Security

Reply
Occasional Contributor II
Posts: 15
Registered: ‎02-16-2014

Guest Vlan

I have a 620 controller and I have created to Vlans (one for internal use and the other for guest).  The internal Vlan works as it should.  It provides me acces to everything on the network.  The guest Vlan does work properly at all.  

 

My network configuration consists of a Ubiquity EdgeMax router with DHCP for each Vlan.  This feeds into a Netgear switch that provides power to each of my AP125/AP124.  Port 27 on the netgear is connected to the controller.  Before connecting the controller to the Vlans I tested the Vlan trunk between the Ubiquity and the Netgear and that worked just fine.  I received DHCP address and had access to the internet on my internal subnet.  What would become my guest subnet work just fine by isolating it to the internet only.

 

I do not know what I did wrong but I need to find a way to make this work.  Can anybody help?  Can this be done through the GUI or do I need to use the CLI?

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Guest Vlan

 

Can you ping the guest vlan gateway from the controller ?

 

Do you have all those VLANs trunk to the controller ? and if so if that VLAN defined on your controller and trusted ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II
Posts: 15
Registered: ‎02-16-2014

Re: Guest Vlan

I can provide a manual address and I can ping 192.168.2.33.  All Vlans are trunked at the controller.  And yes I believe they are defined as trusted.

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Guest Vlan

 

It looks like it is configured in access mode:

 

 

Configure the interface to be a trunk:

conf t

int gig1/0

switchport mode trunk

switchport trunk allowed vlans <internal VLAN, Guest VLAN>

trusted

trusted vlan <internal VLAN, Guest VLAN>

 !

Define the VLAN:

conf t

vlan <guest VLAN>

interface vlan <Guest VLAN>

!

ip address x.x.x.x x.x.x.x

ip helper address <DHCP Server Address>

 

 

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II
Posts: 15
Registered: ‎02-16-2014

Re: Guest Vlan

Please forgive my ignorance.  Before I did any this I was a software developer on a mainframe.  Some of your terminology such as Conf t is a mystery to me.  Could you please translate the steps you have indicated into the GUI steps necessary.  Again I appreciate all of the help but I am a bit new at this game and will get better as time goes by.

 

Thanks

Occasional Contributor II
Posts: 15
Registered: ‎02-16-2014

Re: Guest Vlan

This what I havd done so far and it does not work properly.

 

 

Occasional Contributor II
Posts: 15
Registered: ‎02-16-2014

Re: Guest Vlan

Here is some additional information I have made to my interface.

 

 

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Guest Vlan

Try this , you need to add the Native VLAN which I am guessing it is VLAN 1 right ?

2014-02-17 18_32_03-Switch General Configuration.png

 

Also disable Spanning Tree

2014-02-17 18_34_11-Switch General Configuration.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II
Posts: 15
Registered: ‎02-16-2014

Re: Guest Vlan

Thanks but it still does not work.

 

 

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Guest Vlan

You need to add the native VLAN there too.

 

2014-02-17 19_17_51-Switch General Configuration.png

 

You also need to add the ip helper address (DHCP Server IP address)

2014-02-17 19_17_51-Switch General Configuration.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: