We often have guest users wanting to connect their laptops to our network, primarily for Internet access. I have set up a secure wireless with WPA - PEAP - RADIUS on our domain but this means that I have to physically configure every guest computer with the corresponding wireless settings. Our Proxim AP-4000 access points allow for multiple SSIDs on different VLANs. The problem I am up against is that I cannot figure out how to have more than one VLAN per port on the 4506 switch (or the 3560s for that matter). The attached diagram shows what I want to do. The goal is to NOT have to touch a guest's laptop.
SSID1 is configured for RADIUS authentication (NPS on Windows 2008) which is what our employees connect to. SSID2 is configured with a passphrase for authentication on the access point for guest laptops.
I was hoping on using the same subnet for DHCP and DNS services but laptops connecting to SSID2 can't access those DHCP or DNS services. I can easily set up a dedicated server for that on VLAN10 if needed. I have also thought about using something like DNSRedirector installed on VLAN10â¦
The main issue is getting the SSID2/VLAN10 access point traffic to the DHCP/DNS server.
Good thing I didn't specify which year I'd have time to try things out! I'm back to working on this project and am still trying to figure out where, in the Cisco Network Assistant (v.5.5 with software 12.2(52)SG-IP-BASE-CRYPTO), I can enter the IP Helper address... I don't have physical access to the switch right now.
I can telnet into the switch, I'm just not that into command line stuff, more of a GUI guy. That being said, I find it strange that there not be anywhere in the GUI to specify the ip helper-address. Anyway, I added the ip helper-address to vlan10 but do I need to specify an ip address too? For now, I have a static IP set on the DMZ interface of the Untangle server. I could bridge it with the EXT interface and set the IP on the VLAN.
I've attached a simplified diagram of what I'm trying to achieve...
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...