7 Replies Latest reply on Dec 4, 2014 12:22 PM by clillie360

    How do you configure multiple VWlans

    clillie360 New Member

      I am new to using adtran routers and trying to learn how to configure the router to control 2 VWLANS i am not sure where to begin.

        • Re: How do you configure multiple VWlans
          cj! Beta_User

          Hi clillie360:

           

          Are you looking into VLANs and/or SSIDs?  ADTRAN's Bluesocket WiFi platform functions from a virtualized controller they call vWLAN.  Conversely, AOS router (and switch) products can act as simple access point controllers for NetVanta 150/160-series APs.  Let us know your goal and we'll be glad to help!

           

          Best,

          CJ

          1 of 1 people found this helpful
            • Re: How do you configure multiple VWlans
              clillie360 New Member

              I am looking at setting up multiple ssid's one for the private network and the other a guest network using the netvanta 3448 controlling 2 netvanta 150's

                • Re: How do you configure multiple VWlans
                  cj! Beta_User

                  This application guide is exactly what you need:  AOS Wireless Configuration Guide

                   

                  Check out page 33 for a diagram confirming your design.  One important concept is that ADTRAN refers to Virtual Access Points (VAPs).  The idea is for you to create two VAPs (Private and Guest) which have different SSIDs.  Page 22 describes VAP setup.  VAPs are tied to VLANs for separation (page 19).  After you setup everything (VAPs/SSIDs tied to VLANS) on one access point, you can then apply the VAPs to each of your access points as a template.  The first AP is used as the Reference AP.  As you add access points, you simply apply the VAPs to them from the Reference AP. 

                   

                  The guide includes examples with GUI screenshots and CLI commands.  Let us know how it goes, or if you have any specific questions!

                   

                  CJ

                  1 of 1 people found this helpful
                    • Re: How do you configure multiple VWlans
                      clillie360 New Member

                      So i have set that up and made sure that all the settings are correct but the guest wi-fi is not obtaining an IP address, so there is no internet connection i have set the DHCP scope for that network on the router the domain controller is handling dhcp for the native vlan

                        • Re: How do you configure multiple VWlans
                          cj! Beta_User

                          It might be best to attach your configuration (be sure to remove any sensitive data from the CFG text file such as passwords or pre-shared keys).  But one of the things I encounter is the policy-class (security zone) for the guest network.  Assuming you created a new policy-class for guests, an allow policy must be in place for guest clients to request a DHCP address.

                           

                          You wouldn't want to allow guests access to http or telnet for management though, only DHCP.  Possibly DNS too, if you're telling DHCP clients to use the 3430 as their DNS server.  This might do the trick:

                           

                          !

                          ip access-list standard wizard-ics

                            remark Internet Connection Sharing

                            permit any

                          !

                          !

                          ip access-list extended RouterAdminAccess

                            remark Types of connections used for management

                            permit tcp any host 192.168.100.1 eq telnet

                            permit tcp any host 192.168.100.1 eq ssh

                            permit tcp any host 192.168.100.1 eq www

                            permit tcp any host 192.168.100.1 eq https

                          !

                          ip access-list extended self

                            remark Traffic to NetVanta

                            permit ip any any

                          !

                          !

                          ip policy-class GUEST

                            discard list RouterAdminAccess

                            allow list self self

                            nat source list wizard-ics interface eth 0/2 overload policy Public

                          !

                          ip policy-class Public

                            ! implicit discard

                          !

                           

                          In this example, the router's guest interface is 192.168.100.1 (also assigned in DHCP) and it's assigned to the GUEST security zone.  The Internet interface is in Public.  The order of policies listed under each policy-class is crucial. Here, we discard any connections from guests to the router used for administration, but then allow other, non-management connections.  DHCP requests would be part of that next "self" policy.  Last, we NAT out general Internet traffic like normal.

                           

                          There could be other factors, so consider attaching your config (sanitized) if this doesn't help.

                           

                          Chris

                          1 of 1 people found this helpful
                            • Re: How do you configure multiple VWlans
                              Employee

                              clillie360 -

                              I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

                               

                              Thanks,

                              Noor

                                • Re: How do you configure multiple VWlans
                                  clillie360 New Member

                                  ip subnet-zero

                                  ip classless

                                  ip routing

                                  ipv6 unicast-routing

                                  !

                                  !

                                  ip firewall

                                  no ip firewall alg msn

                                  no ip firewall alg mszone

                                  no ip firewall alg h323

                                  no ip firewall alg sip

                                  !

                                  dot11ap access-point-control

                                  !

                                  !

                                  !

                                  vlan 1

                                    name "Default"

                                  !

                                  vlan 10

                                    name "Guest Network"

                                    shutdown

                                  !

                                  !

                                  !

                                  no ethernet cfm

                                  !

                                  !

                                  interface switchport 0/1

                                    no shutdown

                                  !

                                  interface switchport 0/2

                                    no shutdown

                                  !

                                  interface switchport 0/3

                                    no shutdown

                                  !

                                  interface switchport 0/4

                                    no shutdown

                                  !

                                  interface switchport 0/5

                                    no shutdown

                                  !

                                  interface switchport 0/6

                                    no shutdown

                                  !

                                  interface switchport 0/7

                                    no shutdown

                                  !

                                  interface switchport 0/8

                                    no shutdown

                                  !

                                  !

                                  interface vlan 1

                                    ip address  x.x.x.x  255.255.255.0

                                    ip access-policy Private

                                    no shutdown

                                  !

                                  interface vlan 10

                                    ip address  x.x.x.x  255.255.255.255

                                    ip mtu 1500

                                    no shutdown

                                  !

                                  !

                                  interface dot11ap 1 ap-type nv16x

                                    encapsulation 802.1q awcp-vlan 1 native priority 7

                                  !

                                  !

                                  interface dot11ap 1/1 radio-type 802.11bg

                                    radio-mode gn

                                    no packet-aggregation

                                    no shutdown

                                  !

                                  !

                                  interface dot11ap 1/1.1

                                    ssid broadcast-mode "SECURE"

                                    security mode wpa tkip aes-ccmp psk securepass

                                    no shutdown

                                  !

                                  interface dot11ap 1/1.2

                                    vlan-id 10

                                    ssid broadcast-mode "GUEST"

                                    security mode wpa tkip aes-ccmp psk guestpass

                                    shutdown

                                  !

                                  !

                                  interface dot11ap 1/2 radio-type 802.11a

                                    shutdown

                                  !

                                  !

                                  !

                                  interface dot11ap 2 ap-type nv16x

                                    encapsulation 802.1q awcp-vlan 1 native priority 7

                                  !

                                  !

                                  interface dot11ap 2/1 radio-type 802.11bg

                                    radio-mode gn

                                    no packet-aggregation

                                    no shutdown

                                  !

                                  !

                                  interface dot11ap 2/1.1

                                    ssid broadcast-mode "SECURE"

                                    security mode wpa tkip aes-ccmp psk securepass

                                    no shutdown

                                  !

                                  interface dot11ap 2/1.2

                                    vlan-id 10

                                    ssid broadcast-mode "GUEST"

                                    security mode wpa tkip aes-ccmp psk guestpass

                                    shutdown

                                  !

                                  !

                                  interface dot11ap 2/2 radio-type 802.11a

                                    shutdown

                                  !

                                  !

                                  !

                                  !

                                  !

                                  ip access-list standard natpool

                                    permit any

                                  !

                                  ip access-list standard self

                                    permit any

                                  !

                                  !

                                  !

                                  ntp source ethernet 0/1

                                  ntp master 2

                                  ntp update-rtc

                                  ntp server 0.pool.ntp.org source ethernet 0/1 prefer

                                  !

                                  !

                                  !

                                  !

                                  !

                                  end