14 Replies Latest reply on Apr 19, 2012 4:06 PM by dgardner

    Newbie  150 with VAP and 1534 Setup Question

    dgardner New Member

      Hi, total newbie.  First Adtran products.  2-1534P switches stacked and 1 150 WAP.  I am trying to set them up so that the 150 has one VAP that is for our employees with security and on our internal network scheme 192.168.1.0 and a second VAP for guests with a password we will provide but that does not have access to our network with an address such as 10.10.90.0

       

      I would like the guest access to grab a dhcp address in the 10.10.90.0 range.

       

      I have 3 vlans set up. 

      vlan1 default

      vlan2 security cameras

      vlan3 guest access

       

       

       

      Any nudge in the right direction would be appreciated.

       

       

      Thanks in advance

        • Re: Newbie  150 with VAP and 1534 Setup Question
          Employee

          @dgardner - Thanks for asking your question. There are several aspects of this application to keep in mind while setting this up. I'll try to go over at a higher-level what you'll need to configure. Feel free to ask any questions though, if you have any.

           

          First, I am not sure if the 1534s you have are 1st or 2nd Generation. You can usually tell by looking at the part number. 1st Gens have a part number that starts with " 1700..", while 2nd Gens have a part number that starts with "1702...".

           

          DHCP

          If you have a 1st Gen 1534, keep in mind you will only be able to configure one DHCP range on it. The reason for this is because the 1st Gen 1534s are pure layer 2 switches. 2nd Gen 1534s, however, have the capability to do a light version of Layer 3 switching. This allows the creation of multiple VLAN interfaces thus allowing multiple DHCP ranges to be configured as well. More details on how to configure DHCP scope can be found in the guide Configuring DHCP in AOS.

           

          Wireless

          Since you plan to have 2 wireless networks set up (internal and guest), you will need be sure that the switchport the NetVanta 150 is plugging into is set as a trunk. The reason for this is because each wireless network will associate itself with a VLAN you have created for your users. You will also want to ensure that the NetVanta 150 also has 802.1q enabled to allow it to trunk as well.

           

          You will need to configure 2 Virtual Access Points (VAPs). VAPs are distinguished by an SSID and is what you will map to a VLAN ID. You can also set up your wireless security settings within this configuration as well.

           

          More details, including a step-by-step on how to configure the wireless portion, can be found in the guide Configuring Wireless in AOS.

           

          Firewall

          You mentioned that you would like to restrict your Guest VLAN/wireless network from accessing your internal network. The best way to do this is to add a Security Zone/Access Policy on the Guest VLAN that will deny traffic destined for your internal network, but allow all other traffic through.

           

          Information about the firewall menu can be found in this guide: https://supportforums.adtran.com/docs/DOC-2902

           

          Please do not hesitate to let us know if you have any further questions.

           

          Thanks,

          Noor

          1 of 1 people found this helpful
            • Re: Newbie  150 with VAP and 1534 Setup Question
              dgardner New Member

              Noor,

               

              Thanks.  I must be close because a lot of what you say I think I have.

               

              They are second gen switches.  I actually have two but just concerned with making one work now.  I have configured  a dhcp range of 10.10.90.10 - 10.10.90.20.  I just can't seem to figure out how I assign that to the VAP that I created.

               

              I have the 2 VAP created and the ones that is on default VLAN1 works ok and picks up the DHCP from our firewall as it is set up to do

               

              I will attach a couple of screen shots, maybe that can help.

               

              Thanks

              Screen Shot 2012-04-11 at 12.07.32 PM.pngScreen Shot 2012-04-11 at 12.07.06 PM.pngScreen Shot 2012-04-11 at 12.06.35 PM.pngScreen Shot 2012-04-11 at 12.10.54 PM.png

                • Re: Newbie  150 with VAP and 1534 Setup Question
                  Employee

                  @dgardner - The DHCP scope is automatically broadcast out the interface that has an IP address assigned from the same network. For example, in your case, you have configured a scope from the network 10.10.90.0 with a subnet mask of 255.255.255.0. For the scope to be broadcast out the correct VLAN, you would need to assign the VLAN 3 interface an IP address  from the 10.10.90.0 /24 network.

                   

                  Do you have an IP address assigned to VLAN 3? If not, you will need to assign it one. To do this on the web interface, navigate to DATA -> VLANS on the panel on the left. From there click on "VLAN0003". Once on the configuration page, make sure that 'Vlan Interface Configuration' is enabled. Once that is enabled you will be able to set an IP address under the 'IP Settings' section. As mentioned above, the IP address should be in the 10.10.90.0 network.

                   

                  In addition, you will need to modify your DHCP scope so that the default gateway for the 10.10.90.0 scope is set to the IP address you assigned to VLAN 3.

                   

                  I hope this helps. If not, please reply to this post with your configuration file. Please be sure to remove any information that is sensitive to your network.

                   

                  Let us know if you have any questions.

                   

                  Thanks,

                  Noor

                  1 of 1 people found this helpful
                    • Re: Newbie  150 with VAP and 1534 Setup Question
                      dgardner New Member

                      HI,

                       

                      I tried those things but when I connect to the guest wifi it does not pick up the dhcp.  Here is my config file.

                        • Re: Newbie  150 with VAP and 1534 Setup Question
                          Employee

                          @dgardner - Everything in your configuration looks correct. Based on your symptoms, I would suggest that you confirm that the NetVanta 150 is plugged into port 24 since it is configured as a trunk. If this is not the case, then whichever port the NetVanta 150 is plugging into will need to be configured for trunk mode.

                           

                          Please do not hesitate to let us know if you have any further questions.

                           

                          Thanks,

                          Noor

                          1 of 1 people found this helpful
                            • Re: Newbie  150 with VAP and 1534 Setup Question
                              dgardner New Member

                              You were correct.Pilot error!  wrong port.  Follow up.  Is it safe to assume that I then need to set the default router address to the address of my 192.168 router, in my case the sonic wall device, in order for the guests to get outside access.  And create a route back to the vlan in the sonic wall of course?

                                • Re: Newbie  150 with VAP and 1534 Setup Question
                                  Employee

                                  @dgardner - Yes, you are absoulutely correct. You will need to add a default route on the 1534 that points to your Sonicwall as the path for outside access. This route will allow networks that are using the 1534 as its default gateway to properly route out the Sonicwall to get out to the internet.

                                   

                                  Let us know if you have any further questions.

                                   

                                  Thanks,

                                  Noor

                                    • Re: Newbie  150 with VAP and 1534 Setup Question
                                      dgardner New Member

                                      Would that be the default gateway entry or would I need to enter a route in the routing table

                                       

                                      Thank you

                                        • Re: Newbie  150 with VAP and 1534 Setup Question
                                          Employee

                                          @dgardner - You will need to enter a route in the route table. In the web interface, this can be done by navigating to DATA -> Router/Bridge -> Route Table. The 'destination address' will be 0.0.0.0, as will the 'destination mask'. The 'gateway' will need to be selected as an address and you will need to specify the IP address of the Sonicwall (your next-hop). This can also be done in the CLI in config mode by entering the following command: ip route 0.0.0.0 0.0.0.0 <next-hop IP>.

                                           

                                          The default gateway setting is used only by the 1534 while it is acting as a layer 2/switch device. For example, if you were to disable the "ip routing" functionality of the 1534, it would not be able to act as a default gateway for clients. However, if you wanted the 1534, itself, to reach outside networks, then you would configure the default gateway setting.

                                           

                                          Let us know if you have any further questions.

                                           

                                          Thanks,

                                          Noor

                                            • Re: Newbie  150 with VAP and 1534 Setup Question
                                              dgardner New Member

                                              HI Noor,

                                               

                                              I did that and I still am having an issue.  If I ping out front a machine on the guest lan, the ping goes out and comes back thru the sonic wall but never makes it back to the device itself.  I am attaching a screen shot of a capture front the sonic wall that shows the ping returning.  Any ideas?

                                              Screen Shot 2012-04-16 at 12.10.24 PM.png

                                                • Re: Newbie  150 with VAP and 1534 Setup Question
                                                  Employee

                                                  @dgardner -  Does the Sonicwall have a route for the 10.10.90.x network that points to the 1534? I believe you would need this for the traffic to get back. Could you reply to this post with the route table of the 1534 and a screenshot of the route table of the Sonicwall?

                                                   

                                                  In the web interface, the route table for the 1534 can be retrieved by navigating to DATA -> Router/Bridge -> Route Table. If you scroll to the bottom of the page, it will show what the current route table looks like. Also, you can view this in the CLI by issuing the "show ip route" command.

                                                   

                                                  Thanks,

                                                  Noor

                                                    • Re: Newbie  150 with VAP and 1534 Setup Question
                                                      dgardner New Member

                                                      Noor,

                                                       

                                                      Here are the screen shots. Yes the sonic wall has a route back to the 1534.  I was on with sonic wall tech support and we actually tried the main address of the 1534, the VLAN ip of 10.10.90.1 and the ip address of the NV150.  They all have the same result.  The capture shows that the ping is trying to get sent to the 10.10.90.10 device but it just times out at the device.  192.168.1.2 is the sonic wall     .20 is the 1534    .25 is the 150   10.10.90.1 is the VLAN interface

                                                       

                                                      thanks again for sticking with me.

                                                       

                                                      Screen Shot 2012-04-16 at 7.29.28 PM.pngScreen Shot 2012-04-16 at 7.20.28 PM.png

                                                        • Re: Newbie  150 with VAP and 1534 Setup Question
                                                          Employee

                                                          @dgardner - The Sonicwall's route for 10.10.90.0 /24 needs to be changed to point to 192.168.1.20 (VLAN 1's IP address) instead of 192.168.1.25 (Access Point's IP address). The Access Point IP is an optional setting and is only used when there is a Radius server involved. Other than that, your route table looks correct. Please reply to this post with the latest configuration of the 1534, if this does not resolve your issue.

                                                           

                                                          Thanks,

                                                          Noor