Solved

Guest Wireless Access

Posted on 2015-01-30
7
232 Views
Last Modified: 2015-04-09
We had been using a Linksys Smart Wi-Fi E4200 successfully as a router and for wireless access, both for our employees and for guest access for our visitors...

We now have a Cisco ASA (non-wireless) router in place, and we're using the Linksys for wireless access... HOWEVER, we cannot get the GUEST access to work.  We *can* connect using the Guest Access feature, but we can't get to the internet using it.  

Linksys tells me that this is not possible... that the only way to use the *Guest* access feature of this device is to make it our "main" router... which I cannot do.  (Out of my control.)

Does this sound logical?  I must be missing something obvious.  How can we provide wireless guest access and still use the Cisco ASA as our router?
0
Comment
Question by:K A
  • 3
  • 3
7 Comments
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40580295
What the Linksys router does is push both the private and guest networks out through the same WAN port.  That's ok as it separates the guests from the secure side of your network.

However, there's no way to differentiate guests from secure users once their traffic exits the WAN port as the router will NAT all traffic that goes out of the WAN port.  The ASA just sees a load of traffic coming from the Linksys router so it's all effectively the same.

For this to work properly you'd need to dump the Linksys router and use a proper AP that can do 802.1Q (VLANs) and multiple SSIDs.
0
 
LVL 25

Assisted Solution

by:Fred Marshall
Fred Marshall earned 75 total points
ID: 40580566
What I believe you may have done is to connect the AP LAN-LAN.  
This is a typical configuration when there's another router as internet gateway.

Here is what I imagine that you have:

Cisco <> Linksys private Ethernet LAN port <> private LAN wired and wireless
                Linksys guest wireless "ports" which connect to each other maybe but there's no WAN connection to be used.

What craigbeck says is correct: the Linksys router connects both the private and guest networks via NAT to the WAN port while keeping the two networks separate otherwise.
Without the WAN port connected to anything, you won't get internet connection to the guest wireless network because it's normal path isn't there.

Another way to look at it is:
- the private LAN is one of two VLANs.  This one has Ethernet ports.
- the guest LAN is one of the two VLANs.  This one has no Ethernet ports.  It's only intended for wireless connections.
- the two VLANS connect to the WAN port / isolated from one another (with NAT).

So, if you don't connect the WAN port then there's no upstream connectivity.
The private LAN connects to the inside of the Cisco ASA router and gets internet access that way.
The guest LAN is just "floating" re: internet access.
Simple-Model-of-a-Wireless-Router-with-G
0
 

Author Comment

by:K A
ID: 40612836
Thank you both for your advice so far...

We got pulled away from this for a few days, but it will surface tomorrow.  We looked hard for an 802.1Q (VLAN) device with multiple SSIDs locally via retail, but couldn't find one.  Will query our distributors tomorrow and will be able to report back.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 45

Expert Comment

by:Craig Beck
ID: 40613163
Get yourself a Cisco 1602.
0
 

Author Comment

by:K A
ID: 40615447
Thanks, craigbeck, but we don't see any reference to 802.1Q, VLANS, or multiple SSIDs on the Cisco 1602 spec sheets... nor any of the Aironet products, for that matter.  Does Cisco use different names for those technologies?
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 425 total points
ID: 40615479
No, they just dont mention it for some bizarre reason but take it from me - all Cisco Aironet APs (1600, 2600, 3600, 1700, 2700, 3700, 1500, 1100, 1200) do 802.1Q and multiple SSIDs.  I've installed literally tens of thousands of them :-)
0
 

Author Closing Comment

by:K A
ID: 40715046
Thank you very much.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

MAC Filtering: MAC filtering is like handing a list of names to a doorman. If someone comes to the door and mentions a name, this name is checked by the doorman on his list and granted or denied access by this. This means that if someone menti…
Coaxial cable bending There are several factors that govern the selection of coaxial cable for your Machine to Machine (M2M) application: the location of cable runs, either indoor or outdoor, inside or outside an enclosure, maximum bending and the…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now