Wireless Access

Reply
Contributor II

Cannot separate guest network to different port

Hello,

I am trying to build up a guest WLAN (with a single 7005 and a bunch of AP315 running aOS 8.3.2) which connetcs directly into our DMZ with a default route into the www and a public DNS.

 

For this I removed port 0/3 from VLAN 1, created a new VLAN 100, addressed an IP of the DMZ IP address range (192.168.10.0/255.255.255.0)

I added port 0/3 to VLAN 100 and unchecked the "inter-vlan routing" checkbox on the guest network IP address.

For testing purposes I created an WPA2-secured WiFi bound to VLAN 100, forward mode = tunnel and default via-role.

 

But when I plug in the cable from the DMZ-Switch into port 0/3 the whole WLAN traffic for the existing company WLAN is broken! (wired traffic not passing the 7005 is not affected).

(If this is important: The company-network is 192.168.0.0/255.255.254.0, the 7005 and the APs are at 192.168.120.0/255.255.255.0, VLAN ID 1 is bound to 0/0-0/2)

 

During my investigations for reasons I found a discription of the needed steps here - afaik I really did exactly the same.

 

Does anybody has an idea what is going wrong here?

 

Thank you in advance - F.One

 

 

PS:

And just one more thing:

I created a DHCP range at Services => DHCP, with the default gw = internal IPv4 address of the external firewall and made some exclusions.

When I ad the function "act as a DHCP server" at VLAN-settings I put in the network but while applying it I get the message: "same as pool "VLAN100", ignoring." Still can "apply pending changes". After this there is a new DHCP-range under Services => DHCP with no gateway and no excluded ranges, too.

But the feature "act as a server" is gone.

Whe a client connets to that special WLAN behind VLAN-ID 100 it takes more than 30s to get an IP address.

 

 

Contributor II

Re: Cannot separate guest network to different port

No one any idea?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: