Solved

Guest Wireless Access

Posted on 2015-01-30
7
225 Views
Last Modified: 2015-04-09
We had been using a Linksys Smart Wi-Fi E4200 successfully as a router and for wireless access, both for our employees and for guest access for our visitors...

We now have a Cisco ASA (non-wireless) router in place, and we're using the Linksys for wireless access... HOWEVER, we cannot get the GUEST access to work.  We *can* connect using the Guest Access feature, but we can't get to the internet using it.  

Linksys tells me that this is not possible... that the only way to use the *Guest* access feature of this device is to make it our "main" router... which I cannot do.  (Out of my control.)

Does this sound logical?  I must be missing something obvious.  How can we provide wireless guest access and still use the Cisco ASA as our router?
0
Comment
Question by:K A
  • 3
  • 3
7 Comments
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40580295
What the Linksys router does is push both the private and guest networks out through the same WAN port.  That's ok as it separates the guests from the secure side of your network.

However, there's no way to differentiate guests from secure users once their traffic exits the WAN port as the router will NAT all traffic that goes out of the WAN port.  The ASA just sees a load of traffic coming from the Linksys router so it's all effectively the same.

For this to work properly you'd need to dump the Linksys router and use a proper AP that can do 802.1Q (VLANs) and multiple SSIDs.
0
 
LVL 25

Assisted Solution

by:Fred Marshall
Fred Marshall earned 75 total points
ID: 40580566
What I believe you may have done is to connect the AP LAN-LAN.  
This is a typical configuration when there's another router as internet gateway.

Here is what I imagine that you have:

Cisco <> Linksys private Ethernet LAN port <> private LAN wired and wireless
                Linksys guest wireless "ports" which connect to each other maybe but there's no WAN connection to be used.

What craigbeck says is correct: the Linksys router connects both the private and guest networks via NAT to the WAN port while keeping the two networks separate otherwise.
Without the WAN port connected to anything, you won't get internet connection to the guest wireless network because it's normal path isn't there.

Another way to look at it is:
- the private LAN is one of two VLANs.  This one has Ethernet ports.
- the guest LAN is one of the two VLANs.  This one has no Ethernet ports.  It's only intended for wireless connections.
- the two VLANS connect to the WAN port / isolated from one another (with NAT).

So, if you don't connect the WAN port then there's no upstream connectivity.
The private LAN connects to the inside of the Cisco ASA router and gets internet access that way.
The guest LAN is just "floating" re: internet access.
Simple-Model-of-a-Wireless-Router-with-G
0
 

Author Comment

by:K A
ID: 40612836
Thank you both for your advice so far...

We got pulled away from this for a few days, but it will surface tomorrow.  We looked hard for an 802.1Q (VLAN) device with multiple SSIDs locally via retail, but couldn't find one.  Will query our distributors tomorrow and will be able to report back.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 45

Expert Comment

by:Craig Beck
ID: 40613163
Get yourself a Cisco 1602.
0
 

Author Comment

by:K A
ID: 40615447
Thanks, craigbeck, but we don't see any reference to 802.1Q, VLANS, or multiple SSIDs on the Cisco 1602 spec sheets... nor any of the Aironet products, for that matter.  Does Cisco use different names for those technologies?
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 425 total points
ID: 40615479
No, they just dont mention it for some bizarre reason but take it from me - all Cisco Aironet APs (1600, 2600, 3600, 1700, 2700, 3700, 1500, 1100, 1200) do 802.1Q and multiple SSIDs.  I've installed literally tens of thousands of them :-)
0
 

Author Closing Comment

by:K A
ID: 40715046
Thank you very much.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now