Page 1 of 1

Detail howto requested: separating traffic from a virtual AP

Posted: Sat May 09, 2009 6:57 pm
by minfrin
Hi all,

Does anyone have a detailed howto to solve the following problem:

I have an access point, with a virtual AP configured inside it for public use. The main AP is protected WPA2, and works fine. The virtual AP is configured as an open system, and also works fine.

What I am struggling to achieve is to keep these two networks separate from one another using bridging.

I have bridged the main AP to ether1, and this works fine. I have bridged the virtual AP to a VLAN-2 running on top of ether1, and this also seems to work fine - a wifi client can ping the IP address of VLAN-2.

Ether1 is plugged into a Linux box, with eth3 and eth3.2 configured. eth3 and ether1 can ping each other no problem. VLAN-2 and eth3.2 cannot ping each other, and I see no reason why.

tcpdump on the Linux machine shows arp requests from the routeros arriving on eth3.2, and it should arp replies leaving eth3.2 going back to the routeros, but ping doesn't happen.

If this scenario isn't possible, or I am asking too much of this hardware, can anyone detail the recommended way to segment traffic from two wireless LANs so they are kept separate from each other at layer 2?

Regards,
Graham
--

Re: Detail howto requested: separating traffic from a virtual AP

Posted: Fri May 15, 2009 7:28 pm
by olorin
Is your Linux machine set up to handle VLAN tags? Tcpdump may not be displaying vlan-tagged packets, and/or your ethernet card may not support them.

These might help:

http://www.linuxjournal.com/article/7268
http://www.candelatech.com/~greear/vlan ... howto.html

Re: Detail howto requested: separating traffic from a virtual AP

Posted: Sun May 17, 2009 3:05 pm
by minfrin
Linux is set up to handle VLAN tags, yes (the interface eth3.2 means "VLAN 2" on "interface 3"). Tcpdump is showing the tagged packets correctly, but ping didn't work.