We bought a Cisco SGE2000P 24Port switch and 10 WAP4410N access points. Our intent is to provide a secure network to our LAN, and a guest network to the Internet.
We are thinking 3 VLANs would be best for this: VLAN 100 connected to the LAN, VLAN 1000 for the Internet Router and Filter, and VLAN 1100 for the Guest Wireless access.
We have the switch configured for all three of these, and 1 initial access point configured for the VLANS, too.
We have not yet moved the current Internet connection to VLAN 1000 because we aren't sure how to setup routing between VLANS.
Here are some specifics on how the traffic needs to route:
1. We have the DHCP server, which is the PDC, handling both scopes for the LAN and Guest VLAN.
2. The web filter in VLAN 1100 needs to authenticate with the DHCP server as there are different filter rules based on authenticated user. Any users coming from VLAN 1100 will have a default filter rule without requiring any authentication.
3. Certain traffic coming in from the Internet needs to be able to get to VLAN 100. The router has a built-in firewall that handles NAT and port forwarding, so as long as traffic can be forwarded to VLAN 100 we should be good.
4. Traffic on VLAN 1100 (guest Wireless network) should only be allowed to go to Internet (VLAN 1000).
Right now I have the VLANs configured and the ports assigned to the Access Points are set for TAGGED and on VLAN 100 and VLAN 1100.
The SGE2000P has the following IP addresses assigned to the VLANS:
10.7.3.252 - VLAN 100
10.7.40.254 - VLAN 1000
192.168.254.254 - VLAN 1100
Has anyone been able to setup a similar configuration? We have scoured the Internet for documentation but it seems to be very difficult to find!