Cannot separate guest network to different port
12-13-2018 07:02 AM
I am trying to build up a guest WLAN (with a single 7005 and a bunch of AP315 running aOS 8.3.2) which connetcs directly into our DMZ with a default route into the www and a public DNS.
For this I removed port 0/3 from VLAN 1, created a new VLAN 100, addressed an IP of the DMZ IP address range (192.168.10.0/255.255.255.0)
I added port 0/3 to VLAN 100 and unchecked the "inter-vlan routing" checkbox on the guest network IP address.
For testing purposes I created an WPA2-secured WiFi bound to VLAN 100, forward mode = tunnel and default via-role.
But when I plug in the cable from the DMZ-Switch into port 0/3 the whole WLAN traffic for the existing company WLAN is broken! (wired traffic not passing the 7005 is not affected).
(If this is important: The company-network is 192.168.0.0/255.255.254.0, the 7005 and the APs are at 192.168.120.0/255.255.255.0, VLAN ID 1 is bound to 0/0-0/2)
During my investigations for reasons I found a discription of the needed steps here - afaik I really did exactly the same.
Does anybody has an idea what is going wrong here?
Thank you in advance - F.One
And just one more thing:
I created a DHCP range at Services => DHCP, with the default gw = internal IPv4 address of the external firewall and made some exclusions.
When I ad the function "act as a DHCP server" at VLAN-settings I put in the network but while applying it I get the message: "same as pool "VLAN100", ignoring." Still can "apply pending changes". After this there is a new DHCP-range under Services => DHCP with no gateway and no excluded ranges, too.
But the feature "act as a server" is gone.
Whe a client connets to that special WLAN behind VLAN-ID 100 it takes more than 30s to get an IP address.