[TriLUG] Network configuration help?

Brian McCullough via TriLUG trilug at trilug.org
Fri Apr 30 11:14:27 EDT 2021 

You are both increasing my education considerably.  I am generally a
beginner in this field, knowing just enough to get by on a small
network.


On Fri, Apr 30, 2021 at 10:53:27AM -0400, Triangle Linux Users Group discussion list wrote:
> If you connect the ZyXEL router's WAN port to your internal ethernet
> network, clients who connect to the ZyXEL's WiFi network will have access
> to the internal ethernet network.  With the ZyXEL acting as a router they
> won't be in the same broadcast domain, so they won't see eg. printers via
> mdns, and they might not have the same DNS server, but that's only security
> through obscurity.  It only makes discovery slightly harder, it does not
> hamper the ability to connect.  You'll be able to ping hosts on the wired
> subnet, connect to its webservers or fileservers, etc.

That was a concern. 


> As Wes mentioned while I'm typing this, if you can separate that ZyXEL
> router's WAN port at the switch layer, by placing it in a separate VLAN,
> you might be able to provide some actual segmentation.  If you can
> accomplish that, you can probably simplify things and just plug the ZyXEL's
> LAN port into the VLAN'd port, turn off its DHCP functionality, and just
> use it as an over glorified access point.  It'll happily bridge traffic
> between the wired and wireless interfaces, and you can lean on the switch
> to provide L2 segmentation, and the upstream router to provide services
> such as DHCP and DNS.  My intuition is that you probably don't have a
> managed L2 network with VLANs, or a router that would comfortably handle
> multiple subnets on separate VLANs, though...

As it happens, I may be able to do what you recommend.  The primary
router is an OpenWrt machine, and I remember VLAN showing up in the
configuration settings.


OK, so as I understand you, I move the connection from the OpenWrt
machine from WAN to LAN on the ZyXEL after turning off DHCP on the
ZyXEL.

I then assign a completely different IPv4 address to the port on the
OpenWrt that the ZyXEL is plugged in to, and call that port VLAN 9 ( or
something ).

I presume that the OpenWrt machine is expected to provide DHCP services
to the devices on the ZyXEL, but within the different subnet.

Am I understanding correctly?



More research to do.



> Aaron S. Joyner


Brian

More information about the TriLUG mailing list