11-21-2013 01:15 PM
I'm having issues getting our gues network to work the way I want. My goal is to have guest users get a dhcp address from the the controller and then have all traffic go directly to the internet. We don't want the guests to get to the internet through our network and out our Sonicwall like our corporate users do. I have a port on the controller directly connected to the external internet, and another port connected to our LAN. I'm using VLAN 26 for the guest network and have setup dhcp on the controller for that vlan. The port connected to the internet is set to access and is allowing VLAN 26. I have inter-vlan routing disabled for vlan 26 so the guest and corporate networks are kept separate. CaptivePortal isn't being used.
This is all setup on a PowerConnect W-3400 with AOS 6.2
I can connect to the guest network and get an IP, but I'm unable to get to the internet. What steps am I missing?
Solved! Go to Solution.
11-21-2013 02:21 PM
Couple of questions for clarity:
- What device is conencted to the "internet" interface?
- What is the default route for users?
- Are you source nat'ing the guest wihtin policy or the VLAN; or should they route directly out the "internet" interface
If you are source nat'ing clients, you need to ensure the controller's default route is out the "internet" side, not the LAN side. You'll then need to add static routes to any internal networks necessary.
If you are using a device on the "internet" side to be the default gateway for the clients, then you'll need to make sure you are not source nat'ing anything.
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX
11-22-2013 12:27 PM
I ended up putting a firewall in between the controller and the internet instead of messing with a bunch of static routes. Works great now, thanks!
Firewall WAN IP: from ISP
Firewall LAN IP: 192.168.26.1
Controller VLAN 26 Interface: 192.168.26.2
DHCP Pool Default Router: 192.168.26.1
Source nat disabled for VLAN 26