1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Seperate VLan with Access Across Them

Discussion in 'Tomato Firmware' started by hyugen123, Jun 3, 2010.

  1. hyugen123

    hyugen123 Guest

    Hi -

    I've been using the Tomato firmware for quite some time for basic things like OpenVPN, MacFiltering, DDNS etc, but recently I've needed to up my knowledge by restricting wireless access.

    I am using my latest router in an office setting where we will have wired and wireless users. There will be two servers on this network that will have sensitive patient data. I would like to offer wireless access to our patients and employees. I would like to restrict the wireless access so that they cannot access any desktops or the two servers. What I would like is the wireless users to have access to the two network printers. This way the employees can print wireless to the network. I'm not bothered if patients can print.

    I have found some DD-Wrt tutorials that allow you to segregate the wireless network from the wired by removing the bridge (at least I think thats what they are doing).

    I haven't found such a tutorial for Tomato or reference to a bridge in posts or documentation.

    However, I did find a tutorial that allows you to create a second vlan by seperating a port (http://www.seiichiro0185.org/doku.php/blog:creating_a_seperate_guest_network_with_tomato) from the other 3.

    I have succesfully completed this tutorial. My plan is to connect the second vlan to another wireless router with DHCP disabled so it is only a wireless switch as discussed in the tutorial. However, when I connect a computer to each of the vlan's they cannot ping each other. I am testing this to see if the wireless user would be able to theoretically connect to the networked printer. I removed all the firewall rules in the tutorial thinking I may need to rebuild them but I still couldn't ping across the vlans. My plan was add firewall rules allowing access to only specific IP's (in my case the two printers).

    Is there something that I am missing?...or better yet is there a better way to do this without having to use a second router..in others words creating a second vlan purely based on the wlan of the first wireless router.

    I am still new to all of this (started researching yesterday) so any help would be much appreciated.

Share This Page