Avatar of konadawg
konadawg asked on

Class C subnet for WLAN


Newbie at this so apologies for obvious errors.  Ok, I want to create a guest and secure corporate wlan.  I want to keep guests to their own vlan and corporate users to their own vlan but have them both exit to the internet via the same firewall.  Should I create an ip scope from class c addresses say 254 for guest and 254 addresses for corporate?  Thanks
Network Operations

Avatar of undefined
Last Comment

8/22/2022 - Mon
Ned Ramsay

It depends what you want to do, the point of VLANS is to keep everyone on the same subnet (class C for instance) but divide it up for speed and general ease of management while segregating.
What you are describing is basically having 2 separate networks with completely different IP ranges.
Are users on both VLANs going to access the same data on servers? It may be as easy to have a router placed in the middle of the vlans to deal with inter-vlan routing so they can access certain things based on an Access Control List.
So many options and several years since I did my cisco!

Thanks for the comments. No, the corportate users will have the same access rights as they would if they logged onto the domain via LAN. The guest users will only be routed out onto the internet.  I guess for this, I will set up our spare ADSL line as the default gateway for the guest users.  What I'm thinking is would the range  say ::: 196.168.20.x/24 and 196.168.21.x/24 (giving me I think 126 hosts per subnet) on vlan 313 and 314 be the correct way to do this ?

thanks and regards
Ned Ramsay

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Yeah, subnetting is still a bit new to me :D  We use DHCP for the corporate users and will run a seperate dhcp pool from the cisco wireless controller for the guests accessing via a portal webpage. Corporate users will still get their address from one of our member servers running dhcp. I think I'm probably complicating this more than necessary.  The firewall will be on both networks. I see what you mean about the the 16 bit mask. That makes sense.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.