Wireless Access Point VLAN
Hi
I want to install a wirelss in our production environment, however i dont want any users of this wireless to have access to my lan only to the internet via our default gateway.
I wa going to create a new VLAN on our Cisco switch and plug the wireless AP into that port and that vlan. I can set the AP up for DHCP and now the clients can connect to it and get an ip ok. But they cant get internet access. they also cant ping the gateway as its on a different subnet and vlan. how can i sort this nice and easy?
cheers
I want to install a wirelss in our production environment, however i dont want any users of this wireless to have access to my lan only to the internet via our default gateway.
I wa going to create a new VLAN on our Cisco switch and plug the wireless AP into that port and that vlan. I can set the AP up for DHCP and now the clients can connect to it and get an ip ok. But they cant get internet access. they also cant ping the gateway as its on a different subnet and vlan. how can i sort this nice and easy?
cheers
ASKER
yeah but how do i get the new dhcp clients to use my existing default gateway
If they are on a separate VLAN it is as if they are plugged into an entirely separate switch with no connection to your main LAN (including your gateway). You need to connect your new VLAN to an Internet connection by either:
Using a router or a layer 3 switch (as donjohnston suggested). You will need to set access control lists to prevent access to the production VLAN from the wireless VLAN
Add an extra NIC to your firewall and plug this into the wireless VLAN. Set the IP address of this new interface as the default gateway on the AP
Buy a cheap ADSL broadband package for the wireless VLAN. Configure the IP address of the new broadband router as the gateway on the AP. Sounds expensive, but is dead simple to install and maintain.
Let me know if you have any questions, good luck!
D
Using a router or a layer 3 switch (as donjohnston suggested). You will need to set access control lists to prevent access to the production VLAN from the wireless VLAN
Add an extra NIC to your firewall and plug this into the wireless VLAN. Set the IP address of this new interface as the default gateway on the AP
Buy a cheap ADSL broadband package for the wireless VLAN. Configure the IP address of the new broadband router as the gateway on the AP. Sounds expensive, but is dead simple to install and maintain.
Let me know if you have any questions, good luck!
D
>yeah but how do i get the new dhcp clients to use my existing default gateway
They don't. By creating a new VLAN, you have created a new IP network. Each IP network has it's own default-gateway. Which either means a multilayer switch or a router on that network is the default-gateway for all hosts on that network.
They don't. By creating a new VLAN, you have created a new IP network. Each IP network has it's own default-gateway. Which either means a multilayer switch or a router on that network is the default-gateway for all hosts on that network.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
DId you have any thoughts on these options? Let me know if you'd like to discuss any further.
Cheers,
D
Cheers,
D
You'll also need to reconfigure the DHCP scope so all the clients get the new default-gateway.