Solved

Configuring Guest Access

Posted on 2007-11-20
1
948 Views
Last Modified: 2013-11-09
I'm needing help configuring a wireless guest network. I've never setup a vlan and need some guidance. We have HP 420 wireless access points (with the default ssid using 802.1x), HP 5400 switches (running at layer 2); and Cisco 2800 series routers. Right now everyone is on default vlan 1. I want to make the guest vlan 5.  
The router seems to be the big question for me. How do I configure the router for the new vlan and how do I word the ACL to limit the guest users?
0
Comment
Question by:gaskew
1 Comment
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 20331265
Can't help with the HP switch, but make sure you set the port that the router connects into as a trunk port and include vlan 1 and vlan 5.

On the router, setup a vlan subinterface:

interface Fastethernet 0/0.5
 encap dot1q 5
 ip address 10.20.30.1 255.255.255.0
 ip nat inside
 access-group 101 in

Add whatever IP subnet you are assigning to the guest wireless vlan to the nat acl:

access-list 1 permit 10.20.30.0 0.0.0.255  <= guest vlan
access-list 1 permit 10.10.10.0 0.0.0.255  <= internal LAN
ip nat inside source list 1 interface serial0/0/0 overload  <== whatever you have already

To restrict access between the networks, define acl 101 that gets applied to the interface:
 access-list 101 deny ip 10.20.30.0 0.0.0.255 10.10.10.0 0.0.0.255
 access-list 101 permit ip any any

Done

0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
BGP Local Preference 5 48
Networking Monitoring Tools 10 71
Auto Qos question 1 26
Recommendation for open source Monitoring 7 28
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question