Scribd
Upload
151 views

DD-WRT Network Optimization

This document provides instructions for configuring a router to create VLANs and isolate network traffic between them. It involves resetting the router, creating VLANs for ports 1-3 and assigning them IP addresses on different subnets, then creating a VLAN for port 4 and a firewall rule to block communication between the VLANs while allowing internet access.

Uploaded by

srogers99
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
151 views

DD-WRT Network Optimization

This document provides instructions for configuring a router to create VLANs and isolate network traffic between them. It involves resetting the router, creating VLANs for ports 1-3 and assigning them IP addresses on different subnets, then creating a VLAN for port 4 and a firewall rule to block communication between the VLANs while allowing internet access.

Uploaded by

srogers99
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Preparation (OPTIONAL)

Reset router to Factory Default settings.


Reset either by using the web interface or by doing a 30-30-30 Hard
Reset.
Go to http://192.168.1.1/ in your web browser and set the Username and
Password.
Configure Internet access as necessary.
Go to Setup -> Basic Setup.
Set the "Router Name" to whatever you desire.
Set the "Time Settings" appropriately.
Click Save, then Apply Settings.
Unplug the power for 30 seconds and then plug it back in. Wait for the
lights to return to normal.
Ensure that Internet access is working properly.
VLAN configuration of ports 1, 2, and 3.
Go to http://192.168.1.1/ in your web browser.
Go to Setup -> VLANs.
Uncheck ports 1, 2, and 3. Place port 1 into VLAN2, port 2 into VLAN3,
and port 3 into VLAN4.
Your configuration page should look like this.
Click Save, then Apply Settings.
Plug your Ethernet cable into port 4 on the router if it is not already
there.
Unplug the power for 30 seconds and then plug it back in. Wait for the
lights to return to normal.
Go to Setup -> Networking.
NOTE: Do not set the following IP addresses to any subnets that already
exist. In the 192.168.x.x address range, the third octet (the first "x") designates
the subnet. In this tutorial, I'll assume that you are only using the 192.168.1.x
subnet up to this point.
Under "Port Setup" set VLAN2 to Unbridged.
Set the IP Address to 192.168.2.1
Set the Subnet Mask to 255.555.255.0
Under "Port Setup" set VLAN3 to Unbridged.
Set the IP Address to 192.168.3.1
Set the Subnet Mask to 255.555.255.0
Under "Port Setup" set VLAN4 to Unbridged.
Set the IP Address to 192.168.4.1
Set the Subnet Mask to 255.555.255.0
Click Save.
The "Port Setup" section should look like this.
Under DHCPD click Add.
Set DHCP 0 to vlan2 with a Leasetime of 1440 (24 hours).
Click Save.
Under DHCPD click Add.
Set DHCP 1 to vlan3 with a Leasetime of 1440 (24 hours).
Click Save.
Under DHCPD click Add.
Set DHCP 2 to vlan4 with a Leasetime of 1440 (24 hours).
Click Save.
Click Apply Settings.
The DHCPD section should look like this.
Plug your Ethernet cable into any port on the router aside from port 4 or
the WAN port.
Unplug the power for 30 seconds and then plug it back in. Wait for the
lights to return to normal.
VLAN configuration of port 4.
Go to http://192.168.1.1/ in your web browser.
Go to Setup -> VLANs.
Uncheck port 4 and place it into VLAN5.
Click Save, then Apply Settings.
Unplug the power for 30 seconds and then plug it back in. Wait for the
lights to return to normal.
Go to Setup -> Networking.
Under "Port Setup" set VLAN5 to Unbridged.
Set the IP Address to 192.168.5.1
Set the Subnet Mask to 255.555.255.0
Click Save.
Under DHCPD click Add.
Set DHCP 3 to vlan5 with a Leasetime of 1440 (24 hours).
Click Save, then Apply Settings.
Add Firewall rules to isolate the VLANs.
Go to Administration -> Commands.
Copy and paste the following commands into the textbox:
iptables -I FORWARD -i vlan+ -o vlan+ -j DROP
iptables -I FORWARD -i vlan+ -o vlan1 -j ACCEPT
iptables -I FORWARD -i vlan1 -o vlan+ -j ACCEPT
Click "Save Firewall".
Command 1 Notes
This command blocks communication between all VLANs.
Commands 2 and 3 Notes
These commands allow all VLANs to communicate with VLAN1. VLAN1
contains the WAN port making communication with it necessary for Internet access
(under most Internet access configurations). Please note that these commands may
not do the trick, as I was unable to test them due to my Verizon FiOS setup.
Additional Commands Notes
This command blocks all communications with the 192.168.6.x subnet.
This command should be alerted and/or duplicated to block each subnet used by any
additional routers on your LAN.
iptables -I FORWARD -s 192.168.6.0/255.255.255.0 -j DROP
Finalize Settings
Go to Setup -> Basic Setup.
Click Save, then Apply Settings.
Unplug the power for 30 seconds and then plug it back in. Wait for the
lights to return to normal.

You might also like