WAP321 Captive Portal SA520 Inter VLAN Routing

dirproservices · ‎12-05-2012

I have setup a WAP321 and configured it for a captive portal. It is connected to a SG300 switch and the gateway is a SA520.

The SA520 is setup with two VLANs. The default of ID 1 and a guest vlan ID 2.

The SA520 is assigning the IP addresses to VLAN ID 2. That is working properly.And the captive portal works fine as long as I have Inter VLAN Routing Enabled on VLAN ID 2. But, I do not want VLAN ID 2 to access the local LAN so I Disabled the setting for VLAN ID 2. When I do that, the captive portal stops working and I just get a blank page. Nothing comes up. If I disable captive portal on the WAP321 with Inter VLAN Routing disabled, everything works fine. No access to VLAN ID 1 and Internet access works fine.

So, what am I missing here? I don't want wireless guests to have access to internal LAN systems.

Tom Watts · ‎12-05-2012

Hi Dir, the problem is, the captive resides at the IP address of the AP. If you disable intervlan routing, the vlan 2 can't talk to vlan 1 - where the CP resides. Change the AP to be in the same subnet as your guest network and this will work.

Edit-

Example;

Vlan 1 192.168.75.1

Vlan 2 192.168.76.1

AP 192.168.76.2

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

dirproservices · ‎12-06-2012

Well, I changed the WAP321 to an IP address and gateway on VLAN 2 and disabled Inter VLAN routing on VLAN 2. It routes perfectly, as expected, as long as Capture Portal is not enabled. Once CP was enabled it stopped working. I can't ping anything and, of course, get webpage not available. There is something about Capture Portal that seems to be causing this problem now. In fact, I just enabled Inter VLAN routing and it still does not work in this new configuration with CP enabled.