konadawg
asked on
Class C subnet for WLAN
Hello,
Newbie at this so apologies for obvious errors. Ok, I want to create a guest and secure corporate wlan. I want to keep guests to their own vlan and corporate users to their own vlan but have them both exit to the internet via the same firewall. Should I create an ip scope from class c addresses say 254 for guest and 254 addresses for corporate? Thanks
Newbie at this so apologies for obvious errors. Ok, I want to create a guest and secure corporate wlan. I want to keep guests to their own vlan and corporate users to their own vlan but have them both exit to the internet via the same firewall. Should I create an ip scope from class c addresses say 254 for guest and 254 addresses for corporate? Thanks
ASKER
Hi
Thanks for the comments. No, the corportate users will have the same access rights as they would if they logged onto the domain via LAN. The guest users will only be routed out onto the internet. I guess for this, I will set up our spare ADSL line as the default gateway for the guest users. What I'm thinking is would the range say ::: 196.168.20.x/24 and 196.168.21.x/24 (giving me I think 126 hosts per subnet) on vlan 313 and 314 be the correct way to do this ?
thanks and regards
Thanks for the comments. No, the corportate users will have the same access rights as they would if they logged onto the domain via LAN. The guest users will only be routed out onto the internet. I guess for this, I will set up our spare ADSL line as the default gateway for the guest users. What I'm thinking is would the range say ::: 196.168.20.x/24 and 196.168.21.x/24 (giving me I think 126 hosts per subnet) on vlan 313 and 314 be the correct way to do this ?
thanks and regards
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yeah, subnetting is still a bit new to me :D We use DHCP for the corporate users and will run a seperate dhcp pool from the cisco wireless controller for the guests accessing via a portal webpage. Corporate users will still get their address from one of our member servers running dhcp. I think I'm probably complicating this more than necessary. The firewall will be on both networks. I see what you mean about the the 16 bit mask. That makes sense.
What you are describing is basically having 2 separate networks with completely different IP ranges.
Are users on both VLANs going to access the same data on servers? It may be as easy to have a router placed in the middle of the vlans to deal with inter-vlan routing so they can access certain things based on an Access Control List.
So many options and several years since I did my cisco!