Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Need help configuring a guest WiFi

This thread has been viewed 1 times

  • 1.  Need help configuring a guest WiFi

    Posted Aug 15, 2016 12:10 PM

    Hello all,

    we have a set of 4 Aruba IAP215.
    Our plan is to create 2 Networks, one internal one for guests. The guest WiFi should be seperated by a VLAN, just denying the traffic using the firewall is not satisfactory.
    The access points are connected to switch ports serving the internal VLAN as primary/untagged and the guest VLAN as tagged.
    In the guest VLAN there is a firewall that routes all traffic to the internet and can also act as a DHCP server.

    Till now we tried 2 configurations:

    1.    IP Network assigned (using the firewall's DHCP), static VLAN assignment
    In this case the systems connected to the WiFi did not get any IPs. A notebook connected to the switch in the guest VLAN gets an IP without problems

    2. IP assigned by the Virtual Controller, custom VLAN assignment using a Local DHCP Scope with VLAN 20 (guest VLAN)
    This seemed to work at first, but we can reach internal systems using this config, showing that the traffic is routed through the primary VLAN not the guest VLAN

    Any hints on how to get this config working?

     

    Thanks in advance

     

    Chris



  • 2.  RE: Need help configuring a guest WiFi

    Posted Aug 15, 2016 01:06 PM
    Are those VLANs trunked to those IAPs ? Internal , Guest VLANs
    And if you do make sure that you have Wired Profile configure to support those VLANs in trunk mode and make sure the switch port is configured the same


  • 3.  RE: Need help configuring a guest WiFi

    Posted Aug 16, 2016 03:35 AM

    Hello,

     

    thanks for youir reply Victor.

     

    The switch ports the IAPs are connected to (1 port used on each) are configured to serve both VLANs, the internal one being the primary one.

    I am not sure why I should need a Wired Profle, the wired laptop was only mentioned to show that DHCP worked but wasn't forwarded to the wifi clients.

    Thanks again

    Chris



  • 4.  RE: Need help configuring a guest WiFi

    Posted Aug 16, 2016 11:41 AM

    E0 on your IAP port needs to be configured in Trunk Mode with the correct VLANs to match what you have configured on the switchport

    2016-08-16 11_37_28-Instant.png



  • 5.  RE: Need help configuring a guest WiFi

    Posted Aug 16, 2016 12:42 PM

    Hi Victor,

     

    I will test that on Thursday and then come back to you, thanks for your help

     

     



  • 6.  RE: Need help configuring a guest WiFi

    Posted Aug 18, 2016 08:50 AM

    Hi Victor, getting around to testing it now. I am using the default_wired_port_profile. Leaving it unchanged besides the VLAN setting:

    wired-port-profile default_wired_port_profile
     switchport-mode trunk
     allowed-vlan 1,20
     native-vlan 1
     shutdown
     access-rule-name default_wired_port_profile
     speed auto
     duplex full
     no poe
     type employee
     auth-server InternalServer
     captive-portal disable
     no dot1x
     inactivity-timeout 1000

     

    And this is the Port configuration, but only eth0 is used.

    enet0-port-profile default_wired_port_profile

    enet1-port-profile default_wired_port_profile

     

    But no change with the guest wifi, Do I need to do something like adding roles?

     

    I am sorry, but I am all new to this and am feeling a bit helpless.

     

    Thanks in advance

     

    Chris