mrjking2000
asked on
VLAN help on AP with multiple SSIDs
Good evening folks,
I need to do the following, and we are not going to purchase cisco equipment to do it:
Access point with two SSIDs. One is public and other is private. public needs to NOT see anything but internet, and also serve as a DHCP server for clients connected to public. Private network can see everything, servers, printers and whatnot, addresses are handed out by server's DHCP.
am I asking too much? I know there are some APs out there that can serve as access points and DHCP servers at the same time.
now onto the VLAN. if i setup the router's port that my ap is connected to with a vlan id than only traffic between the two IDs is permitted right? So my "private" ssid (not on vlan) won't be able to talk through that switch port?? Am I thinking about this correctly?
this is a new topic to me, so a little confused.
I need to do the following, and we are not going to purchase cisco equipment to do it:
Access point with two SSIDs. One is public and other is private. public needs to NOT see anything but internet, and also serve as a DHCP server for clients connected to public. Private network can see everything, servers, printers and whatnot, addresses are handed out by server's DHCP.
am I asking too much? I know there are some APs out there that can serve as access points and DHCP servers at the same time.
now onto the VLAN. if i setup the router's port that my ap is connected to with a vlan id than only traffic between the two IDs is permitted right? So my "private" ssid (not on vlan) won't be able to talk through that switch port?? Am I thinking about this correctly?
this is a new topic to me, so a little confused.
One more thing... I mentioned two Access Point simply because I assumed you don't have one of those expensive Cisco Aeronet AP's that support multiple SSID and VLAN Support. if you do then One of them will do it.
ASKER
hmm, okay so now i understand the trend for cisco. The environment has a SBS 2008 server, watchguard firewall with built in 4 port switch, dlink 24 port switch, and a terminal server.
if the watchdog firewall supports VLANs and the access point, for example engenius EAP-3660 seems to be able to handle multiple ssids, dhcp on the device, one could just enable the public SSID with a vlan tag of 2, and the firewall port with vlan tag 2 and it could work?? What about the private ssid?
if the watchdog firewall supports VLANs and the access point, for example engenius EAP-3660 seems to be able to handle multiple ssids, dhcp on the device, one could just enable the public SSID with a vlan tag of 2, and the firewall port with vlan tag 2 and it could work?? What about the private ssid?
What is the manuf/model# of the AP you have?
ASKER
would like to use the engenius EAP-3660 for indoor and maybe EOC-5611p for outdoor aps.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The engenius EAP-3660 supports VLAN tagging. Add a second card in your server and configure it for VLAN2. Setup the firewall to forward all traffic on VLAN2 to and from your internet port only. Put your internal devices on VLAN1 and the external devices on VLAN2 and you should be in business.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Now, what kind of an environment are you in? Do you have a spare Computer with dual NIC cards that you could install Windows Server onto it? For example Windows Server 2003 or later can do it.
At some point you have to have a switch that supports VLANs, and maybe two regular wireless Access Points.