Background: We’re a really small firm with a visitor WLAN utilizing captive portal authentication which by itself is working superb. Now we wish to separate the visitors utterly from our inner community sources utilizing VLANs. Generally this additionally works: The entry factors (TP-Hyperlink EAP110) add the VLAN tag based mostly on the SSID and the change (D-Hyperlink DGS-1210) has an uneven VLAN configured containing the AP ports and the exterior router permitting entry to the web whereas being on the visitor WLAN. The half the place I’m caught is together with the captive portal authentication since it’s supplied by one of many community sources which we try to separate from the visitors.
Concern: So our server (operating SLES11) has two Ethernet interfaces, the primary (eth0) being the one for use to date. My plan was to make use of the opposite one (eth1) for a second connection to the identical change however on a unique VLAN which is utilized by our visitors, then make the most of the firewall to solely open port 80 on eth1.
I’m not sure the way to configure this setup. I regarded up a number of VLAN for Linux sources however these appear to all the time assume the machine is utilizing just one connection. At present, each eth0 and eth1 obtain their IP adresses from the DHCP to which I added a vlan0 on the respective VID utilizing eth1 and the identical IP as eth1 (however static, at the least for testing) however I am unable to get any response from the machine whereas being on the VLAN (though I see packets with that VID arriving on that machine). It’s responding superb on each IPs from the primary VLAN. Additionally, I am unable to attain the surface world utilizing eth1 so my community configuration is improper sooner or later:
# ifconfig
eth0 Hyperlink encap:Ethernet HWaddr 00:25:90:A6:BB:A4
inet addr:192.168.100.11 Bcast:192.168.100.255 Masks:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:17885592942 errors:0 dropped:80376 overruns:2811 body:0
TX packets:20780035729 errors:0 dropped:0 overruns:0 service:0
collisions:0 txqueuelen:1000
RX bytes:21191101223489 (20209408.9 Mb) TX bytes:24496578689971 (23361757.9 Mb)
Reminiscence:dfee0000-dff00000
eth1 Hyperlink encap:Ethernet HWaddr 00:25:90:A6:BB:A5
inet addr:192.168.102.11 Bcast:192.168.102.255 Masks:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:135707 errors:0 dropped:29 overruns:0 body:0
TX packets:832 errors:0 dropped:0 overruns:0 service:0
collisions:0 txqueuelen:1000
RX bytes:46277408 (44.1 Mb) TX bytes:111178 (108.5 Kb)
Reminiscence:dfe60000-dfe80000
lo Hyperlink encap:Native Loopback
inet addr:127.0.0.1 Masks:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:445849353 errors:0 dropped:0 overruns:0 body:0
TX packets:445849353 errors:0 dropped:0 overruns:0 service:0
collisions:0 txqueuelen:0
RX bytes:307472500200 (293228.6 Mb) TX bytes:307472500200 (293228.6 Mb)
# route -n
Kernel IP routing desk
Vacation spot Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.100.1 0.0.0.0 UG 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.102.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
Machine1 (Predominant vlan) ping 192.168.100.11 - > success (ping arrives on eth0)
Machine1 (Predominant vlan) ping 192.168.102.11 - > success (ping arrives on eth0)
Machine2 (Visitor vlan) ping 192.168.100.11 - > host not reachable
Machine2 (Visitor vlan) ping 192.168.102.11 - > host not reachable
Screenshot of the Swap configuration:
- 35/36 are the APs
- 37 is eth0 of the server in query
- 45 is eth1 of the server in query
- 47 is the exterior router