Showing results for 
Search instead for 
Did you mean: 

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.


public WIFI settings on company LAN

I'm trying to setup our system to provide clients/customers/vendors to have wifi access on our network, but keep them separated from our corporate LAN. I have two WAP4410N WAPs, an RV016 as the main router, and 3 SRW224G4P switches for the network. What I don't know is how to set everything up correctly to provide a secure connection for our users, but also have a separate network available to clients/customers. While I set the system up, I'm not a network admin nor do I have any formal training, so plain english please.

David Carr
Frequent Contributor

Mr. Tucker,

If your going to use the rv016 for this setup its going to be tricky.  The reason is, you have to separate the ssid's via vlan and the rv016 doesn't support vlans.

You might need to get a router that will support vlans or a layer 3 switch with a dhcp server to accomplish this.  Once you do this, you can restrict the access of one network to the other by access list.

The RV016 will do VLANs. Check the documentation for it.

It does port base vlans on the device.  Its not like the wrvs4400n which supports up to 4 vlans on the device.

The rv016 supports multiple subnets and will act as the gateway for those subnets, but does not do dhcp for them and it will allow all traffic between the networks.  You have to create access rules to deny traffic between the networks.

But port base and Actually supporting the vlans tagging are two different things.

David Carr
Frequent Contributor

To better clarify, Mr. Tucker, you will need a trunk port from the router to do multiple ssids for the vlans.  You might could set this up with a layer 3 switch, create the vlans on the switch and have a trunk going to the wap4410n.  Then setup a dhcp server for the vlans so they can get an ip address and make the switch be the gateway for the vlans. 

Then create a default route to the router for internet traffic, and create routes back from the router to the switch for the different networks you have behind the switch.

Then to restrict access between the networks setup an access list deny the two networks from communicating to each other.

If you had a router that could handle vlans, you could just setup a trunk for the vlans and turn off inter-vlan routing on the router and it would work easier.