Wireless Access

Contributor II

Cannot separate guest network to different port


I am trying to build up a guest WLAN (with a single 7005 and a bunch of AP315 running aOS 8.3.2) which connetcs directly into our DMZ with a default route into the www and a public DNS.


For this I removed port 0/3 from VLAN 1, created a new VLAN 100, addressed an IP of the DMZ IP address range (

I added port 0/3 to VLAN 100 and unchecked the "inter-vlan routing" checkbox on the guest network IP address.

For testing purposes I created an WPA2-secured WiFi bound to VLAN 100, forward mode = tunnel and default via-role.


But when I plug in the cable from the DMZ-Switch into port 0/3 the whole WLAN traffic for the existing company WLAN is broken! (wired traffic not passing the 7005 is not affected).

(If this is important: The company-network is, the 7005 and the APs are at, VLAN ID 1 is bound to 0/0-0/2)


During my investigations for reasons I found a discription of the needed steps here - afaik I really did exactly the same.


Does anybody has an idea what is going wrong here?


Thank you in advance - F.One




And just one more thing:

I created a DHCP range at Services => DHCP, with the default gw = internal IPv4 address of the external firewall and made some exclusions.

When I ad the function "act as a DHCP server" at VLAN-settings I put in the network but while applying it I get the message: "same as pool "VLAN100", ignoring." Still can "apply pending changes". After this there is a new DHCP-range under Services => DHCP with no gateway and no excluded ranges, too.

But the feature "act as a server" is gone.

Whe a client connets to that special WLAN behind VLAN-ID 100 it takes more than 30s to get an IP address.



Contributor II

Re: Cannot separate guest network to different port

No one any idea?

Search Airheads
Showing results for 
Search instead for 
Did you mean: