Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Need help setting up VLAN, Is this even possible?

Posted on 2010-11-17
2
Medium Priority
?
483 Views
Last Modified: 2012-06-27
We have a client who is wanting to provide internet access to guests in their main building via wireless access points.  Our goal is to be able to provide them with this access while separating them from the rest of the internal network, while also providing ourselves with wireless access to the entire network in the main building.

We are using Engenius EAP 9550 Access Points, I have the choice of using a Netgear ProSafe JFS524E or a Cisco Catalyst 2950 Switch, and a our router/firewall is a Sonic Wall TZ170.

I have explored through all the settings and can not seem to figure out how to make this work.  Is it possible to split a port between two VLANs so that one side can not have access to the internal network.  I feel like I have been beating my head on a brick wall trying to figure this out.  So now I am here, can anyone provide any insight into some possible solutions
0
Comment
Question by:pennelltechs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 2

Accepted Solution

by:
worpx earned 1000 total points
ID: 34156049
Yes, you can create a VLAN for this purpose to segragate networks. However, the function that you want is in the firewall. Create an ACL to subnet out the ranges you want passing through the firewall.

I would assign a guest VLAN in your switch, assign a separate DHCP range and create a static NAT for that DHCP range in order to allow access to the internet, but not to the internal network, or vice-versa.

0
 
LVL 17

Assisted Solution

by:pergr
pergr earned 1000 total points
ID: 34163401
Your access points has this feature for you to use:

- Multiple SSID with 802.1q VLAN Tagging (up to 4 SSID)(Access Point mode)


You will need to create one SSID for guests and another SSID for yourselves, and then put each SSID into different VLANs.

Each VLAN will have its oen subnet, and you should treat those as different DMZs on the firewall.

If your firewall can handle VLAN the it can be a single connection between switch and firewall - if not you need to have a separate port for each VLAN.

Obviously you will need to configure the VLANs on the switch too - and the port towards the access point needs to be trunk with .1q tagging.

Your firewall need be DHCP server on each subnet - clearly with different IP subnets.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question