1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Assign devices to vlan on a mac basis

Discussion in 'Tomato Firmware' started by rs232, Sep 24, 2012.

  1. rs232

    rs232 Network Guru Member

    I have a couple of boxes with no wireless card in my network. I would like these to be part of the guest LAN which is available via wlan (Guest SSID).
    Is there a way to assign specific mac addresses to specific vlan\ no matter how they connect (wire/wireless)?

    Thanks
     
  2. lefty

    lefty Networkin' Nut Member

    Should be able to do it using the MAC address and a static DHCP entry for the MAC in question, regardless of how they connect (wire or wireless). You would assign them a static IP within the 'vlan' subnet of which segment you want to assign them to, like say your guest network is in the 192.168.2.0/255.255.255.0 subnet, you would then create a static DHCP assignment to the MAC address in that subnet.
     
  3. rs232

    rs232 Network Guru Member

    I've tried to add the static mapping under Basic/Static DHCP, no luck. I guess this is something that need to be done directly with the dnsmasq configuration.
    Has anybody tried this before?
    Having said that, don't you think that adding new clients to the guest WLAN/VLAN by default would be a nice security feature?
     
  4. lefty

    lefty Networkin' Nut Member

    When you are doing this, are you trying this on a wired machine?
     
  5. lefty

    lefty Networkin' Nut Member

    i ask because unless you have truly created a port based VLAN, then it will in fact matter if its wired or wireless, i just assumed you have already created a port based VLAN because of the topic statement, remember, there is a difference in a VLAN and multiple wireless lans.
     
  6. rs232

    rs232 Network Guru Member

    Yes it's a wired, I have multiple VLANs on my tomato but haven't set any port based vlan. My original post is a question on whether MAC based VLAN is possible or not.

    Thanks :)
     
  7. lefty

    lefty Networkin' Nut Member

    You original topic post is: Assign devices to vlan on a mac basis.

    Yes its possible to do this, but unless you create a REAL vlan, using the ports on the router, then wired access will not work, because by default your hardware switch ports are all bridged together, creating a virtual wireless interface doesn't create a true VLAN, it creates multiple wireless lans that can be assigned different IP/subnet. Thats ok for wireless connections, but for wired connections you'd have to create a port based VLAN, where you take one of the ports (or several of the ports) and assign the actual physical port itself a different IP/subnet. Long ago, i used to do this with dd-wrt, i'd take port 4 on my router, assign it a different ip/subnet, then use a switch and wire it up to that port for 'guest' access, where guests could only link into the switch and be on that VLAN and not on my main LAN, but i found this setup rather tedious, so for ease of use, i just use multiple wireless lans now and tell all my friends no access unless you have a wireless adapter, which nowadays - is almost in every device.
     
  8. nickjail

    nickjail Serious Server Member

    Is this possible assign to vlan without dedicated lan port?
     
  9. nickjail

    nickjail Serious Server Member

    I've got tomato router wnr3500l and configured two subnets - private and guest. Is there the way to classificate users by MAC address and put them to one of subnets? For example, known MAC to private, unknown to guest.
     
  10. rs232

    rs232 Network Guru Member

    This is exactly what this tread is about.
    I do believe in this feature but apparently but there's no much interest according to the poor response so far...
     
  11. leandroong

    leandroong Addicted to LI Member

    So, what will happen if I enter in "dhcp/arp/ipt" a certain MAC belonging to 2nd subnet, by providing IP address on 2nd subnet? Then connect that MAC client, Will I get assigned to 2nd subnet?
     
  12. nickjail

    nickjail Serious Server Member

    For example, you've got two subnets, each on own interface, first subnet = br0, second = br1. Ok, if you enter "dhcp/arp/ipt" rule for MAC on br1 interface and connect device - then rule gonna work. BUT at same time if you connect device to br0 - you won't get IP by your rule.
    The idea is got only one interface (br0) and few subnets. User redirect to these subnets by MAC. For example, there's no guest WLAN needed, because guest user directed automatically to guest subnet (network) and trusted users directed to private subnet. It's all automatically! I think this is great idea, lets implement)
     

Share This Page