Security

Reply

Re: Setup 2nd guest network

Cool, now how about the output from "show interface vlan 759" and "show interface vlan 700"?


Charlie Clemmer
Aruba Customer Engineering
Occasional Contributor II

Re: Setup 2nd guest network

Thanks for you help, Charlie!  Here are the results.

 

(Aruba3400) #show interface vlan 759

VLAN759 is up line protocol is up
Hardware is CPU Interface, Interface address is 00:0B:86:61:AB:84 (bia 00:0B:86:61:AB:84)
Description: 802.1Q VLAN
Internet address is 192.168.20.1  255.255.255.0
Routing interface is enable, Forwarding mode is enable
Directed broadcast is disabled, BCMC Optimization disabled ProxyARP disabled Suppress ARP disabled
Encapsulation 802, loopback not set
MTU 1500 bytes
Last clearing of "show interface" counters 442 day 15 hr 9 min 2 sec
link status last changed 0 day 0 hr 50 min 44 sec
Tunnels Configured on this Interface:
Tunnel 0

 

(Aruba3400) #show interface vlan 700

VLAN700 is up line protocol is up
Hardware is CPU Interface, Interface address is 00:0B:86:61:AB:84 (bia 00:0B:86:61:AB:84)
Description: 802.1Q VLAN
Internet address is 192.168.254.69  255.255.255.0
IP address is obtained through DHCP
DHCP data: server 192.168.254.254, router 192.168.254.254, domain UNKNOWN, DNS 8.8.8.8, lease time(in secs) 7200 state BOUND
Routing interface is enable, Forwarding mode is enable
Directed broadcast is disabled, BCMC Optimization disabled ProxyARP disabled Suppress ARP disabled
Encapsulation 802, loopback not set
MTU 1500 bytes
Last clearing of "show interface" counters 442 day 15 hr 9 min 7 sec
link status last changed 442 day 15 hr 7 min 6 sec
Tunnels Configured on this Interface:
Tunnel 0,Tunnel 0,Tunnel 0,Tunnel 0,Tunnel 0,
Tunnel 0,Tunnel 0,Tunnel 0,Tunnel 0,Tunnel 0,
Tunnel 0,Tunnel 0,Tunnel 0,Tunnel 0,Tunnel 0,
Tunnel 0,Tunnel 0,Tunnel 0,Tunnel 0,Tunnel 0,
Tunnel 0,Tunnel 0,Tunnel 0,Tunnel 0,Tunnel 0,
Tunnel 0,Tunnel 0,Tunnel 0,Tunnel 0,Tunnel 0,
Tunnel 0,Tunnel 0,Tunnel 0,Tunnel 0,Tunnel 0,
Tunnel 0,Tunnel 0,Tunnel 0,Tunnel 0,Tunnel 0,
Tunnel 0

Re: Setup 2nd guest network

Okay, so your existing guest network on VLAN 700 has a direct path out out the router at 192.168.254.254. I'm assuming that router is providing the NAT for your existing guests.

 

What is the egree that your new guest VLAN 759 should be using?


Charlie Clemmer
Aruba Customer Engineering
Occasional Contributor II

Re: Setup 2nd guest network

The existing guest on VLAN 700; This is using DHCP provided externally by a simple router from one of the local ISPs.
VLAN 759; I have the Aruba 3400's DHCP enabled for this new guest network.

I'm afraid I don't understand the question about what egress\egree the new 759 VLAN should be using. I'm probably familiar with the concept, perhaps just not in those terms? I apologize for my lack of knowledge.

Occasional Contributor II

Re: Setup 2nd guest network

and how do I tell if the router is providing NAT for the existing guest network?

Re: Setup 2nd guest network

For VLAN 759, how should those guest users get to the Internet? Do they use the same router as the guest users on VLAN 700, or are they taking a different path to leave (egress) your network?

 


@skylogic wrote:

The existing guest on VLAN 700; This is using DHCP provided externally by a simple router from one of the local ISPs.
VLAN 759; I have the Aruba 3400's DHCP enabled for this new guest network.

I'm afraid I don't understand the question about what egress\egree the new 759 VLAN should be using. I'm probably familiar with the concept, perhaps just not in those terms? I apologize for my lack of knowledge.


 


Charlie Clemmer
Aruba Customer Engineering

Re: Setup 2nd guest network

Most likely, the router on VLAN 700 does not know that you have a new network with VLAN 759 and IP range 192.168.20.0/24. Have you configured the router with that information?

 

If both guest networks should use the same router located on VLAN 700, why not connect both networks to VLAN 700 and avoid using VLAN 759 completely?

 


@skylogic wrote:

and how do I tell if the router is providing NAT for the existing guest network?


 


Charlie Clemmer
Aruba Customer Engineering
Occasional Contributor II

Re: Setup 2nd guest network

Charlie, if I were to do so, would I then be able to implement authentication on the 2nd network, while leaving the auth open on the original guest?

Highlighted

Re: Setup 2nd guest network

Yes sir.

 

Because you set up two different profiles, you can change the authentication/security of each of the guest SSIDs independently of each other.

 

Virtual AP profile "ACME_Guest-vap-profile"
------------------------------------------
Parameter                                       Value
---------                                       -----
QinQ Outer VLAN                            0
Virtual AP enable                            Enabled
Allowed band                                  all
AAA Profile                                     ACME_GUEST-aaa-profile

{snip}
 
Virtual AP profile "ACME_GUEST2nd-vap_prof"
---------------------------------------
Parameter                                       Value
---------                                       -----
QinQ Outer VLAN                           0
Virtual AP enable                            Enabled
Allowed band                                  all
AAA Profile                                     ACME_GUEST2nd-aaa_prof

For the 2nd guest network, updating the AAA policy ACME_GUEST2nd-aaa_prof will only affect the 2nd guest network, since the original guest network is using a different profile.


Charlie Clemmer
Aruba Customer Engineering
Occasional Contributor II

Re: Setup 2nd guest network

Ahhh, Excellent! I'm going to try this today. I'll update when I have. Thanks again, Charlie!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: