In this article, I’m going to walk you through setting up a two-VLAN network with a Layer 3 switch(Cisco 3550). I am also going to setup WFilterROS as the gateway to routing for this VLANs.
As in the above network topology diagram:
- There are two VLANs in the Cisco 3550 swith( Vlan2 – 192.168.2.0/24, and VLAN3 – 192.168.3.0/24).
- WFilterROS is in subnet 192.168.1.0/24.
- The uplink port of Cisco 3550 has IP address 192.168.1.5.
Configuring the Cisco switch
Commands to setup the Cisco 3550 switch:
Setup port VLAN
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport access vlan 2
Setup VLAN IP and subnet
Switch(config)#interface vlan 2
Switch(config-if)#ip address 192.168.2.1 255.255.255.0
Setup the uplink port
Switch(config-if)#ip address 192.168.1.5 255.255.255.0
Enable IP Routing
For WFilterROS to routing VLANs traffic, you need to add VLAN subnets in “Routing” of WFilterROS.
IP conflict in local network is annoying. When it happens, it will cause intermittently connections, and it’s difficult for an IT administrator to locate the conflicted devices.
With WFilter, you can do much more.
First, you can block the conflicted IP address with a message. So the client might fix this issue by himself. As shown in below figure, you can send a message “Your ip address conflicts with our server, please correct it ASAP”. This message will show up when browsing http sites.
Also, you can run the “Network Health Checker” extension, which can test ip conflicts in your network. Please check the below screenshots:
Now you may talk to the person with “HuaWei” mobile to fix this issue.
Extension home page: “Network Health Checker”
Wiki page: Check network health of availability, IP conflict, ARP spoof and broadcast storm
For ISP network management, you will need:
- User authentication.
- Monitor and filter of internet activities.
- Bandwidth shaper.
- Accounting and statistics.
Usually, you will need several systems to achieve this goal. Today, WFilterROS, a linux based router OS provides a total solution for ISP network management, with below features:
- Two types of authentication: “Web Auth” and “PPPoE Auth”.
- An “Internet Usage” module to record web surfing, downloading activities.
- Rich internet access control policies: web filter, application control, ip-mac binding …
- Bandwidth policies of realtime rate limit and monthly bandwidth cap limit.
- Bandwidth optimize solutions.
- Internet usage and bandwidth statistics.
- A web push feature to push statistics, web page and advertise.
All these features can be configured in the “WFilter ISP module“.
More details can be found at here: WFilterROS ISP Module
A new protocol, IDM has been supported in WFilterROS for both enterprise license and free license.
Here is the protocol description: How to block IDM in network?
You can block IDM by setting IDM to “deny” in “App Control”.
Now IDM downloading won’t start anymore.
Both HTTP and HTTPS downloading can be blocked.
In google chrome, a new protocol named QUIZ, is implemented. The protocol description can be found at https://www.chromium.org/quic
It says QUIZ can improve website performance by 3%. However, because QUIZ is an UDP based encrypted protocol, domains support QUIZ will not be blocked with WFilter’s web filter.
This issue happens in Chrome browser to Google sites only(including youtube). To make web filter working, you’re recommended to block QUIZ completely.
In pass-by deployment with WFilter Enterprise, you’re recommended to block udp ports “443 -65534″ in your firewall and router.
In WFilterROS, you can block QUIZ in the “app control” module.
Demonstrations of blocking youtube.
When QUIZ is not blocked, you can only see QUIZ traffic when visiting of youtube with chrome.
Block QUIZ in app control.
Now “QUIZ” connections are all blocked, and youtube can be blocked by WFilter.
This site http://blog.wfilterros.com is the new blog site of WFilterROS.
Blog of WFilter and IMFirewall Software can be found at http://blog.imfirewall.us