4 Replies Latest reply on Nov 21, 2012 9:30 AM by levi Branched from an earlier discussion.

    Wireless Guest Access

    moulegend New Member

      We will be purchasing the NetVanta 150 series access point since it's compatible with our 5305.  This solution will be only for basic guest account access in our main conference rooms.  Is there a clear way to separate the Wireless access from our actual LAN say like a guest account on other vendor products? 

        • Re: Wireless Guest Access
          levi Employee

          moulegend:

           

          Thank you for asking this question in the support community.  There are several aspects of this application to keep in mind while setting this up. I'll try to go over at a higher-level what you'll need to configure. Feel free to ask any questions though, if you have any.

           

          DHCP

          Typically, for the guest network the access controller, will provide DHCP IP addresses to the guest wireless clients.  Additional details on how to configure DHCP scopes can be found in the guide Configuring DHCP in AOS.

           

          Wireless

          Since you plan to have 2 wireless networks set up (internal and guest), you will need be sure that the switchport the NetVanta 150 is plugging into is set as a trunk. The reason for this is because each wireless network will associate itself with a VLAN you have created for your users. You will also want to ensure that the NetVanta 150 also has 802.1q enabled to allow it to trunk as well.

           

          You will need to configure two Virtual Access Points (VAPs). VAPs are distinguished by an SSID and is what you will map to a VLAN ID. You can also set up your wireless security settings within this configuration as well.

           

          More details, including a step-by-step on how to configure the wireless portion, can be found in the guide Configuring Wireless in AOS.

           

          Firewall

          You mentioned that you would like to restrict your Guest VLAN/wireless network from accessing your internal network. The best way to do this is to add a Security Zone/Access Policy on the Guest VLAN that will deny traffic destined for your internal network, but allow all other traffic through.

           

          Information about the firewall menu can be found in this guide: Configuring the Firewall (IPv4) in AOS.

           

          I hope that makes sense, but please do not hesitate to reply to this post with any additional information or questions.  I will be happy to help in any way I can.

           

          Levi

            • Re: Wireless Guest Access
              moulegend New Member

              That all makes sense.  We're just looking to have 1 wireless account with no access to our internal LAN/VLAN.  Will I still need to configure the switchport on the NetVanta 150 as a trunk? I'm assuming I would only need 1 VAP and 1 VLANID correct?

                • Re: Wireless Guest Access
                  levi Employee

                  moulegend:

                   

                  Yes, you are correct.  If you will only have one VAP and one VLAN ID, then you can leave it as an access port.  However, for scaleability, generally it is recommended to configure it as a trunk port, so in the future if you decide to add additional VLANs or SSIDs, there will be minimal configuration changes.

                   

                  Please, let me know what questions you have.

                   

                  Levi

              • Re: Wireless Guest Access
                levi Employee

                moulegend:

                 

                I went ahead and flagged this post as “Assumed Answered.”  If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons.  This will make them visible and help other members of the community find solutions more easily.  If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.

                 

                Levi