Wireless Access

Reply
Occasional Contributor I

Guest VLAN to separate DSL

I have a 650 running version 6.1.2 of the software.  I currently have 2 VLANs set up -- VLAN1 for employee access, and VLAN10 for Guest  For the most part these work great.  I have a separate DSL line I would like to plug into port 2 of the 650 and have all Guest internet flow through that connection -- What kind of policy do I need to add to get this done --

 

That being said -- I am really new to firewall policies -- if you also know of a good reference would love to know it.

 

barry

Guru Elite

Re: Guest VLAN to separate DSL


bedwards@shamrockbank.com wrote:

I have a 650 running version 6.1.2 of the software.  I currently have 2 VLANs set up -- VLAN1 for employee access, and VLAN10 for Guest  For the most part these work great.  I have a separate DSL line I would like to plug into port 2 of the 650 and have all Guest internet flow through that connection -- What kind of policy do I need to add to get this done --

 

That being said -- I am really new to firewall policies -- if you also know of a good reference would love to know it.

 

barry


Here are the steps you need to take:

 

1.  Create an Arbitrary VLAN (1000 is my favorite) on the controller

2.  Give that Arbitratry VLAN an ip address in the Range that your DSL line assigns to clients

3.  Run the command "ip cp-redirect-address <ip address of the controller in that VLAN>" to make sure guest users use the controller's ip address to bring up the page

4.  Configure a separte port on the controller to place users in that VLAN 

5.  Run the WLAN Wizard, choose guest and make sure that users are placed in the VLAN

6.  Connect the DSL modem via ethernet cable to the port you configured in step 4.

7.  See if your user can associate to that new ssid

 

Here are the commandline steps:

 

1.  

config t

vlan 1000

interface vlan 1000

 

2.

ip address 192.168.1.250 255.255.255.0 (or whatever ip address you give the controller in that range)

 

3.  

ip cp-redirect-address 192.168.1.250

 

4.  

 

Interface gigabitethernet 1/3

switchport mode access

switchport access vlan 1000

 

5.  Go into the GUI to Configuration> WLAN/LAN Wizard and Run it to create that guest network.

 

6.  Connect the DSL modem to the controller port in step 4.

 

 

 

 

 

 

 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: Guest VLAN to separate DSL

Thanks Very much -- I think i',m with you for the most part -- a couple of other questions --

 

(step 3)it ip cp-redirect-address command -- will this keep the captive portal login that i currently have working? -- where i create users to get the access?

 

(step 5)  If i already have the guest network up -- do i need to re-create it?

 

barry

Guru Elite

Re: Guest VLAN to separate DSL


bedwards@shamrockbank.com wrote:

Thanks Very much -- I think i',m with you for the most part -- a couple of other questions --

 

(step 3)it ip cp-redirect-address command -- will this keep the captive portal login that i currently have working? -- where i create users to get the access?

 

(step 5)  If i already have the guest network up -- do i need to re-create it?

 

barry


Step 3 - You can skip this if you already have a Captive portal working.  We might have to edit it later, but for now, keep it that way.

 

Step 5 - You don't need to re-create it, but create the VLAN, Assign an ip address in the DSL modem's ip address space to the controller's VLAN, and assign that VLAN to the port that you connect to one of the  DSL modem ports.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Guest VLAN to separate DSL

This Tuts very interesting.

 

I have simillar issue regarding separate ISP. I have Itry this guidance but it didn't work for me.

FYI, I have IP public for both ISP .. any advice?

 

Thanks 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: