Hello there, I want to set up internet guest access with my WAP371. No matter what I do the guest can see my whole network. They should be able to use internet (guests) but not connect to LAN devices (server shares & other computers etc.). I have Captive Portal enable on the WAP371, then everything works perfectly but after login to the guests wifi I can ping/browse other LAN devices. Any idea how to accomplish this with this WAP371?
Example -------- RADIO1: SSID: INTERNALAP - clients can access all network and internet. RADIO2: SSID: GUESTS - Captive Portal, internet access but no production network access.
Devies: x4 WAP371-E-K9 V01 Active Firmware Version: 22.214.171.124 Unmanaged switch / no VLANs
Not sure if it's still of interest for you, but the solution is to use a VLAN capable managed switch. Something like the SG200, SF200 or SG300 SF300 series.
The whole idea of isolation is based on mapping SSIDs to VLANs for exapmple SSID INTERNALAP is mapped to VLAN 1 (default VLAN) while SSID GUESTS is mapped to some other VLAN which of course needs to exist on your switch and depedning on your setup even on your router.
If you take a look at the Admin Guide of the AP and says a Cisco Small Business SG / SF switch you'll find in-depth explanation of SSIDs and VLANs and their configuration and operation.
I have the same AP connecting to an SG300-10MP switch with VLANs configured and an RV325 router also with the same VLANs configured and everything works fine: when connected to my Guest Wi-Fi only internet is accessible the whole LAN is hidden.
I have the same goal as Dominik. I want to set up isolated wi-fi access to the internet for guest with my WAP371.
I've set up VLANs (default 1 and guest 25) on RV325 and WAP371. If I connect AP directly to the router everything works. Wireless clients (regular / guests) get IP addresses (via RV325 DHCP) from different networks and can't see each other.
Problems start when I connect AP not directly to the router but via CISCO SG200-26P managed switch.
I'm lost in general/access/trunk, tagged/untagged, smartport (with it scripts) and dozen of other setting in VLAN management tab of the switch.
How should I configure a switch to pass VLAN traffic from AP to RV325?
1. You have to create the 2 SSIDs 1 for corporate user and 1 for guests
2. create 2 VLANs on SG200-26P switch & make your corporate user's mac addresses part of vlan 1 and map them with corporate SSID, and then configure Guest SSID open for other mac addresses, by this way you can achieve isolation.
3. Don't configure inter-vlan routing on your router.
IntroductionHow to use the Wireless LAN Controller Configuration Analyzer (WLCCA)
Javier Contreras is a Senior Tech Lead for the Wireless Business Unit in Cisco, with over 2 decades of experi...
< PRE >
(#)For this reason being that : - application that doesn't use multicast, sends one copy of each packet ( data unit of traffic at layer 3 ) to each client (" who seeks the traffic ).- application that does use multicast, sends ...
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...