+ Post New Thread
Results 1 to 7 of 7
Wired Networks Thread, Setting up a VLAN for a Guest WiFi profile in Technical; We are trying to setup a guest Wireless profile. We want toensure that devices on the guest network can only ...
  1. #1

    Join Date
    Mar 2013
    Location
    Leicestershire
    Posts
    3
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Setting up a VLAN for a Guest WiFi profile

    We are trying to setup a guest Wireless profile. We want toensure that devices on the guest network can only access the internet. We haveset up a separate VLAN (VLAN 50) for the guest profile. Our guest devices cannow access the internet through VLAN 50. However our core switch (HP 5308xl) isset to route IP traffic to all VLANs. This means that our guest devices can seeother devices on the default VLAN and therefore not achieving what we want.Does anyone know what I need to do on the layer 3 switch. Listed below is partof the config for our core switch. Our Cisco router is plugged into port A1.

    ip routing
    snmp-server community "public" Unrestricted
    snmp-server host 10.56.84.45 "public"
    vlan 1
    name"DEFAULT_VLAN"
    untaggedA1-A4,B1-B4,C2-C4,D1-D4,E1-E4,F1-F4,G1-G4
    ip address10.56.84.1 255.255.252.0
    ip address10.53.160.30 255.255.252.0
    ip address10.58.226.1 255.255.255.0
    ip helper-address10.56.84.15
    ip igmp
    exit
    vlan 50
    name"Open"
    ip address10.58.227.1 255.255.255.0
    tagged D3,E2
    exit
    ip route 0.0.0.0 0.0.0.0 10.53.160.25
    spanning-tree
    exit
    password manager
    password operator

  2. #2

    Join Date
    Nov 2010
    Location
    California
    Posts
    137
    Thank Post
    0
    Thanked 24 Times in 22 Posts
    Rep Power
    11
    What services are you wanting the guest wifi to be able to access? I am assuming DHCP,DNS, 80, 443?
    Last edited by qcomer; 31st March 2013 at 07:44 AM.

  3. Thanks to qcomer from:

    Frank99 (2nd April 2013)

  4. #3

    Join Date
    Mar 2010
    Location
    Adelaide
    Posts
    133
    Thank Post
    2
    Thanked 19 Times in 17 Posts
    Rep Power
    12
    By giving vlan50 an IP address you're adding it to the route table which is why guests can access everything. You have the right idea, keep the guest network 100% isolated from your inside network and I would usually achieve this by using a dedicated port on your firewall device and let that be the DHCP server.

    However if you're stuck on using the switch, you may have to throw in an ip-helper and tight ACLs to achieve a similar result. Use your ISPs DNS servers, ip-helper for DHCP, and lock down access to your other subnets with ACLs as well as traffic outside down to 80, 443 and other required ports (such as DNS).

    Can the Cisco router take on this role?

  5. Thanks to _Adam_ from:

    Frank99 (2nd April 2013)

  6. #4
    ass17's Avatar
    Join Date
    Feb 2013
    Posts
    269
    Thank Post
    5
    Thanked 26 Times in 26 Posts
    Rep Power
    24
    ACLs is the way, we have many on our 5406xl.

  7. Thanks to ass17 from:

    Frank99 (2nd April 2013)

  8. #5

    Join Date
    Mar 2013
    Location
    Leicestershire
    Posts
    3
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thank you for the replies. I am afraid that I am stuck with having to use the switch. I was thinking of using the ISP's DNS server and the DHCP server that is built into the wireless controller. I did wonder if I would need to set up some ACLs to lock down access to other subnets. I have never done anything with ACLs before, so I will read up about them and see what I can do. If anyone has any examples of ACLs that they would like to share, then it would be really appreciated.

  9. #6

    Join Date
    Mar 2010
    Location
    Adelaide
    Posts
    133
    Thank Post
    2
    Thanked 19 Times in 17 Posts
    Rep Power
    12
    There are many examples available both from HP and general searching. A good example is from this very forum - VLAN Config (ProCurve)

    As gshaw states, it is understanding what is "in" is the greatest hurdle to understanding ACLs. Have a go and if you get stuck post the config.

  10. #7

    Join Date
    Mar 2013
    Location
    Leicestershire
    Posts
    3
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi Adam, that's brilliant thank you for that example it look as though it will do exactly what I am trying to achieve. I will try it out and let you know how I get on.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 3
    Last Post: 4th November 2012, 04:59 PM
  2. [Gentoo] setting up bridged connection for virtualbox
    By RabbieBurns in forum *nix
    Replies: 6
    Last Post: 6th July 2009, 06:19 AM
  3. setting up php/sql for a forum on 2008 x64
    By sted in forum Windows Server 2008
    Replies: 0
    Last Post: 1st July 2009, 08:25 AM
  4. setting up Office 2007 for the visually impaired
    By wesleyw in forum How do you do....it?
    Replies: 1
    Last Post: 11th March 2008, 09:47 AM
  5. Replies: 13
    Last Post: 9th August 2006, 01:08 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •