Wireless Access

Hi

We have a project to connect one access point to our switch to provide two seperate WIFIs, let's call them WIFI1 and WIFI2. The plan is to split the traffic from both WIFI signals. When a user connects to WIFI1 we want the traffic to go through our own network and use internet from that side of our network. When a user connects to WIFI2 we want the traffic to go through the provider's Bbox and get internet via there. WIFI1 works fine he goes through our trunkport and via our radio signal to another site and there via the firewall to the internet but WIFI2 should make a hop to another gateway, the Bbox's gateway but here's where our setup doesn't work properly. WIFI2 still goes through our part of the network just like WIFI1 and we don't want that. We want it to be split into two parts WIFI1 via our network and WIFI2 via the provider's Bbox. I've put the config and a little networkplan in the attachment.

The big final question is, what are we doing wrong or are we missing a config setting to make our setup work?

Attachment(s)

Wifi internet plan.docx   100 KB 1 version

I would configure the guest-SSID to be assigned to your guest VLAN (99) and don't do any routing on your switch. Leave the routing to the Bbox and just put your clients at layer 2 in that VLAN.

From your switch config, it looks like you have many vlans tagged on port 47. I would remove all tagged VLANs from that port 47 and just have vlan 99 untagged, assuming this Bbox is a (similar to) consumer router that offers DHCP.

As soon as you start routing the guest traffic on your switch, it will just follow the default route and get to your corporate network (and probably have access to corporate resources).

The routing has to happen in the switch, only WIFI2 has to go through the bbox all the others(might need later for expansion) have to go through our DG. The traffic goes perfectly through there but not through the bbox

Which VLANs have you assigned to WIFI1 and WIFI2?

WIFI1 = VLAN 10

WIFI2 = VLAN 99

What in your config makes you think vlan 99 would take another route, different from vlan 10?

Why is vlan 99 required to be routed in the switch?

Having a guest VLAN routed in the same routing instance as internal VLANs is not best practice.

You should really have vlan 99 be switches through the switch and have their gateway in the BBox.

Yes that is exactly what we want to do. Route VLAN 99  through the bbox and route VLAN 10 through our DG in our network.

As Herman said, you should have vlan 99 untagged 47.

You should have no L3 interfaces on vlan 99 in the switch.

Default gateway should be the inside of the bbox, which also should handle DHCP.

The complex part of our problem is that we get an IP from our network range where WIFI1 is going through, the thing that we want is that WIFI2 gets his IPs from the bbox which is a whole diffrent range and that's why we made a route in our switch to go through our bbox.

Are you 100% sure you have WIFI2 as tagged vlan 99 in your ubiquiti?

Yes VLAN 99 is already in use on other sites