View Single Post
Old 24th February 2015
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

Quote:
Originally Posted by azarian View Post
What about a simpler approach like splitting your c class subnet into two with a /25 network.
As already pointed out by jggimi, this is close, but not quite what the OP is asking for. You can definitely do this, but nothing is stopping the subnets from communicating with each other. OP wanted to restrict wireless clients from reaching LAN clients. A vlan solution would take this a step further and introduce the L3 connectivity restriction (connections between subnets would have to occur via a router (i.e. OPs firewall), not a switch), which allows firewall rules to define what (if any) communications are allowed between subnets.

In the near term, the fastest solution is probably to stick a NIC in the firewall and hang the AP off of that, since the OPs switch is not vlan-aware (that has been confirmed, at least).
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.
Reply With Quote