Solved

Configure Cisco 1602i Access Point with a second SSID (Guest Network) and configure DHCP on the switch

Posted on 2014-09-17
7
847 Views
Last Modified: 2014-09-24
I added a Cisco 3750 switch to our network, it's connected to the first switch on trunk interface G0/1 allowing all vlans
I connected a Cisco 1602i Stand alone Access point on interface Fa1/0/1 on the new 3750 switch and changed the interface to a trunk
We have vlan1 for data with a DHCP server and vlan2 for Voice with another DHCP server.
I configured the access point and it's working fine connecting users to our vlan1 network and the DHCP server provide the network info.
I would like to configure a second SSID for guests, the DHCP server for clients connecting to it would be the 3750 switch I added, and I would like them not to be able to reach our vlan1 network

Thanks for your help
0
Comment
Question by:Yucel Altingoz
  • 3
  • 3
7 Comments
 
LVL 10

Expert Comment

by:djcanter
ID: 40328560
Create the SSID and assign it to vlan2.

What is going to route vlan 2 past the 3750 ?

I would start be creating the default route on the 3750 to be the gateway on vlan 1.
Then configure the vlan1 router to route vlan2 subnet to the 3750 vlan1 ip address.
Then configure NAT on the router for vlan2 subnet to access the internet.
0
 

Author Comment

by:Yucel Altingoz
ID: 40328597
the 3750 switch is connected to a 4507 switch.
I do not wish to use Vlan2 it's already configured for Voice.
the 3750 already has a default gateway and data and phones are working normal.
I would like to add a guest network on the access point on a new vlan that does not reach our network.
the DHCP server for the new vlan will be the 3750 switch.
0
 
LVL 10

Expert Comment

by:djcanter
ID: 40328619
sorry i mistyped. as you already have vlan2 in use, use any other vlan id for the new vlan, but the other principles still apply.
to prevent access to your other networks, you will need to use ACLs on the 3750.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 45

Expert Comment

by:Craig Beck
ID: 40329970
djcanter's solution is valid but you need to be absolutely sure your ACL is correct.

I would use a different router completely for the Guest VLAN (same switches, different router - to be clear).  This would allow you to connect the Guest network straight to an internet feed (or a DMZ), bypassing your internal network.
0
 

Accepted Solution

by:
Yucel Altingoz earned 0 total points
ID: 40332856
I found a link that explains how to do it and it worked for me successfully.
I thought I would share it with you.

http://www.definit.co.uk/2011/06/configuring-guest-wireless-network-restricted-access-production-vlans/

Thanks for your help
0
 
LVL 10

Expert Comment

by:djcanter
ID: 40333131
The link provided the same info as I did.
0
 

Author Closing Comment

by:Yucel Altingoz
ID: 40341116
I found a link that goes step by step and followed it successfully
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Questions about DHCP migration 5 81
ASA DHCP setup 5 38
Vsphere web not showing changes made by ssh console 5 53
Dell PowerConnect 2824 w/ two DHCP 6 24
MAC Filtering: MAC filtering is like handing a list of names to a doorman. If someone comes to the door and mentions a name, this name is checked by the doorman on his list and granted or denied access by this. This means that if someone menti…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question