cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
420
Views
0
Helpful
4
Replies

Guest SSID communication with DHCP over CISCO SG350-28

swap123
Level 1
Level 1

Hello,

We are using Cisco SG350-28 Model Network Switches, with these switches our APs (non-CISCO Make) are connected.

 

These APs have on OS base Controller software which is installed on Windows computers.

 

1) Each AP has Two SSID, One is for Company Users(PRD) and another one is for guests (GUEST).
2) We are using Networks 192.168.0.x /24, 192.168.1.x /24 and 192.168.2.x /24
3) All these networks are configured on our Hardware Firewall (Make non-CISCO), using that firewall each network can communicate with each other.
4) We have windows base DHCP in our network which broadcast IP 192.168.0.X, 192.168.1.X, and 192.168.2.X

 

The user of the company connects to the SSID - "PRD" and they access the network without any issue, some of those
gets IP as 192.168.0.X OR 192.168.1.X OR 192.168.2.X

Now, the guest who connects to the SSID - "Guest" gets redirected to the Internet portal only if they get the IP as
192.168.0.X

 

We have a need the configuration should work like; users or guest who connects to SSID - "Guest" should get any

IP but they must get redirected to Internet Portal which is on a Windows-based Wireless Network controller.


Kindly suggest what needs to be done.

 

Note - attached is the scenario for reference.

 

Thank you
Swapneel

4 Replies 4

Jitendra Kumar
Spotlight
Spotlight

I do not suggest that any guest user can get your internal IP address this is not the best practice to create a separate network for guests and you need to enable the captive portal to redirect to the webpage for authentication.

 

Thanks,

Jitendra

Thanks,
Jitendra

Hi

  The redirect process usually use some Access List to map the guest traffic and redirect to the portal. This is how thing works for cisco solution. Make sure in your solution you dont have the same concept and you need to add this Access List. Maybe only the network 192.168.0.0 have this configured and that´s why you get redirected.

swap123
Level 1
Level 1

Hello Flavio and Jitendra,

 

@Jitendra Kumar Yes I do agree, in that case cane we have another Network on Switch base DHCP which well give IP to only "Guest " SSID  then we can router that traffic to our firewall (Gatway)

@Flavio Miranda Redirection setting works when user first get redirected to captive portal where the puts the key (Please refer)

 

Thank you for your reply. I have checked in the software base controller of the WIFI Device there is no pre-direction setting available.

Things are happening in the following manner.

1. Guest can see the SSID "Guest"

2. They connect it using a password

3. Guest device got the IP from Windows-based DHCP as 192.168.0.X or 192.168.1.X (step 3.1)

4. The guest device which gets the IP 192.168.0.X redirects to the Captive portal where a window asks for KEY to brows the internet.

5. Once the key gets validated the first page gets open as a company's website, further they can able to browse the internet.

3.1 If the user device get the IP 192.168.1.X 

 

Question : Cant' we allot a Dedicated DHCP scope (192.168.0.31 to 192.168.0.50 ) on Switch (Cisco) which will be accessible only of they connects to the SSID "Guest" in that case may be they can automatically redirect as same as 192.168.0.X guest.

 

Kindly suggest.

 

Thank you

Swapneel

 

You can create a DHCP pool& dummy VLAN on the Controller.

please go through the below tutorial...

 

https://youtu.be/7ni9gj_W6sM 

Thanks,
Jitendra