Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> VLAN Advanced help, twin VLAN for WIFI securedLAN/guest mode DMZ/WAN
MichaelLonewolf
post Feb 29 2008, 11:39 PM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 1
Joined: 29-February 08
Member No.: 13,357



VLAN is rather simple enough to set up.

however my basic kununderum is this

TWIN/tipple VLAN for filter authenticated/unauthenticated . obviously you can use alias nic on nic
WLAN-NIC-X ::WLAN-NIC-Z AND ASSIGN VPN


WLAN AP---->(VLAN) WLAN-NIC-I/O----->Firewall----> Internet with restrictions i/e QOS and abuser crackdown will cut them to 33.6kbs if they start getting out kazza or your tube but wont restrict a weary traveler who just needs his maps etc. or a quick email and basic wifi polite leaching , but will crack down if the user is a thieving neighbor etc.

the trafic shapping aspect simple enough thiers several ways to do so.


assumptions nat nic alias bridge xxx.xxx.xxx.WAN-IP-alias DMZ forward real Wlan nic . and separate virtual subnets 10.10.253.xxx untrusted 10.10.0.0-10.10.252.x trusted

again some what simple.


MY METHOD OF Authentication at present time can be done by the WLAN AP but leaves a bit desired.

Ideally in time pki/kerberos/ldap based server authentication in addition too, in time but will stick to basics on initial config

MAC authentication

type one full lan/wan

type two my style crimping will not chop my LAN PARTY BUDS or other frequent guests/clients but still no local network just dmz shadowing

type three traffic shaper / slapper . free but network protection via a low QOS queue vlan /vlan dmz shunt
(but some hosts I/E playstation XBOX etc will need basic authentication
can add proxie host in via ip manually )


Wireless open and free is now illegal in some locations recently Denmark. (oddly forcing security due to anti-terrorism legislation i/e users must be tracked on a fully open WLAN) if the USA enforced fines etc theyd have to teach most user about security and wifi but many devices tend to work none to well with most early AP or odd keys and even large wep keys will in time crumble or inter-brand inter opp can be wanting.

I have my own network and load-balancing issues , so i don't want unauthenticated guests becoming pests
(i/e i can be hospitable but keep guests isolated from my network is wanted, and keep em from dropping my network by overloiading it. )

anyhow part of the methodology i understand



on parts of a basic vlan but 3 teirs of authentication

authenticated user , authenticated guest (restricted privileged dmz priority 4 queue same as most local net apps) , unauthenticated guest (restricted accesses 10 priority QOS)

anyhow hard connected hosts to firewall wont be delt with in this manor..



its yes i dont mind if you use my wireless respectfully , no unless i trust you your not seeing my local network you just get an isolated dmz

it may be easier to add a WLAN to an isolated dmz with i/e one host. wan path

then add VLAN to to loacal network if authenticated by mac or etc and or acl.


just a few items are making me scratch my head on were to get enough information to author an advanced vlan config.


at the moment I'm roughly 1/2 thier on a rough how to idea to test but a few parts missing .
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 19th October 2017 - 10:31 PM