Hi there. Im new on VLANs and would like some ideas!!!
I have 4 eth interfaces not bridged and its like that:
WAN
LAN
APs
PROXY/RADIUS
the WAN has my valid IP Blocks. I want to know how can I set a VLAN to separate my link(currently 10MB) into separate links. Lets say that I need to serve a client with full 2MB dedicated link, so I wanna setup a VLAN for him and a VLAN for me and QoS them to ensure the quality and speed. Also I need to deliver to him over the AP interface a IP block, but the IP block is received on the WAN interface… so Im a little confused on how to do that. Any sugestions?
So separate the LAN out into VLANs you just create VLAN interfaces and attach them to the LAN interface (that is done when creating the VLAN). You then need VLAN capable equipment (switches, APs) to make use of them. Imagine VLANs as pretend ports.
VLANs have nothing to do with IPs that are on the WAN subnet being delivered to the inside. Usually you simply cannot do that, and need to NAT or get a routed block of IPs from the provider - the latter being the better option.
So in practice, I have to route the block of IPs I want to the VLAN that will go to the client I want? And place the VLAN on the APs interface, since the client will connect on that interface. Is that right?
Yes, that’s the idea. You then put an IP address in that public IP block on the interface the client is behind, and the client can use the remaining IPs on the subnet using the IP on your interface as a gateway.
Ok, but since I dont have that 4 interfaces in bridge, and I want a VLAN to me also so I can split 2MB from my 10MB link for the client, how can I set the 3 interfaces(LAN, APs and PROXY/RADIUS) to use the same VLAN(mine) and set the APs to use the clients VLAN also?
However, it would be much nicer to run them all on different networks. Separation of traffic is a good thing. You can still rate limit all three networks together with the same policy in global-in and global-out.