools Display Modes
  #1  
Old July 8th 06, 09:22 PM posted to uk.comp.home-networking,alt.comp.networking.routers
James Taylor
external usenet poster
 
Posts: 10
Default Draytek VLAN and Wi-Fi isolation

I wish to share my ADSL connection with several neighbours. However, I
do not wish them to share my Draytek router's wireless network, so I
intend to give them access via ethernet cable to one of my Draytek
router's ethernet ports.

My own and my girlfriend's laptops will connect to the Draytek's
wireless network, but I want to ensure that our network traffic is
isolated from the neighbours, both for reasons of security against worm
attack, and for reasons of privacy against having our communications
sniffed.

How do I set this up?

Well, here's what I've tried so far:

I thought this would be a simple matter of configuring the neighbour's
ethernet port to be in a VLAN, and that this would isolate them from the
Draytek's other interfaces including the wireless side. Unfortunately,
this only isolates them from the other wired ethernet ports and does
*not* isolate them from the wireless network. In fact I've tested this
with Ethereal and can see the wireless traffic being repeated on *all*
the wired ports regardless. The VLAN feature does not seem to do what I
want. Have I misunderstood something?

I also noticed a feature which sounded promising in the Draytek's
Wireless LAN Access Control page in the pop-up menu at the top. It says
"Isolate WLAN from LAN". However, when I choose this setting, our
laptops are kicked off the wireless network, and are rejected when they
try to reconnect. I have not yet been able to diagnose the reason for
this because my Apple laptop gives no indication of what the error is.
It just says "There was an error joining the network" or similar, and I
can't find the logs that might clarify the reason for this.

On that same Access Control page, you can instead choose to isolate
individual wireless clients from the LAN by their MAC address. I tried
this too, and although we could now join the network successfully, the
expected isolation again fails to stop wireless traffic leaking onto the
wired LAN.

So three different ways of approaching this have failed miserably. Has
anyone else managed to get a Draytek router to properly isolate the
wired and wireless networks?

Can anyone give me any clue as to what I'm doing wrong? Can anyone even
point me in approximately the right direction? Any help or moral support
would be much appreciated as I've already torn most of my hair out.

--
James Taylor
  #2  
Old July 11th 06, 02:13 AM posted to uk.comp.home-networking,alt.comp.networking.routers
linker3000
external usenet poster
 
Posts: 75
Default Draytek VLAN and Wi-Fi isolation

HavJames Taylor wrote:
I wish to share my ADSL connection with several neighbours. However, I
do not wish them to share my Draytek router's wireless network, so I
intend to give them access via ethernet cable to one of my Draytek
router's ethernet ports.

My own and my girlfriend's laptops will connect to the Draytek's
wireless network, but I want to ensure that our network traffic is
isolated from the neighbours, both for reasons of security against worm
attack, and for reasons of privacy against having our communications
sniffed.

How do I set this up?

Well, here's what I've tried so far:

I thought this would be a simple matter of configuring the neighbour's
ethernet port to be in a VLAN, and that this would isolate them from the
Draytek's other interfaces including the wireless side. Unfortunately,
this only isolates them from the other wired ethernet ports and does
*not* isolate them from the wireless network. In fact I've tested this
with Ethereal and can see the wireless traffic being repeated on *all*
the wired ports regardless. The VLAN feature does not seem to do what I
want. Have I misunderstood something?

I also noticed a feature which sounded promising in the Draytek's
Wireless LAN Access Control page in the pop-up menu at the top. It says
"Isolate WLAN from LAN". However, when I choose this setting, our
laptops are kicked off the wireless network, and are rejected when they
try to reconnect. I have not yet been able to diagnose the reason for
this because my Apple laptop gives no indication of what the error is.
It just says "There was an error joining the network" or similar, and I
can't find the logs that might clarify the reason for this.

On that same Access Control page, you can instead choose to isolate
individual wireless clients from the LAN by their MAC address. I tried
this too, and although we could now join the network successfully, the
expected isolation again fails to stop wireless traffic leaking onto the
wired LAN.

So three different ways of approaching this have failed miserably. Has
anyone else managed to get a Draytek router to properly isolate the
wired and wireless networks?

Can anyone give me any clue as to what I'm doing wrong? Can anyone even
point me in approximately the right direction? Any help or moral support
would be much appreciated as I've already torn most of my hair out.

Haven't thought this through (too late at night) and dunno if it would
work - but how about:

Install Zonealarm firewall on your PCs and setup a LAN including your
machines and the Draytek. Setup Zonealarm to trust your subnet.

Give neighbours IP addresses on a separate subnet and setup this address
as the second subnet on the Draytek (or assign them by DHCP).

 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
DrayTek Vigor 2600 Multi-Nat/DMZ/VLAN Question Lee uk.telecom.broadband (UK broadband) 13 December 11th 05 02:45 AM
DrayTek Vigor 2600 Multi-Nat/DMZ/VLAN Question Lee uk.comp.home-networking (UK home networking) 16 December 5th 05 12:16 PM
ADSL router with port isolation? T i m uk.telecom.broadband (UK broadband) 6 September 26th 05 10:16 AM
"User Isolation" on Wifi LJM uk.telecom.broadband (UK broadband) 2 March 2nd 05 03:02 PM


All times are GMT +1. The time now is 03:49 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2018 BroadbanterBanter.
The comments are property of their posters.