Hiya

I have a draytek 2820n with 3.3.1.2_232201, and local IP address 192.168.0.1

It does ADSL (from BeThere) and the NAT, but not the DNS or DHCP - that runs through our Windows Server 2008 which runs Active Directory, and has IP address 192.168.0.2

The 2820 is set up with 2 wifi SSIDs:

SSID 1 for staff laptops,
SSID 2 for clients and visitors.

I want to wall off SSID 2 from our LAN, but when I click 'isolate LAN', visitors are unable to connect to the internet. This seems to be because they are unable to get assigned a IP address from the server.

How can I make sure visitors are able to get an IP and connect to the internet without seeing our LAN?

I've gone through the 2820 options, and I'm baffled.

Can you help please?

I think you can accomplish this by using the LAN->VLAN settings. Just create a separate VLAN for the SSID2 (so only 1 box ticked for this one), you'll probably also have to create another VLAN for all your SSID1 & ethernet devices (tick the boxes for SSID1 & the physical router ports you are using).

If your firmware doesn't have specific VLAN options for each wifi SSID then you'll have to upgrade to a newer version, I'm using 3.3.3_232201

I've set this up myself on a 2820n running 3.3.3_232201 using DHCP relay to provide DHCP to the clients on the SSID that is isolated from the LAN. Unfortunately as soon as I acitivated DHCP relay the router's throughput dropped through the floor to an unuseable level. Accessing the router via telnet resulted in delays of approximately 4-5 seconds to echo my typing to the terminal window.

Has anybody else had this problem?

As an IT company I'm also pretty upset that when upgrading a client's 2820n from 3.3.0 it didn't warn me that I was going to loose the 'Isolate LAN' option from the wireless set up so that my client was left with a totally open network. I've got about 40 clients and I always recommend Draytek (such that more than half of them now use Drayteks) but I'll be thinking long and hard about recomending them in the future if a simple firmware upgrade is going to leave my clients wide open!

It might be worth trying 3.3.4 beta firmware if 3.3.3 isn't working with DHCP relay: http://www.visus.pt/mirrors/draytek/Vigor2820/Firmware/3.3.4_RC4a/

Also: firmware later than 3.3.0 does still have isolate LAN but it's a bit more advanced now, look under LAN > VLAN, you can now set which SSID can access which LAN port

Thanks for the heads up on the new firmware, I've already tried it and found it to be better but with a couple of other little issues.

I understand that the 'isolate' function is still there in the newer firmware, what I was complaining about was that upgrading the firmware left my client open as the SSIDs that were isolated before the upgrade were open after the upgrade. It needed a manual intervention to make them secure again, a bit of prior warning would have been nice!

I also have the exact same requirements and setup as tomato. I've installed the 3.3.4 RC4 firmware which seemed to solve the DHCP issue (3.3.3 crashed when using DHCP relay) but I now suffer from a couple of other issues:

1) I've set up VLAN0 and VLAN1. VLAN0 has all of the physical ports plus SSID1. VLAN1 has only SSID2. However, when connected to SSID2 I can still access the LAN.

2) I have several public IP addresses that are forwarded to internal PCs (mail server, web server etc). However, none of these seem to work since upgrading to 3.3.4.

Are these just bugs in this release?

Can the mods please forward these issues to R&D?