01-26-2019 02:57 PM
Hi!
I am reading about private-VLANs and I think they might be the solution to my current issue. I currently have two VLANs, and two wireless SSIDs. VLAN1 (10.0.0.0 / 24) is mapped to the Company SSID, VLAN40 (10.0.40.0 / 24) is mapped to the Company's Guests SSID.
I have a need for more networks though and I know I can just create more VLANs and more wireless SSIDs, but I'm trying to do it without creating anymore SSIDs. I see this when I google private-VLANs:
A private VLAN partitions the Layer 2 broadcast domain of a VLAN into subdomains, allowing you to
isolate the ports on the switch from each other.
That sounds like something I could use. I was thinking maybe instead of creating multiple VLANs and SSIDs, I could partition the two VLANs I currently have and try to isolate the devices. For example, on the Company VLAN, only company equipment can be on it. We have some residential devices that need to be connected to the internet as well though, such as our car, garage door opener, game consoles, etc. I didn't want to put some of these on the guest network for various reasons.
I do not think access groups are a solution, because the wireless APs for the guests and the company stuff are the same APs. They're not in different buildings or anything. I have a Cisco C1111-8PW router, three Cisco 1832i wireless APs. The C1111 has a built-in WLC and AP.
Would the private-VLANs be the best way to go here? I was reading there was some way to do this with something called 802.1x authentication or something, but I'm having a hard time finding examples of how to configure something like this with the 802.1x authentication.
Thanks.
01-26-2019 10:34 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide