Temat: Router AP + AP-Dumb - VLAN i konfiguracja
Potrzebuje połączyć 2 routery Netgear 6220, jeden jako główny router i AP, drugi jako AP-Dumb.
Czy ktoś może przejrzeć i zobaczyć czy mam to dobrze ustawione?.
Router 1 port lan2 połączony z portem wan router 2.
Router 1 IP: 10.0.1.1:
Interfejsy:
10.0.1.1 = camis VLAN1
10.0.2.1 = cezary VLAN2
10.0.4.1 = zbyszek VLAN4
10.0.5.1 = iot VLAN5
10.0.6.1 = guest VLAN6
10.0.10.1 = proxmox VLAN10
Porty routera 1:
lan1 - Untagged VLAN10 - Tutaj podłączony będzie serwer Proxmox
lan2 - Tagged VLAN1 / VLAN2 / VLAN4 / VLAN5 / VLAN6 / VLAN10 - tym portem wychodzę na port WAN routera 2
lan3 - Untagged VLAN1 - dostęp do podsieci camis
lan4 - Untagged VLAN1 - dostęp do podsieci camis
Router 2 IP: 10.0.1.2:
Interfejsy:
10.0.1.2 = camis VLAN1
Porty routera 2:
wan - Tagged VLAN1 / VLAN2 / VLAN4 / VLAN5 / VLAN6 / VLAN10 - wejście z routera 1
lan1 - Untagged VLAN1 - camis
lan2 - Untagged VLAN1 - camis
lan3 - Untagged VLAN6 - guest
lan4 - Untagged VLAN4 - zbyszekRouter 1:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
# Konfiguracja PVID dla portów
config device
option name 'lan1'
option pvid '10'
config device
option name 'lan3'
option pvid '1'
config device
option name 'lan4'
option pvid '1'
# Bridge VLAN dla każdej sieci
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan3:u'
list ports 'lan4:u'
list ports 'lan2:t'
config bridge-vlan
option device 'br-lan'
option vlan '2'
list ports 'lan2:t'
config bridge-vlan
option device 'br-lan'
option vlan '4'
list ports 'lan2:t'
config bridge-vlan
option device 'br-lan'
option vlan '5'
list ports 'lan2:t'
config bridge-vlan
option device 'br-lan'
option vlan '6'
list ports 'lan2:t'
config bridge-vlan
option device 'br-lan'
option vlan '10'
list ports 'lan1:u'
list ports 'lan2:t'
# Interfejsy VLAN
config interface 'camis'
option device 'br-lan.1'
option proto 'static'
option ipaddr '10.0.1.1'
option netmask '255.255.255.0'
config interface 'cezary'
option device 'br-lan.2'
option proto 'static'
option ipaddr '10.0.2.1'
option netmask '255.255.255.0'
config interface 'zbyszek'
option device 'br-lan.4'
option proto 'static'
option ipaddr '10.0.4.1'
option netmask '255.255.255.0'
config interface 'iot'
option device 'br-lan.5'
option proto 'static'
option ipaddr '10.0.5.1'
option netmask '255.255.255.0'
config interface 'guest'
option device 'br-lan.6'
option proto 'static'
option ipaddr '10.0.6.1'
option netmask '255.255.255.0'
config interface 'proxmox'
option device 'br-lan.10'
option proto 'static'
option ipaddr '10.0.10.1'
option netmask '255.255.255.0'config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'wan'
list network 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
# Definicje stref dla VLANów
config zone
option name 'camis'
list network 'camis'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'cezary'
list network 'cezary'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'zbyszek'
list network 'zbyszek'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'iot'
list network 'iot'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'guest'
list network 'guest'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'proxmox'
list network 'proxmox'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
# Zezwalaj na ruch do Internetu
config forwarding
option src 'camis'
option dest 'wan'
config forwarding
option src 'cezary'
option dest 'wan'
config forwarding
option src 'zbyszek'
option dest 'wan'
config forwarding
option src 'iot'
option dest 'wan'
config forwarding
option src 'guest'
option dest 'wan'
config forwarding
option src 'proxmox'
option dest 'wan'
# Specjalne reguły
config rule
option name 'IoT-to-Proxmox'
option src 'iot'
option dest 'proxmox'
option src_ip '10.0.5.3-10.0.5.4'
option dest_ip '10.0.10.10'
option dest_port '6052 6053'
option proto 'tcpudp'
option target 'ACCEPT'
config rule
option name 'Camis-to-Proxmox'
option src 'camis'
option dest 'proxmox'
option target 'ACCEPT'Router 2:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1' # WAN port
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
# Konfiguracja VLAN na WAN
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'eth1:t' # Tagged VLAN1 na WAN
list ports 'lan1:u' # Untagged na LAN
list ports 'lan2:u'
list ports 'lan3:u'
list ports 'lan4:u'
# Interfejs camis
config interface 'camis'
option device 'br-lan.1'
option proto 'static'
option ipaddr '10.0.1.2'
option netmask '255.255.255.0'config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'wan'
list network 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config zone
option name 'camis'
list network 'camis'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config forwarding
option src 'camis'
option dest 'wan'