Discussion in 'Cisco Small Business Routers and VPN Solutions' started by sashooo, Mar 20, 2007.

  sashooo

    sashooo LI Guru Member

    I have RV042 with 2 ISP (load balancing) and I have one WRT54GL wich I want to use as AP. How can I isolate the WLAN users from wired users of RV042.
    P.S. WRT54GL will be used only for wireless connections(there will be no wired clients).
    In 2 words, wireless users can connect to the internet , but I do not want them to "see" wired computers.
  Toxic

    Toxic Administrator Staff Member

    if you connect the RV042's LAN to the WRT54GL's WAN and give the WRT a different subnet then they wont see each other.


    RV042 LAN IP

    you will also need to add the WRT54GLs subnet IP into the RV042's LAN IP (Multiple Subnet setting)
  sashooo

    sashooo LI Guru Member

    Thanks, It works even without adding WRT's subnet in Multiple Subnet setting. What is the benefit of adding it - computers connected to the RV042 will see those connected to WRT, but not vice versa?
  aviegas

    aviegas Network Guru Member

    The fact that wireless users are behind the WRT54GL "firewall" and using it's DHCP ensures that users will be on different IP subnets. But that does not provide fool proof isolation. It will "protect" the wireless users from the LAN users, but the wireless users will still be able to access resources freely on the LAN segment.

    What Simon said what to place the WRT54GL WAN into a different subnet on the RV042. This mean that LAN users will be on one IP subnet (say "A") while the WRT54GL will be on another ("B").

    Now, I may be wrong, but if the RV042 is the default router for both subnets. traffic will be router from subnet "A" to "B". But a simple rule to the RV042 firewall can prevent that (I've done it). A rule that will "deny" traffic from subnet "A" to subnet "B".

    This will ensure total isolation while providing both groups with the same type of Internet access.
  sashooo

    sashooo LI Guru Member

    Thank you very much, I greatly appreciate your help guys.

    So I can create 2 subnets on RV042
    Subnet A -> to
    Subnet B -> to

    Then I put wired users connected to RV042 in subnet A and WRT54GL in subnet B.
    And create rule deny connection from B to A.
  aviegas

    aviegas Network Guru Member

    That's the idea.

    But you do not need to subnet the 10.10.1.x range. Use 2 /24 subnets for simplicity, as and
  sashooo

    sashooo LI Guru Member

    ok. thanks
  slam5

    slam5 LI Guru Member

    I have a wrt54gs but if I am right, the gl is about the same as gs. In the setup of the wrt54, under advanced wireless configuration, there is a field that say AP isolation, if you change that to on, the wireless client won't be able to see the lan or even other wireless client(s)
  sashooo

    sashooo LI Guru Member

    As far as I know AP isolation means that wireless clients will not see each other, but will see lan computers.
