I'm not real familiar with

nickwhi90 · ‎04-11-2016

Hello,

We need to setup an isolated guest network on a yacht.

There are three WAP371 access points wired to an SG200-50P switch. The 3/4G/WIFI router is connected to a non smart SG100-08 switch and this switch is connected to the SG200-50P switch, see attached diagram.

With the hardware we have, is it possible to create an isolated Guest network that will allow users access to the internet but not see anything else on the network?

Thanks - Nick

chambersaj · ‎04-16-2016

I'm not real familiar with the small business switches. If they support private VLANs like some of the Cisco enterprise gear does you would be able to do what you are asking. You would make a two secondary VLANs and associate them to your primary VLAN. It keeps them separate at layer two. This would allow the guest network to see the router on the primary VLAN but not the rest of your equipment that you would put on the other secondary VLAN. Anything that needed to be seen by both the guest and regular VLAN would be placed on the primary VLAN.

Michiel Beenen · ‎08-07-2016

As the other reply also mentions, you need to simply setup VLAN's and assign guest SSID to a guest VLAN. Next to that you can select to 'enable channel isolation'. When enabled, the WAP device blocks communication between wireless clients on the same VAP (SSID). The WAP device still allows data traffic between its wireless clients and wired devices on the network, across a WDS link, and with other wireless clients associated with a different VAP, but not among wireless clients.

So basically, when you use VLAN (setup on your router/switch and on the WAP) and Channel isolation your guests will not be able to get to LAN devices.

WAP371 - isolated guest wireless network