Koalasafe "bridging" 2 "networks"

#1

I have two vlans on a switch. One for me and one for the kids. Only my vlan is connected to the router but AP’s are connected to the kids. I wanted to put the Koalasafe “between” these vlans. No tagging just in one out the other.
Have primary vlan (mine with router) on WAN port and kids vlan on Lan port. Nothing connected to the kids VLAN is getting an ip address. Stumped?

0 Likes

#2

Hi @awolfend,
Im not 100% on your setup yet.
You have a router providing DHCP, connected to that router is a physical switch with two vlans? You have AP’s plugged into the switch one for you and one for the kids?
Where is the KoalaSafe plugged in?

Adam

0 Likes

#3

Router -> Parent Switch (vLan) -> (WAN) Koalasafe (LAN) -> Kid Switch (vLan) -> Wireless AP’s -> IPad

iPad can get an ip address when connecting to Koala WiFi but does not get an address when connecting to Wireless AP’s

The OLD config had the VLan’s both connected to Router (with vLan support).
I removed the kids vlan from router and connected their vlan to the Koalasafe LAN.
Should work fine…?

Anthony

0 Likes

#4

It should work in theory, but we haven’t tested such a setup.

Does it work if you give the iPad a static ip and connect to Wireless AP? To test if it’s DHCP being blocked somewhere.

Adam

0 Likes

#6

Adam,

Test results in. Configured the Static IP address in my iPhone and connected to the wireless AP BEHIND the Koalasafe.
The results are curious. Firstly the configuration worked. My phone connected to the internet and I could browse sites. Curiously I should not have been able to as the default profile was set to Intermet off.

Not really in a position to know what to do next? Definitely at least two issues here.

Anthony

0 Likes

#7

Hi @awolfend,

I checked your account, your phone is currently in “Parent Mode” forever. So it has unlimited access, the internet access makes sense.

So it appears it’s just DHCP being blocked. The only thing I can think off is that it’s too many device hops for the multicast packets…

Can you try connecting the KS directly to the router and the AP directly to the KS?

Adam

0 Likes

#8

Adam,

Moved the phone to Anthony profile after the test found it had limited connectivity and thats where I stopped.
I will test again to make sure. First will restart all boxes etc to make sure we are in a reboot state.

Anthony

0 Likes

#9

Adam,

Confirmed BOTH a DHCP issue AND a filtering issue.
Testing with iPad on both limited and parent profiles.

Starting with limited “Everyone” profile that currently blocks internet access can confirm that functionality is correct when tested on the Koala wifi network.

When I connect to TEST wifi on an ap connected to a switch connected to Koala Lan port…

  1. DHCP fails to allocate an address
  2. Once configured with a static address the device accesses the internet AND banned pages when the profile indicates the Internet is off.

I will try connecting Koalasafe to Router but the Access Points need PoE so I am a little more limited in how I handle it.
Does the Koalasafe modify DHCP requests in any way at layer 2 or layer 3? The switch should not as your device is the only other one involved. I would not think latency an issue.

Anthony

0 Likes

#10

For what its worth… your Kids vlan doesn’t have an old ip helper-address programmed into its config , or anything ?

0 Likes

#12

No we don’t touch DHCP. We listen for it to grab device names, but its passive.
Do you have anything that you can plug into the KS Lan port to ensure that port is getting DHCP i.e. a lapotp? It should be.

It’s odd that traffic seems to be by-passing the filtering. There is no way it’s being routed around?
Another user is using extenders and the devices in KoalaSafe have different MAC addresses… but they show up in Device List.

Can you run the DNS test from a client.

Can you also restart the device from the App. You should see the red light go dead while it reboots. To ensure messages are getting to the device.

Adam

0 Likes

#13

Firstly DNS is clean. Dig returns correct string.

I plugged ONLY an Airport Express into Koalasafe LAN port.
Devices attached to that wifi network behave correctly.
If only I could leave it this way…:frowning:

My property is large and I have 3 access points with 2 vLans running through a PoE Gig switch (that CAN but does not operate at layer 3.) The vLans terminate as separate LAN’s on a sonicwall. I removed the Kids Lan from the Sonicwall and was hoping to use the Koalasafe in it’s place…

The switch should not modify anything at layer 3 from the kids vLan and the Sonicwall should not even see it. But it doesn’t work.

So I would like to figure this out.

0 Likes

#14

What about a device plugged into the switch thats is plugged into the KS. Does it get an IP (removing the AP from the mix)

0 Likes

#16

What are the AP’s? Make/Model

0 Likes

#18

Thanks @awolfend,

Some more clarification. Your AP’s are configured with SSID per vlan? Both vLAN’s traffic is running through the KoalaSafe?

0 Likes

#19

After much research issues relates as you guessed to passing multicast frame across switch.
I have enabled DHCP relay and the switch can now “bridge” two VLANS together,
If I connect them directly with an ethernet cable. Performance is impacted but devices can obtain IP addresses across VLANS and connect outbound.

If I replace the cable with the Koalasafe I start to run into connectivity issues again.
Basically devices obtain ip addresses but do not connect. I will do more research before requesting help.

AP’s don’t appear to impact anything except potentially add delays.

0 Likes

#20

@awolfend Did you ever get this working. I’m having similar issue with Ubiquiti.

Despite being on the same VLAN etc. The only way I can get the Kola to block access is when I either connect a device directly to the LAN port or through it’s wifi.

0 Likes