Will this work?

Unanswered Question
May 24th, 2007
User Badges:

Hello All,

I'm hoping that someone here on the forum can help me with a possible solution.


I have a small network with a Cisco 1200 AP. Is it possible 2 have 2 SSID's on the AP? One for guests and one for internal LAN users?


My thought was to create 2 VLAN's on our 4510 switch and place ACL's on the VLAN's. On the guest VLAN I would block everything but basic internet traffic (web browsing, ftp, email, etc)


On the internal LAN it would be open for everything.


Would this work? I'm not sure how DHCP would work as well, but I'm hoping you gurus out there can help someone new out.


Please by all means feel free to make any suggestions. I just wanted to have a decent secure wireless network for guest users, while still protecting my internal network.


Thanks for your time.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
scottmac Thu, 05/24/2007 - 13:51
User Badges:
  • Green, 3000 points or more

It should work as you describe. Update you AP code to current before you start ... older code had some ugly bugs and security issues.


If you are not much of a "command line person," you can configure everything through the WebGUI.


For DHCP, you'd need either a DHCP server with one scope each if you intend to keep the VLANs completely separate (i.e., no router / layer 3 device) or, if you will use a router for inter-VLAN routging, you can define two scopes on the same DHCP server, and put "IP HELPER" on the router interface closest to the AP (pointing to the DHCP server).


A third option might be to use a server with an 802.1q-capable NIC or two interfaces, one interface on each VLAN.


There are a bunch of variables that depend on your actual topology and implementation.


Good Luck


Scott


hnhoang33 Thu, 05/31/2007 - 08:35
User Badges:

Hello Mr.McKenzie,

Thank you for the prompt response. I appreciate it greatly.


As someone who is getting into networking and deploying these type of solutions, its greatly appreciated.


If I have any questions, I'll be sure to respond here.. All the best!


tpelley Thu, 05/31/2007 - 08:22
User Badges:

I too am deploying an almost identical set up using a 1200 series AP. The AP is a stand alone and authenticates users against a FreeRADIUS server.


I would like guests to be automatically sent to a web page to accept terms of use before being allowed to connect, much the same as a public hot spot or hotel.


Now for the fun part! I have two weeks and essentially no budget to get this up and running.


Any suggestions would be greatly appreciated.

Rob Huffman Thu, 05/31/2007 - 10:11
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Scott,


Nice work here as always! 5 points from Calgary :)


Take care,

Rob


PS: that must have been a short vacation......

scottmac Thu, 05/31/2007 - 15:58
User Badges:
  • Green, 3000 points or more

Thanks Rob!


Yeah, you know the story, they only let us out for a couple hours at a time, no sharp or pointy objects ... ;=)


I was off for ~a week ... spent a few days up in Black River Falls, Wisconsin with some friends.


Thanks again (Nice write-up & picture, BTW)


Scott




Rob Huffman Fri, 06/01/2007 - 04:43
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Scott,


Yes,we will probably need to be re-trained if away from the fort for too long! I've heard great things about Wisconsin (I hope to make some day)


Thanks for the nice comments (you are up next I'm sure and I'm looking forward to seeing it)


Take care,

Rob

Actions

This Discussion