Hey,

I've got tagging working on my solos/duos, works great. Now I'm trying to setup the router side and I have a conceptual question.

Here's what I'm trying to do: share a common DHCP pool across VLANs, use a single subnet across multiple VLANs (so users can easily roam from one AP to the other), and not route broadcasts between VLANs.

Is this possible?

EDIT: I guess I'm asking if it's possible to bridge VLAN interfaces, and just filter traffic between them while still sharing IP address space? This might sound crazy, I'm brand new to VLANs.

Hi,

Glad to hear you got it working!

Yes you can bridge VLANs, but I'm not sure why exactly you'd want to? VLANs create logical networks on 1 physical network that separate broadcast domains (which means it would keep DHCP, etc separated). If you bridge the VLAN interfaces, you're then putting them back on the same broadcast domain. So I am not sure what the point of the VLANs is then :)

But yes, if you wanted, you could create multiple VLAN interfaces, add them all to a bridge, then create a DHCP server on that bridge interface. Then all interfaces (in this case VLANs) will pass this DHCP traffic.

-Matt

Thanks Matt.

Basically I'm trying to get the "best of both worlds" here. I'd like to bridge/filter VLANs so that 1) wireless users can roam without switching subnets / obtaining a new IP address, 2) each AP has a unique VLAN tag for back-end logging, and 3) broadcast domains are separated.

The obvious problem with bridging VLANs at the router would re-create the broadcast domain. But if I have tagged vlan traffic coming in to the router, couldn't I just add some filtering rules on the router's interfaces? I could atleast put an outgoing filter on the interface to drop all broadcast traffic which is not sourced from the router's IP, right? That way ARP and DHCP would still get back out to everyone (I'd prefer it to only go to the appropriate VLAN, but I'm assuming this is impossible since I've already stripped the VLAN tag at this point).

Is this making any sense, or am I totally off here? In this situation I'm visualizing DHCP/ARP traffic from a client NOT being rebroadcast on its way to the router, because the AP has added a VLAN tag to it. So this would cut down on half the broadcast traffic. However, the DHCP/ARP traffic would still be broadcast to the entire network on its way FROM the router TO the client, because the router would be incapable of adding a VLAN tag at this point (I think).

Feel free to tear this apart, trying to understand how/if this would work.