Re: Guest access to our wireless network

dvanzee · ‎02-10-2006

I have changed our network over to WPA with PEAP. One the questions that has come up is, how can guest still have access to this wireless access point to access the internet, but not have access to our internal network. Any info would be great.

rduke · ‎02-10-2006

I set up two ssids on our network. These map to two different VLANs. One VLAN attaches to the internal network. The other connects to a second firewall with Internet access. This also allows me to test VPN accounts by attaching to the secondary ssid and going out one firewall and back in to the other. Sometimes vendors want to demo something which needs Internet access, and I would rather put them on the secondary firewall which has open access rather than poke a hole in my main firewall. Normal users are not supposed to be on the Internet only ssid. Also you can make the security on your internal network ssid high and the Internet only ssid low.

devaraj · ‎11-22-2006

Hi Randy,

I am wondering how did you did this setup, we have two networks setup but it is not working. Did you configured turnking on your switch for VLANs? or it worked without trunking? It will be really helpful if you reply

Thanks,

Dev

Stephen Rodriguez · ‎11-22-2006

Dev,

You will need to configure trunking on the switch and the AP. The "native" subinterfaces will need to be in the subnet the BVI 1 interface is getting it's address from, and will need to be in bridge-group 1. All other subinterfaces will be dot1qs trunked to the appropriate VLAN, and will not need BVI's.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered