Isolate Guest Wireless network from Business Network

Trying to isolate Guest Wireless network from business network on a Cisco RV180W. I have configured the Guest network for VLAN 20 and VLAN 1 is the default and disabled Inter VLAN Routing but I can still access the business network from a wireless connection. Your help is appreciated.
DavidAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
I have not been able to manage secure VLAN on that class of router.

Easier I think to get a separate Wi-Fi router and put it on a completely different subnet. That will keep normal business users on the guest network from seeing your business LAN.
0
Fred MarshallPrincipalCommented:
Reference manual:
https://www.cisco.com/c/dam/en/us/td/docs/routers/csbr/rv180w/administration/guide/rv180w_admin.pdf

Do you have multiple VLAN subnets?  That's available and may be necessary.
What IP addresses are obtained on each wireless SSID?

RSTP isn't recommended for use when there are VLANS (p. 39).

The wireless default VLAN is 1 for all the wireless SSIDs it appears.  (p 64).  You will have to assign different VLANs for the wireless clients.

p. 65 d. Wireless Isolation within the SSID check box to separate ALL the clients on that SSID.

I'd also check the routing table to assure that inter-subnet routing isn't available.
0
masnrockCommented:
I would disable the wireless on that router, get a VLAN-capable access point, connect it to a port that has VLAN 1 untagged and VLAN 20 tagged, and configure it with multiple SSIDs (one for guests, and another for corporate use if desired). Keeping the AP on VLAN 1 has the upside of allowing for configuring from the corporate network, and not letting guests have a way to access any of the admin features (provided you probably configure that SSID for VLAN 20).

Assuming you don't need wireless for the corporate network, another option would be to simply configure the existing SSID to use VLAN 20 (this builds on what Fred had mentioned). That way wireless clients go to the guest network like they are supposed to. If you need to have wireless clients on the corporate network in the future, you could either buy a separate wireless AP that's connected to VLAN 1, or reference what I mentioned in the first paragraph.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DavidAuthor Commented:
Thanks all, I will purchase another AP.
0
Fred MarshallPrincipalCommented:
So, the suggestions and questions I provided didn't help?  Just curious.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.