LAN segmentation, and the process of adding LAN segments, is used for advanced networking scenarios when LAN traffic must be partitioned.
An instance where LAN segmentation can be utilized is when providing public Internet access to Wi-Fi users, such as bus passengers. In this scenario, it is important to ensure that private onboard equipment connected to the router’s Ethernet ports, such as fare boxes, remains inaccessible to Wi-Fi users. Multiple LAN segments are useful for specifying different network policies or routing rules on each segment.
Each WAN interface (Ethernet port, Wi-Fi Access Point, and USB) can be assigned to any LAN segment that has been configured on the router. The router comes with a single LAN segment (Default-LAN) and you can create additional network segments under Network > Zone Settings > LAN Segments.
Before deploying an Airlink OS router, it is important to review how the LAN segment(s) are configured to ensure that network traffic visibility remains as secure as possible.
User LAN segments are those defined by a user. System LAN segments are those defined automatically by the system. The System LAN segments are not directly configureable and are used in firewall rules, Multi-WAN rules or IP Passthrough, to name a few.
To configure a User LAN segments:
Go to Networking > Zones settings > LAN Segments.
Click CREATE LAN SEGMENT to create a new LAN segment, or click Edit ( ) in the table to update an existing LAN segment.
Begin configuring the LAN segment. Refer to the table below for details of individual settings.
SETTING | DESCRIPTION | VALUES |
---|---|---|
Name | Name assigned to this LAN segment | Required for all LAN segments |
IPv4 Address | Default gateway LAN address for this LAN segment |
IPv4 address. Required for all LAN segments |
IPv4 Prefix | Specifies how many bits of the IP address for this LAN segment are used for the network ID |
0 – 32. Default is 24. Required for all LAN segments. |
DHCPV4 SERVER |
Specifies if there is a DHCP server for IPv4 addresses
|
On/Off. Default is On |
IPv4 POOL STARTING ADDRESS | Required for all LAN segments. If DHCPv4 server is On, then this field is the starting IPv4 address of the pool of IP addresses available for DHCP |
IPv4 address Required for all LAN segments. |
IPv4 POOL ENDING ADDRESS | Required for all LAN segments. If DHCPv4 server is On, then this field is the ending IPv4 address of the pool of IP addresses available for DHCP |
IPv4 address Required for all LAN segments. |
LEASE TIME(IN MINS) | Length of time that the DHCP server will reserve an IPv4 address for a client device. This is added on to the remaining lease time of the device. |
2 – 65535 mins. Default is 1440 mins |
IPv6 Address | Default gateway LAN address for this LAN segment |
Double-colon notation. Leave blank to disable IPv6. |
IPv6 Prefix | Specifies how many bits of the IP address for this LAN segment are used for the network ID. |
0 – 128. Default is 64. Leave blank to disable IPv6. |
IPv6 SLAAC | When enabled, SLAAC will use the device’s MAC address to create a unique interface identifier, which when combined with a network prefix forms a complete IPv6 address. |
On/Off. Default is Off |
IPv6 Proxy | When enabled, allows IPv6 traffic between clients on this LAN that are connected to different interface types. E.g. allow a USBnet client to talk to an Ethernet Client. |
On/Off. Default is Off |
DHCPv6 SERVER |
Specifies if there is a DHCP server for IPv6 addresses
|
On/Off. Default is Off |
BROADCAST FORWARDING | IPv4 packet forwarding for broadcast traffic. Specifies if the system will forward broadcast packets it receives on one network interface to other interfaces, allowing broadcast traffic to reach other subnets or networks. |
On/Off. Default is Off |
IPv6 POOL STARTING ADDRESS | If DHCPv6 server is On, then this field is the starting IPv6 address of the pool of IP addresses available for DHCP |
Double-colon notation. Leave blank to disable IPv6. |
IPv6 POOL ENDING ADDRESS | If DHCPv6 server is On, then this field is the ending IPv6 address of the pool of IP addresses available for DHCP |
Double-colon notation. Leave blank to disable IPv6. |
LEASE TIME(IN MINS) | Length of time that the DHCP server will reserve an IPv6 address for a client device. This is added on to the remaining lease time of the device. |
2 – 65535 mins. Default is 1440 mins |
DHCP DNS Server | DNS servers acquired through WAN links or by manually specifying primary and secondary DNS settings |
|