Hello there, I want to set up internet guest access with my WAP371. No matter what I do the guest can see my whole network. They should be able to use internet (guests) but not connect to LAN devices (server shares & other computers etc.). I have Captive Portal enable on the WAP371, then everything works perfectly but after login to the guests wifi I can ping/browse other LAN devices. Any idea how to accomplish this with this WAP371?
Example -------- RADIO1: SSID: INTERNALAP - clients can access all network and internet. RADIO2: SSID: GUESTS - Captive Portal, internet access but no production network access.
Devies: x4 WAP371-E-K9 V01 Active Firmware Version: 126.96.36.199 Unmanaged switch / no VLANs
Not sure if it's still of interest for you, but the solution is to use a VLAN capable managed switch. Something like the SG200, SF200 or SG300 SF300 series.
The whole idea of isolation is based on mapping SSIDs to VLANs for exapmple SSID INTERNALAP is mapped to VLAN 1 (default VLAN) while SSID GUESTS is mapped to some other VLAN which of course needs to exist on your switch and depedning on your setup even on your router.
If you take a look at the Admin Guide of the AP and says a Cisco Small Business SG / SF switch you'll find in-depth explanation of SSIDs and VLANs and their configuration and operation.
I have the same AP connecting to an SG300-10MP switch with VLANs configured and an RV325 router also with the same VLANs configured and everything works fine: when connected to my Guest Wi-Fi only internet is accessible the whole LAN is hidden.
I have the same goal as Dominik. I want to set up isolated wi-fi access to the internet for guest with my WAP371.
I've set up VLANs (default 1 and guest 25) on RV325 and WAP371. If I connect AP directly to the router everything works. Wireless clients (regular / guests) get IP addresses (via RV325 DHCP) from different networks and can't see each other.
Problems start when I connect AP not directly to the router but via CISCO SG200-26P managed switch.
I'm lost in general/access/trunk, tagged/untagged, smartport (with it scripts) and dozen of other setting in VLAN management tab of the switch.
How should I configure a switch to pass VLAN traffic from AP to RV325?
1. You have to create the 2 SSIDs 1 for corporate user and 1 for guests
2. create 2 VLANs on SG200-26P switch & make your corporate user's mac addresses part of vlan 1 and map them with corporate SSID, and then configure Guest SSID open for other mac addresses, by this way you can achieve isolation.
3. Don't configure inter-vlan routing on your router.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...