Playing with an R7000 stock firmware in router mode on the USG40LAN.
There is a facility within the R7000 to setup wifi (in this case the 2ghz wifi) in a VLAN mode.
So lets say I identify all the traffic from the 2ghz wifi from the R7000 as being tagged with VLAN 666.
What would I need to on the USG40 to ensure that traffic only gets to the internet.
To recap........ the R7000 has IP address on LAN2 192.168.1.25 (its wan IP)
The USG is the primary router with dhcp address of 192.168.1.1
The R7000 has its own DHCP server (acting as a router) of 192.168.0.1 etc. although I don't think this has any bearing on the setup.
Here is what I think, where am I going wrong???
Create VLAN 666 on USG40,
Type: Internal
Zone: LAn2
Base Port LAN2
VLANID 666
IP address assignment 192.168.10.1
subnet mask 255.255.255.0
DHCP - SERVER
IP Pool address start - 192.168.10.33
Pool size 128
Create Security Policy on USG40 (Internal)
I created a subnet address object of 192.168.10.0/24 called guestnet
I created a security policy such that
From: any
To: any excluding zywall
source: guestnet
Destination: Lan2 subnet
action: deny.
The intent here is that any attempt from vlan 666 to access other LAN2 shares would be denied.
I am not sure if this is even a legal rule seeing as VLAN 666 rides on LAN2. Assuming all other traffic allowed?
Do I need to create a rule that explicitly allows access to Internet?? ie
From any
To WAN
source guestnet
Destination: any
action: allow
As you may tell I am often confused about the FROM TO versus the source and destination entries in the security policy rules.
Finally, what should the Cell phone user see when they connect on 2Ghz? An IP from the netgear of 192.168.0.x, or one from the USG of 192.168.10.x??
Before any suggestions about the netgear......
I am using the AC 5Ghz selfishly for non-guests, IE me.
Therefore cannot simply take all all traffic from the single IP and security policy it.
I am attempting to only control the 2ghz traffic coming from the netgear.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment
↧