Solved

Configure Cisco 1602i Access Point with a second SSID (Guest Network) and configure DHCP on the switch

Posted on 2014-09-17
7
821 Views
Last Modified: 2014-09-24
I added a Cisco 3750 switch to our network, it's connected to the first switch on trunk interface G0/1 allowing all vlans
I connected a Cisco 1602i Stand alone Access point on interface Fa1/0/1 on the new 3750 switch and changed the interface to a trunk
We have vlan1 for data with a DHCP server and vlan2 for Voice with another DHCP server.
I configured the access point and it's working fine connecting users to our vlan1 network and the DHCP server provide the network info.
I would like to configure a second SSID for guests, the DHCP server for clients connecting to it would be the 3750 switch I added, and I would like them not to be able to reach our vlan1 network

Thanks for your help
0
Comment
Question by:Yucel Altingoz
  • 3
  • 3
7 Comments
 
LVL 10

Expert Comment

by:djcanter
ID: 40328560
Create the SSID and assign it to vlan2.

What is going to route vlan 2 past the 3750 ?

I would start be creating the default route on the 3750 to be the gateway on vlan 1.
Then configure the vlan1 router to route vlan2 subnet to the 3750 vlan1 ip address.
Then configure NAT on the router for vlan2 subnet to access the internet.
0
 

Author Comment

by:Yucel Altingoz
ID: 40328597
the 3750 switch is connected to a 4507 switch.
I do not wish to use Vlan2 it's already configured for Voice.
the 3750 already has a default gateway and data and phones are working normal.
I would like to add a guest network on the access point on a new vlan that does not reach our network.
the DHCP server for the new vlan will be the 3750 switch.
0
 
LVL 10

Expert Comment

by:djcanter
ID: 40328619
sorry i mistyped. as you already have vlan2 in use, use any other vlan id for the new vlan, but the other principles still apply.
to prevent access to your other networks, you will need to use ACLs on the 3750.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 45

Expert Comment

by:Craig Beck
ID: 40329970
djcanter's solution is valid but you need to be absolutely sure your ACL is correct.

I would use a different router completely for the Guest VLAN (same switches, different router - to be clear).  This would allow you to connect the Guest network straight to an internet feed (or a DMZ), bypassing your internal network.
0
 

Accepted Solution

by:
Yucel Altingoz earned 0 total points
ID: 40332856
I found a link that explains how to do it and it worked for me successfully.
I thought I would share it with you.

http://www.definit.co.uk/2011/06/configuring-guest-wireless-network-restricted-access-production-vlans/

Thanks for your help
0
 
LVL 10

Expert Comment

by:djcanter
ID: 40333131
The link provided the same info as I did.
0
 

Author Closing Comment

by:Yucel Altingoz
ID: 40341116
I found a link that goes step by step and followed it successfully
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

MAC Filtering: MAC filtering is like handing a list of names to a doorman. If someone comes to the door and mentions a name, this name is checked by the doorman on his list and granted or denied access by this. This means that if someone menti…
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now