Draytek VLAN and Wi-Fi isolation - Routers

This is a discussion on Draytek VLAN and Wi-Fi isolation - Routers ; I wish to share my ADSL connection with several neighbours. However, I do not wish them to share my Draytek router's wireless network, so I intend to give them access via ethernet cable to one of my Draytek router's ethernet ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Draytek VLAN and Wi-Fi isolation

  1. Draytek VLAN and Wi-Fi isolation

    I wish to share my ADSL connection with several neighbours. However, I
    do not wish them to share my Draytek router's wireless network, so I
    intend to give them access via ethernet cable to one of my Draytek
    router's ethernet ports.

    My own and my girlfriend's laptops will connect to the Draytek's
    wireless network, but I want to ensure that our network traffic is
    isolated from the neighbours, both for reasons of security against worm
    attack, and for reasons of privacy against having our communications
    sniffed.

    How do I set this up?

    Well, here's what I've tried so far:

    I thought this would be a simple matter of configuring the neighbour's
    ethernet port to be in a VLAN, and that this would isolate them from the
    Draytek's other interfaces including the wireless side. Unfortunately,
    this only isolates them from the other wired ethernet ports and does
    *not* isolate them from the wireless network. In fact I've tested this
    with Ethereal and can see the wireless traffic being repeated on *all*
    the wired ports regardless. The VLAN feature does not seem to do what I
    want. Have I misunderstood something?

    I also noticed a feature which sounded promising in the Draytek's
    Wireless LAN Access Control page in the pop-up menu at the top. It says
    "Isolate WLAN from LAN". However, when I choose this setting, our
    laptops are kicked off the wireless network, and are rejected when they
    try to reconnect. I have not yet been able to diagnose the reason for
    this because my Apple laptop gives no indication of what the error is.
    It just says "There was an error joining the network" or similar, and I
    can't find the logs that might clarify the reason for this.

    On that same Access Control page, you can instead choose to isolate
    individual wireless clients from the LAN by their MAC address. I tried
    this too, and although we could now join the network successfully, the
    expected isolation again fails to stop wireless traffic leaking onto the
    wired LAN.

    So three different ways of approaching this have failed miserably. Has
    anyone else managed to get a Draytek router to properly isolate the
    wired and wireless networks?

    Can anyone give me any clue as to what I'm doing wrong? Can anyone even
    point me in approximately the right direction? Any help or moral support
    would be much appreciated as I've already torn most of my hair out.

    --
    James Taylor

  2. Re: Draytek VLAN and Wi-Fi isolation

    HavJames Taylor wrote:
    > I wish to share my ADSL connection with several neighbours. However, I
    > do not wish them to share my Draytek router's wireless network, so I
    > intend to give them access via ethernet cable to one of my Draytek
    > router's ethernet ports.
    >
    > My own and my girlfriend's laptops will connect to the Draytek's
    > wireless network, but I want to ensure that our network traffic is
    > isolated from the neighbours, both for reasons of security against worm
    > attack, and for reasons of privacy against having our communications
    > sniffed.
    >
    > How do I set this up?
    >
    > Well, here's what I've tried so far:
    >
    > I thought this would be a simple matter of configuring the neighbour's
    > ethernet port to be in a VLAN, and that this would isolate them from the
    > Draytek's other interfaces including the wireless side. Unfortunately,
    > this only isolates them from the other wired ethernet ports and does
    > *not* isolate them from the wireless network. In fact I've tested this
    > with Ethereal and can see the wireless traffic being repeated on *all*
    > the wired ports regardless. The VLAN feature does not seem to do what I
    > want. Have I misunderstood something?
    >
    > I also noticed a feature which sounded promising in the Draytek's
    > Wireless LAN Access Control page in the pop-up menu at the top. It says
    > "Isolate WLAN from LAN". However, when I choose this setting, our
    > laptops are kicked off the wireless network, and are rejected when they
    > try to reconnect. I have not yet been able to diagnose the reason for
    > this because my Apple laptop gives no indication of what the error is.
    > It just says "There was an error joining the network" or similar, and I
    > can't find the logs that might clarify the reason for this.
    >
    > On that same Access Control page, you can instead choose to isolate
    > individual wireless clients from the LAN by their MAC address. I tried
    > this too, and although we could now join the network successfully, the
    > expected isolation again fails to stop wireless traffic leaking onto the
    > wired LAN.
    >
    > So three different ways of approaching this have failed miserably. Has
    > anyone else managed to get a Draytek router to properly isolate the
    > wired and wireless networks?
    >
    > Can anyone give me any clue as to what I'm doing wrong? Can anyone even
    > point me in approximately the right direction? Any help or moral support
    > would be much appreciated as I've already torn most of my hair out.
    >

    Haven't thought this through (too late at night) and dunno if it would
    work - but how about:

    Install Zonealarm firewall on your PCs and setup a LAN including your
    machines and the Draytek. Setup Zonealarm to trust your subnet.

    Give neighbours IP addresses on a separate subnet and setup this address
    as the second subnet on the Draytek (or assign them by DHCP).


+ Reply to Thread