12-07-2012 01:43 PM - edited 03-07-2019 10:28 AM
Hello,
I am looking to configure a wired and wireless guest network. I have industrial barcode scanners that connect to one SSID and then there is the business network on the office SSID (no vlan seperation for these devices just different SSIDs). There is not really a need to seperate the business network from the scanners in any case. However, there are needs for a guest network and this needs to be seperated. At the bare minumum I would like to have the wireless guest network. Here is what I have:
The reason for the wired guest access network is tp prevent anyone from plugging into the wall jack in the office with thier home laptops or anyone else from being on the same subnet as our domain machines. Granted they would be unathenticaed but there would be no layer 2 seperation and that is what I think would be best.
How would I go about doing this on the wireless controller without an anchor controller just using my existing hardware? I would like to have the Guest SSID only availible in the front office. Is it possible to offer a guest network while still servicing the business network SSID on the same access point? Then might I be able to have the guest network be treated as it should at the controller? However this might present another issue altogether as the guest traffic will be over the same wire as the business SSID until it hits the controller for management. Please advise.
Any help appreciated and if I missed anything I will provide more information.
Thanks,
Jeff
Solved! Go to Solution.
12-07-2012 03:01 PM
Well there are multiple ways to do it but first I'm not understanding your wired access theory. You should be protecting your switch ports with the mac address of the actual corporate computers. I've always setup ports to shut down if they detect a different mac and more than one mac. Any un used ports should be turned off. So this policy should take care of the wired access. You can also put the unused ports on a guest VLAN if you like so if some one does connect and somehow that port is not turned off they will only be on the guest VLAN.
For the wireless do the same use that guest VLAN, not sure how SonicWall works but you can put the guest VLAN in a DMZ. By the way Cisco WLC uses ACL's too so you can also use those ACL's. However I personally don't like the idea of using ACL's on the WLC I'd much rather use the Firewall for that purpose.
12-07-2012 03:01 PM
Well there are multiple ways to do it but first I'm not understanding your wired access theory. You should be protecting your switch ports with the mac address of the actual corporate computers. I've always setup ports to shut down if they detect a different mac and more than one mac. Any un used ports should be turned off. So this policy should take care of the wired access. You can also put the unused ports on a guest VLAN if you like so if some one does connect and somehow that port is not turned off they will only be on the guest VLAN.
For the wireless do the same use that guest VLAN, not sure how SonicWall works but you can put the guest VLAN in a DMZ. By the way Cisco WLC uses ACL's too so you can also use those ACL's. However I personally don't like the idea of using ACL's on the WLC I'd much rather use the Firewall for that purpose.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide