Configuring the CISCO RVS4000 and the CISCO WAP4410N to provide both a secure network and a.docx

Document

Nov 30, 2010 10:48 AM
Nov 30th, 2010

This document will show you how to use the RVS4000 and the WAP4410N together to create both a secure wireless network and a 'Guest' wireless network. The key to making this work is the use of VLAN's and the trunking capability of the RVS.

Average Rating: 4 (1 ratings)

Comments

msoeriksen Thu, 12/30/2010 - 06:47

Thank you for the guide, it helped a lot!

But one thing. If "Inter-VLAN Routing" is enabled then the guest network has access to the main network. Sure, they have to know the IP address, but that's not very secure. I disabled the setting and haven't noticed any problems yet, just the benefit of the guest network being completely isolated.

Can you confirm this or am I misunderstanding something here?

pofarrel Fri, 01/07/2011 - 22:20

This guide does not seem to make sense.  It talks about configuring the WAP, but the only thing mentioned is the RVS?

Hayfever76 Mon, 01/10/2011 - 08:34

Thanks for the comments. I just realized i need to proof my work much better. I'll post an updated version later today that will correct the typos. I'll test the Inter-VLAN routing too. I think you're right about that part Oyvind.


Cheers

John

tloomos@gmail.com Tue, 11/27/2012 - 20:27

I'm trying to accomplish exactly what is described in this post but not having much luck.  I started by setting up the 2 SSID's and conencting to each - no problems and I was able to get to the internet on both.

Then I tried setting up the VLAN and have run into some problems. My "main" SSID works fine.  When I connect to the guest SSID I'm able to obtain an IP address from the correct range, but I can't get to the internet. This is probably something simple but I just don't know what I'm doing wrong.  Here's my configuration:

RVS4000

Firmware Version: 2.0.2.7

Port 2 connected to WAP4410N

DHCP Enabled on both VLANs

VLAN 1 Local IP: 192.168.1.1

VLAN 4 Local IP: 192.168.4.1

Inter-VLAN Routing: Disabled (**Have tried both Enabled and Disbled with the same results**)

Port 2 Mode: Trunk

VLAN Membership:

     VLAN 1/Port 2: Trunk/Untagged (1untag,4tag)

     VLAN 4/Port 2: Trunk/Tagged (1untag,4tag)

Firewall is setup with out-of-the-box defaults, everything is open. I tried disabling the firewall but received the same results.

WAP4410N

Firmware Version: 2.0.4.2

SSID 1 - default:

     Wireles Isolation: (between SSID): Enabled

     Security Mode: WPA2-Personal

     Wireless Isolation (within SSID): Disabled

     VLAN ID: 1

SSID 2 - guest:

     Wireles Isolation: (between SSID): Enabled

     Security Mode: Disabled

     Wireless Isolation (within SSID): Enabled

     VLAN ID: 4

    

Any ideas what I'm doing wrong here??

msoeriksen Wed, 11/28/2012 - 02:32 (reply to tloomos@gmail.com)

Just to verify, you have two VLANs, one with ID 1 and one with ID 4?

And your WAP4410N is connected to port 2 on RVS4000?

With the exception of using other VLAN IDs (1 and 2 instead of 1 and 4) and a different port (4 instead of 2) my settings match what you have written.

Other VLAN settings I have on WAP4410N is:

VLAN: Enabled

Default VLAN ID: 1

VLAN Tag: Untagged

AP Management VLAN: 1

VLAN Tag over WDS: Disabled

tloomos@gmail.com Wed, 11/28/2012 - 10:58

Yes, that's correct.  Looks like the other settings match my configuration as well.

Can you confirm that you have the same firmware versions?

RVS4000 Firmware Version: 2.0.2.7

WAP4410N Firmware Version: 2.0.4.2

tloomos@gmail.com Wed, 11/28/2012 - 21:33

I was able to get this working as desired. 

First I tried upgrading firmware on both the router and WAP, but that didn't seem to make any difference.

Then I noticed that when I connected on the guest network, even though I couldn't get to the internet through a browser, Windows networking said I had internet access.  Then I realized that if I tried to get to an internet site by IP address, it worked. I took a closer look at what DHCP was giving me for my IP configuration and noticed I was getting the correct IP address and DHCP server (192.168.4.x) but my DNS server was 192.168.1.1.

On the router I went into LAN settings, switched to VLAN 4 and specfied a static DNS address of 192.168.4.1.  That did the trick.

One other change - I noticed I could still get to "private" network resources from the guest vlan so I went into Advanced Routing and disabled Inter-VLAN routing.

Everything now appears to be working exactly the way I had hoped.

msoeriksen Thu, 11/29/2012 - 04:02 (reply to tloomos@gmail.com)

Good to hear you got things working.

Regarding inter-vlan routing it's reassuring that you got the same result as me. Then it isn't just me...

Actions

Login or Register to take actions

This Document

Posted November 30, 2010 at 10:48 AM
Stats:
Comments:8 Avg. Rating:4
Views:2094 Contributors:4
Shares:0

Related Content

Documents Leaderboard