Solved

Need help setting up VLAN, Is this even possible?

Posted on 2010-11-17
2
479 Views
Last Modified: 2012-06-27
We have a client who is wanting to provide internet access to guests in their main building via wireless access points.  Our goal is to be able to provide them with this access while separating them from the rest of the internal network, while also providing ourselves with wireless access to the entire network in the main building.

We are using Engenius EAP 9550 Access Points, I have the choice of using a Netgear ProSafe JFS524E or a Cisco Catalyst 2950 Switch, and a our router/firewall is a Sonic Wall TZ170.

I have explored through all the settings and can not seem to figure out how to make this work.  Is it possible to split a port between two VLANs so that one side can not have access to the internal network.  I feel like I have been beating my head on a brick wall trying to figure this out.  So now I am here, can anyone provide any insight into some possible solutions
0
Comment
Question by:pennelltechs
2 Comments
 
LVL 2

Accepted Solution

by:
worpx earned 250 total points
ID: 34156049
Yes, you can create a VLAN for this purpose to segragate networks. However, the function that you want is in the firewall. Create an ACL to subnet out the ranges you want passing through the firewall.

I would assign a guest VLAN in your switch, assign a separate DHCP range and create a static NAT for that DHCP range in order to allow access to the internet, but not to the internal network, or vice-versa.

0
 
LVL 17

Assisted Solution

by:pergr
pergr earned 250 total points
ID: 34163401
Your access points has this feature for you to use:

- Multiple SSID with 802.1q VLAN Tagging (up to 4 SSID)(Access Point mode)


You will need to create one SSID for guests and another SSID for yourselves, and then put each SSID into different VLANs.

Each VLAN will have its oen subnet, and you should treat those as different DMZs on the firewall.

If your firewall can handle VLAN the it can be a single connection between switch and firewall - if not you need to have a separate port for each VLAN.

Obviously you will need to configure the VLANs on the switch too - and the port towards the access point needs to be trunk with .1q tagging.

Your firewall need be DHCP server on each subnet - clearly with different IP subnets.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
BGP prefix and routing 3 60
Issue with Cisco 4402 and 1142 LAPs 1 23
Internet options/Settings 1 46
Ceiling heights max for internal antennas - Cisco 3702i access points 6 14
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question