10934 questions

13039 answers

20335 comments

27480 members

0 votes
416 views 6 comments
by
Hey all,

I'm configuring an RUT240 with VLAN configured based on ports so we can route CCTV traffic over the wired network and provide WiFi on a different network, allowing devices connected to the WiFi to see the outside world but not connect to the CCTV camera feeds.

I've setup a new VLAN network, and assigned the WiFi network to it, and everything looks fine in the settings.

I've then connected an android phone to the WiFi network, and whilst it gets an IP address in the correct range, I get a "connected without internet" error message on the handset.

The default gateway is being handed out absolutely fine, and I've tried forcing 8.8.8.8 and 8.8.4.4 as DNS servers via DHCP Option 6, but I still can't get any internet access on the WiFi network.

The wired network is operating perfectly fine.

Is there a setting in the web UI that I'm missing to ensure that traffic is routed from the WiFi VLAN to the WAN interfaces?

1 Answer

0 votes
by
Hi,

What you may be missing is adding a firewall zone to your newly created interface, that belongs to VLAN.

Please make sure you've set it to the LAN zone.

Also, you could check if you didn't forget to input the gateway address into your network adapter settings if you have them set manually.

EB.
by

Thanks, I've been doing all of this via the web interface so that it's straightforward to replicate in future.

I looked at the firewall side of things, but as I am deliberately trying not to give access from the WiFi to the LAN, I setup the rule to connect the vlan network to the WAN interface, just like the existing LAN port is configured, but that doesn't seem to work either.

Have I misunderstood something?

by
by
@ErnestasB - I'm slightly confused by your answer, that appears to be forcing traffic across multiple WAN connections, whereas I'm trying to segregate wired traffic from wireless traffic, but still have them go out over the same WAN connection.

Have I misunderstood the thread you've pointed me to?
by
Sorry, It wasn't clear from what you really meant, so I thought that was the case...

Anyways, if you're looking for setting different subnets for WiFi and Wired network and you want to separate them - I believe then this thread should answer your questions: https://community.teltonika-networks.com/21252/rut240-wifi-guest-network?show=21252#q21252

EB.
by

Thanks, this is where I am at the moment:

1) I have a wired network on my RUT240 handing out IP Addresses in the 192.168.1.0/24 address space.  Devices connected to this network can access the internet via the WAN interface which is a mobile SIM

2) I have a WiFi interface which is connect to a new VLAN.  This VLAN is configured to provide IP addresses in the 10.139.128.0/24 address space.  Devices that connect to this network get an IP address, but *CANNOT* access the internet.

3) Devices connected to the WiFi *CAN* access 192.168.1.0/24

I want to ensure that wired devices and WiFi devices can access the internet, however I *DO NOT* want WiFi-connected devices (10.139.128.0/24) to be able to see devices on the wired network (192.168.1.0/24)

The second thread you've linked me to is a lot closer to my desired configuration, however having checked my setup I appear to have followed the instructions anyway, I just can't access the internet from the WiFi devices.

My VLAN setup looks like this:

by
OK, this is now resolved - there were two issues:

The first was an issue with the SIM card that was being used, once I resolved this then the data started to flow out to the internet

The second was the firewall rules needed to drop/reject traffic from the WiFi connection to the LAN.  This took a while to troubleshoot as 192.168.1.1 is available even when firewalls are in place, however attempts to connect to other devices on the wired network from the WiFi network are now blocked.

Thanks for all your help!