Hello there, I want to set up internet guest access with my WAP371. No matter what I do the guest can see my whole network. They should be able to use internet (guests) but not connect to LAN devices (server shares & other computers etc.). I have Captive Portal enable on the WAP371, then everything works perfectly but after login to the guests wifi I can ping/browse other LAN devices. Any idea how to accomplish this with this WAP371?
Example -------- RADIO1: SSID: INTERNALAP - clients can access all network and internet. RADIO2: SSID: GUESTS - Captive Portal, internet access but no production network access.
Devies: x4 WAP371-E-K9 V01 Active Firmware Version: 126.96.36.199 Unmanaged switch / no VLANs
Not sure if it's still of interest for you, but the solution is to use a VLAN capable managed switch. Something like the SG200, SF200 or SG300 SF300 series.
The whole idea of isolation is based on mapping SSIDs to VLANs for exapmple SSID INTERNALAP is mapped to VLAN 1 (default VLAN) while SSID GUESTS is mapped to some other VLAN which of course needs to exist on your switch and depedning on your setup even on your router.
If you take a look at the Admin Guide of the AP and says a Cisco Small Business SG / SF switch you'll find in-depth explanation of SSIDs and VLANs and their configuration and operation.
I have the same AP connecting to an SG300-10MP switch with VLANs configured and an RV325 router also with the same VLANs configured and everything works fine: when connected to my Guest Wi-Fi only internet is accessible the whole LAN is hidden.
I have the same goal as Dominik. I want to set up isolated wi-fi access to the internet for guest with my WAP371.
I've set up VLANs (default 1 and guest 25) on RV325 and WAP371. If I connect AP directly to the router everything works. Wireless clients (regular / guests) get IP addresses (via RV325 DHCP) from different networks and can't see each other.
Problems start when I connect AP not directly to the router but via CISCO SG200-26P managed switch.
I'm lost in general/access/trunk, tagged/untagged, smartport (with it scripts) and dozen of other setting in VLAN management tab of the switch.
How should I configure a switch to pass VLAN traffic from AP to RV325?
1. You have to create the 2 SSIDs 1 for corporate user and 1 for guests
2. create 2 VLANs on SG200-26P switch & make your corporate user's mac addresses part of vlan 1 and map them with corporate SSID, and then configure Guest SSID open for other mac addresses, by this way you can achieve isolation.
3. Don't configure inter-vlan routing on your router.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...