I have a setup with a Cisco 3845 ISR + two Dell PowerConnect 6224 L3 Switches + 4 Cisco 1145 WAPs.
My goal is to create two VLANs for wireless access points. The first VLAN will authenticate against RADIUS/PEAP for our domain computers and route between VLANs for various resources. The second VLAN will be for guest use only and route directly to the internet and not communicate between VLANs.
I've worked out the part on creating the VLAN for internal use and it works great. But I don't really know how to make best use of the equipment to isolate the VLAN and route it straight to the internet.
It seems the PowerConnect 6224 doesn't support PVLANs, so I'm trying to figure out how to do what I need with our Cisco 3845 router. Honestly I don't know where to start. I'm guessing I want it to do something like the following:
192.168.4.x -> VLAN Gateway 192.168.4.1 -> Cisco 3845 -> Internet (Serial 1/0)
Since I won't know the MAC addresses connecting to the WAPs, I know I can't use filtering. We also only have 1 HWIC in use and I do have a spare one I can install. Could I set up an interface on that and some kind of ACL that only permits access between 192.168.4.x and Serial 1/0 (with NAT)?