Small Business - FiOS. VLAN question
Smiley_73
Newbie

Hello,

I have setup FiOS in my small office and already have a few Wireless APs setup in the building for "internal" access to servers and file shares.  Is it possible to split the Actiontech wireless from the wired LAN to use it simply as a "guest" network with only access to the internet with no access to the internal network?

We are using the Actiontech MI424WR

0 Likes
Re: Small Business - FiOS. VLAN question
prisaz
Legend

@Smiley_73 wrote:

Hello,

I have setup FiOS in my small office and already have a few Wireless APs setup in the building for "internal" access to servers and file shares.  Is it possible to split the Actiontech wireless from the wired LAN to use it simply as a "guest" network with only access to the internet with no access to the internal network?

We are using the Actiontech MI424WR


1.

You may wish to place another router behind the FiOS router and have everything on the FiOS router considered the DMZ perhaps. Then place your wireless access points on your new router subnet. The Verizon router would be your "Guest" WiFi.

The only complications would be if you have a static IP from Verizon. I would also provide the second router's WAN with a Static IP if you need to port forward through both routers. Also remember even though the DMZ "Guest" subnet on the Verizon router can not see your internal hardware, you would still be subject to a man in the middle, and sniffing on the Verizon router's network with software like Wireshark and others. But being a switch in the Actiontec, I do not believe the wireless connection could see the packets from the ethernet ports to the default gateway/WAN. It all depends on how secure you wish to be, and who the guests will be.

2. NO.

You may wish to go into the Verizon router under the home network, and turn off bridging for the Wireless, and see if that will work.

Testing on my Actiontec router with bridging turn off for wireless under the Network (Home/Office) caused the router to reset and create another subnet with DHCP for wireless. I know I had done this previously with another older Actiontec and was able to get it to work. But attempting to set up a separate route where it could not see the other internal subnet did not work, and this router kept giving errors when I attempted to configure a separate route though the default gateway. Perhaps someone else has some ideas. I ended up resetting the entire router to default. Then setting it back with my static WAN address.

3.

I am doing what you want to do, but have three NICs in a Linux box Running IPCop 2.0.4 Router Software as my primary router.

Red NIC WAN to ONT

Blue NIC for WiFi with no access point but used as a second internal subnet the Actiontec WAN connected. Guest wireless on Actiontec..

Green NIC Internal network with all my hardware, and Access point WEP2 128 bit encryption..

#1 Solution may be the easiest, just by putting all your important stuff behind a second router. You may need to do double port forwarding through two NAT tables, if you want anything open to the outside. Or leave that on the Actiontec LAN.

0 Likes
Re: Small Business - FiOS. VLAN question
Hubrisnxs
Legend

Another user found a good way to create a vlan,  

does this work for you?


For use with MI424WR Rev A-D, Firmware 4.0.16.1.56.0.10.11)

  creating a VLAN, and dedicating one Ethernet
port on the MI424WR’s built in switch for its use.


Part 1 – Creating the VLAN Ethernet Interface
1. Login to the BHR and navigate to ‘My Network’ then ‘Network Connections’
2. At the bottom of the ‘Rule Name’ column click the red ‘Add’
3. Select the underlying device, normally, ‘Network (Home/Office)’ and click ‘Next’
4. Assign the VLAN an ID, can be any number between 1 and 4094 and click ‘Next’
5. On the Summary, add a check-mark for ‘Edit the Newly Created Connection’ and
click ‘Finish’
6. On the new connection, at Internet Protocol, select ‘Use the following IP Address’
and enter a LAN IP address for this interface
a. (example) IP Address – 10.0.0.1
b. (example) Subnet Mask – 255.255.255.0
7. At DNS Server, select ‘Use the following DNS Server Addresses’
a. (example) Primary – 4.2.2.1
b. (example) Secondary – 4.2.2.2
8. At IP Address Distribution, select ‘DHCP Server’
a. (example) Start IP Address – 10.0.0.2
b. (example) End IP Address – 10.0.0.254
c. (example) Subnet Mask – 255.255.255.0
9. Click ‘Apply’ at the button of the page to save the configuration
10. Back in ‘Network Connections’, select the new rule to edit it, it may be named ‘Ethernet 2’, rename it ‘VLAN x’ (x = the VLAN ID number) if you wish, and click
‘Apply’ to save the change


Part 2 – Dedicating the Ethernet Port on the Switch
11. In ‘Network Connections’ again, click the ‘Advanced’ button
12. In the ‘Network (Home/Office)’ section click ‘Ethernet’ to edit it
13. Click the ‘Settings’ button
14. On ‘4 Ports Ethernet Switch’ select ‘Show’
15. Open and edit the port (1-4) that you want to assign the VLAN to
16. In ‘Port Settings’ change the ‘Ingress Policy’ to ‘Tagged (Add VLAN Header)’
17. In the field ‘Default VLAN ID’ enter the same “VLAN ID” number that was
assigned to the VLAN in Step #4, “Part 1 - Creating the VLAN Ethernet Interface”
18. Click ‘Apply’, and at the warning, click ‘Apply’ again
19. The VLAN ID should be displayed in the ‘PVID’ column for the Ethernet port that
was selected for use by the VLAN
20. Click ‘Apply’ on ‘Configure Ethernet’, then ‘Apply’ for ‘Ethernet Properties’
21. This should leave you at ‘Network Connections’, you are Finished
The VLAN is created and assigned to the specific Ethernet port that was selected. The switch’s three remaining Ethernet ports will behave as they always have, but any
device connected to the port dedicated to the VLAN, will be on a different network, and using a different IP address range.





If there is a desire to prohibit traffic between the two networks, rules can be created in Advanced Filtering (Firewall Settings section) to accomplish this.