Solved

Configure Cisco 1602i Access Point with a second SSID (Guest Network) and configure DHCP on the switch

Posted on 2014-09-17
7
877 Views
Last Modified: 2014-09-24
I added a Cisco 3750 switch to our network, it's connected to the first switch on trunk interface G0/1 allowing all vlans
I connected a Cisco 1602i Stand alone Access point on interface Fa1/0/1 on the new 3750 switch and changed the interface to a trunk
We have vlan1 for data with a DHCP server and vlan2 for Voice with another DHCP server.
I configured the access point and it's working fine connecting users to our vlan1 network and the DHCP server provide the network info.
I would like to configure a second SSID for guests, the DHCP server for clients connecting to it would be the 3750 switch I added, and I would like them not to be able to reach our vlan1 network

Thanks for your help
0
Comment
Question by:Yucel Altingoz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 10

Expert Comment

by:djcanter
ID: 40328560
Create the SSID and assign it to vlan2.

What is going to route vlan 2 past the 3750 ?

I would start be creating the default route on the 3750 to be the gateway on vlan 1.
Then configure the vlan1 router to route vlan2 subnet to the 3750 vlan1 ip address.
Then configure NAT on the router for vlan2 subnet to access the internet.
0
 

Author Comment

by:Yucel Altingoz
ID: 40328597
the 3750 switch is connected to a 4507 switch.
I do not wish to use Vlan2 it's already configured for Voice.
the 3750 already has a default gateway and data and phones are working normal.
I would like to add a guest network on the access point on a new vlan that does not reach our network.
the DHCP server for the new vlan will be the 3750 switch.
0
 
LVL 10

Expert Comment

by:djcanter
ID: 40328619
sorry i mistyped. as you already have vlan2 in use, use any other vlan id for the new vlan, but the other principles still apply.
to prevent access to your other networks, you will need to use ACLs on the 3750.
0
Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

 
LVL 46

Expert Comment

by:Craig Beck
ID: 40329970
djcanter's solution is valid but you need to be absolutely sure your ACL is correct.

I would use a different router completely for the Guest VLAN (same switches, different router - to be clear).  This would allow you to connect the Guest network straight to an internet feed (or a DMZ), bypassing your internal network.
0
 

Accepted Solution

by:
Yucel Altingoz earned 0 total points
ID: 40332856
I found a link that explains how to do it and it worked for me successfully.
I thought I would share it with you.

http://www.definit.co.uk/2011/06/configuring-guest-wireless-network-restricted-access-production-vlans/

Thanks for your help
0
 
LVL 10

Expert Comment

by:djcanter
ID: 40333131
The link provided the same info as I did.
0
 

Author Closing Comment

by:Yucel Altingoz
ID: 40341116
I found a link that goes step by step and followed it successfully
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today sees the launch of a new case study, focusing on BYOD technologies we have been working with for some time now.  But with the advent of 802.11ac wireless technologies and the story behind our landmark developments, we would like to share this …
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question