Public wifi, VLAN tagged, then connected to a Linux machine
Posted: Sat May 09, 2009 2:56 am
Hi all,
I have a simple mikrotik wifi access point, which is plugged directly into a Linux router.
I want to have two wireless LANs, one a private WLAN, which works fine, bridged to ether1, and a second public WLAN, bridged to VLAN-2, in turn attached to ether1.
The first private WLAN works fine, the second public WLAN tagged as VLAN-2 isn't accessible from the Linux router, and I don't understand why.
I have a bridge called bridge-public that bridges as follows:
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 I wlan-a-backbone bridge-backbone 0x80 10 none
1 ether1 bridge-backbone 0x80 20 none
2 I wlan-a-public bridge-public 0x80 10 none
3 vlan-public bridge-public 0x80 20 none
4 I wlan-g-public bridge-public 0x80 10 none
I have a vlan-public that is attached to ether1 like so:
# NAME MTU ARP VLAN-ID INTERFACE
0 R vlan-public 1500 enabled 2 ether1
On the Linux machine, I have two interfaces, eth3 and eth3.2. eth3 works fine, and is able to ping the ether1 on the access point.
Eth3.2 cannot ping vlan-public however. If an attempt is made to ping eth3.2 from the access point, the ping times out. tcpdump shows the arp packet appearing on both the eth3 and eth3.2 interfaces, and an arp reply being sent. Despite this, the ping times out.
Has anyone tried creating VLANs directly back to back over a simple network cable, without a switch in between?
Is there some other method I should use to segment "public" wifi traffic from other wifi traffic?
Regards,
Graham
--
I have a simple mikrotik wifi access point, which is plugged directly into a Linux router.
I want to have two wireless LANs, one a private WLAN, which works fine, bridged to ether1, and a second public WLAN, bridged to VLAN-2, in turn attached to ether1.
The first private WLAN works fine, the second public WLAN tagged as VLAN-2 isn't accessible from the Linux router, and I don't understand why.
I have a bridge called bridge-public that bridges as follows:
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 I wlan-a-backbone bridge-backbone 0x80 10 none
1 ether1 bridge-backbone 0x80 20 none
2 I wlan-a-public bridge-public 0x80 10 none
3 vlan-public bridge-public 0x80 20 none
4 I wlan-g-public bridge-public 0x80 10 none
I have a vlan-public that is attached to ether1 like so:
# NAME MTU ARP VLAN-ID INTERFACE
0 R vlan-public 1500 enabled 2 ether1
On the Linux machine, I have two interfaces, eth3 and eth3.2. eth3 works fine, and is able to ping the ether1 on the access point.
Eth3.2 cannot ping vlan-public however. If an attempt is made to ping eth3.2 from the access point, the ping times out. tcpdump shows the arp packet appearing on both the eth3 and eth3.2 interfaces, and an arp reply being sent. Despite this, the ping times out.
Has anyone tried creating VLANs directly back to back over a simple network cable, without a switch in between?
Is there some other method I should use to segment "public" wifi traffic from other wifi traffic?
Regards,
Graham
--