cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6160
Views
0
Helpful
4
Replies

WAP371 guests network isolation

dominik03
Level 1
Level 1

Hello there,
I want to set up internet guest access with my WAP371. No matter what I do the guest can see my whole network. They should be able to use internet (guests) but not connect to LAN devices (server shares & other computers etc.).
I have Captive Portal enable on the WAP371, then everything works perfectly but after login to the guests wifi I can ping/browse other LAN devices. Any idea how to accomplish this with this WAP371?

Example
--------
RADIO1:  SSID: INTERNALAP - clients can access all network and internet.
RADIO2:  SSID: GUESTS -  Captive Portal, internet access but no production network access.


Devies:             x4  WAP371-E-K9 V01
Active Firmware Version:     1.0.0.10
Unmanaged switch / no VLANs

4 Replies 4

zbenko
Level 1
Level 1

Hi Dominik,

 

Not sure if it's still of interest for you, but the solution is to use a VLAN capable managed switch. Something like the SG200, SF200 or SG300 SF300 series.

The whole idea of isolation is based on mapping SSIDs to VLANs for exapmple SSID INTERNALAP is mapped to VLAN 1 (default VLAN) while SSID GUESTS is mapped to some other VLAN which of course needs to exist on your switch and depedning on your setup even on your router.

If you take a look at the Admin Guide of the AP and says a Cisco Small Business SG / SF switch you'll find in-depth explanation of SSIDs and VLANs and their configuration and operation.

I have the same AP connecting to an SG300-10MP switch with VLANs configured and an RV325 router also with the same VLANs configured and everything works fine: when connected to my Guest Wi-Fi only internet is accessible the whole LAN is hidden.

 

Hope this helps

 

BR,

 

Zsolt

Hello Zsolt,

I have the same goal as Dominik. I want to set up isolated wi-fi access to the internet for guest with my WAP371. 

I've set up VLANs (default 1 and guest 25) on RV325 and WAP371. If I connect AP directly to the router everything works. Wireless clients (regular / guests) get IP addresses (via RV325 DHCP) from different networks and can't see each other.

Problems start when I connect AP not directly to the router but via CISCO SG200-26P managed switch.

I'm lost in general/access/trunk, tagged/untagged, smartport (with it scripts) and dozen of other setting in VLAN management tab of the switch.

How should I configure a switch to pass VLAN traffic from AP to RV325? 

 

Thanks.

 

 

 

 

 

Zsolt,

Please let me know how you set up.  You are trying exactly what I want.

I just bought RV325, WAP371, and SG200-26P.  I want one user to access all devices, one to get internet only, and another to get to printers, and certain drives. 

Thank you

Hi,

1. You have to create the 2 SSIDs 1 for corporate user and 1 for guests

2. create 2 VLANs on SG200-26P switch & make your corporate user's mac addresses part of vlan 1 and map them with corporate SSID, and then configure Guest SSID open for other mac addresses, by this way you can achieve isolation.

3. Don't configure inter-vlan routing on your router.

 

Review Cisco Networking for a $25 gift card