[Answer ID: 14954]
How to: Create a separate wired LAN and WLAN network with Internet connection (professional F/W DD-WRT ).
Goal :
Build a separate wired LAN network with access to Internet but detached from your secured (other) wired and wireless network. Create VLAN detached Networks (Separate Networks With Internet).
For example if you plan to add a new office division with network access to internet but separated from your existing office network.
WZR-HP-G450H by default assigns VLAN1 to the wired network and VLAN3 to the WAN (internet) port. Wireless interface (ath0) is bridged (on br0) to VLAN1.
To see actual setup login through telnet and issue ifconfig .
To see what port is assigned to what VLAN issue : swconfig dev eth0 show :
| Global attributes: enable_vlan: 1 Port 0: pvid: 0 link: port:0 link:up speed:1000baseT full-duplex txflow rxflow Port 1: pvid: 2 link: port:1 link:down Port 2: pvid: 1 link: port:2 link:down Port 3: pvid: 1 link: port:3 link:down Port 4: pvid: 1 link: port:4 link:up speed:100baseT full-duplex auto Port 5: pvid: 1 link: port:5 link:down VLAN 1: vid: 1 ports: 0t 2 3 4 5 VLAN 2: vid: 2 ports: 0t 1 |
To determine what port number is assigned to what physical port, move your Ethernet connection to another LAN port and re issue swconfig dev eth0 show. Look for "link:up" status on the port with connection.
The CPU port is internal port (in this case port 0) and it is up all time. In this example WZR-HP-G450H ver 20025 is shown with factory default settings:
Wired LAN ports: 0t 2 3 4 5 are assigned to VLAN1 and WAN port 1 is assigned to VLAN 2: ports: 0t 1 .
To accomplish our goal, we will have to create a new VLAN and set a port exclusively to the new created VLAN.
In this example we will re-assign the 4th physical LAN port (logical PORT 5) to VLAN3 see bellow diagram (in red).
The following is the procedure:
1- Reset the unit to factory settings.
2-Connect PC to any of the first 3 ports on LAN. login to WEB UI and tab to Administration -> Commands
3-Copy the following commands (colored text) and paste to command box . Next, click
save startup button :
#-----------------------------------------------------------------
swconfig dev eth0 vlan 1 set ports "0t 2 3 4"
swconfig dev eth0 set enable_vlan 3
swconfig dev eth0 vlan 3 set ports "0t 5"
swconfig dev eth0 set apply
vconfig add eth0 3
ifconfig vlan3 192.168.12.1 netmask 255.255.255.0
ifconfig vlan3 up
#---------------------------------------------------------------------
notice you can started with
swconfig dev eth0 set reset 1
and next define the network from scratch
swconfig dev eth0 set enable_vlan 1
swconfig dev eth0 vlan 1 set ports "0t 2 3 4" ....
instead , we will simply redefine VLAN1 and create the new VLAN3.
Also notice the VLAN 3 network address in this example is 192.168.12.1 . You will have to refer to this when you define DHCP.
4-Copy the following commands and paste to command box . Next, click
save firewall :
#-----------------------------------------------------------------------------------------------------
iptables -I INPUT -i vlan3 -j ACCEPT
iptables -I FORWARD -i vlan3 -o vlan1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i vlan3 -o ppp0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i br0 -o vlan3 -j DROP
#--------------------------------------------------------------------------------------------------------
5- Reboot the unit by physically disconnecting power .
6- Next, re-login and tab to Setup -> Networking and under Port Setup:
Select Vlan3 and click "unbridged" option for Network Configuration vlan3 .
Enter IP address and subnet same as step3.
Click Save Settings Button.
6- to set DHCP , click add and select Vlan3 set leasetime and Click Apply setting.
7- Wait a minute and re-cycle power to the unit.
Details
