Is it possible to configure the netgear WFS709TP ProSafe Smart Wireless Controller to be a DHCP server to just wireless clients? Im Runnig low on Ip address so im planning on a dirfferent scope for the wireless clients.
Is it just a case of enabling DHCP for the already configured vlan?
The netgear manual is a bit vague.
Yes but you might also need to route trafic between your vlans to make things work corectly. Also there is much more info in the ArubaOS manual instead of the netgear one.
We have exactly the same issue, and to resolve it we want to setup the netgear WiFi controller to hand out IP addresses (with DHCP) in another IP range.
This is one of those high priority projects, which I really MUST complete this summer.
- We need to ensure that only WiFi clients (and possibly the Light WAPs) to pickup the IP addresses.
- The box will have to be able to route IP packets to and from the new range of IP addresses; I don't know if it can do this, or if we need another router? Routers on other subnets will need to be aware of this "router" and the IP range.
I believe that this can be achieved through the VLAN feature?
Netgear support seem to be unsure if there needs to be another router.
Any advice really appreciated!
OK we need to set up a new VLAN with a new privet IP range probably class B so a subnet of 172.16.0.0/16. Then we must enable routing on the controller but if we just use static then as Bruce seas “Routers on other subnets will need to be aware of this "router" and the IP range.” But not if it is NATed using the one original IP address of the controller. If we don’t NAT then any computers on the next hop from your original internet router will not know how to send traffic back to computers on your new VLAN so the internet would not work. Also we must set up a new DHCP pool on the controller and tell it to issue IP addresses on the new VLAN but from what I can see this can only be done on VLAN1, so this will be the new VLAN and VLAN2 will sit on your original network Then configure the uplink port if you only have one controller this would sit on VLAN2 untagged and Bobs your uncle. If you have more than one controller you will just do this on the master one but then configure the uplink ports and any switches and controllers in between with VLAN1 untagged(because it’s the management VLAN and carries all other VLANS) and VLAN2 tagged.
This might not be 100% accurate instructions as I ran through it on an Aruba controller and not a Netgear one but here goes step by step.
Warning this involves changing the controllers IP address.
1. Navigate to the Configuration > Advanced > Switch > General > VLAN page.
Click Add to configure VLAN 2.
2. Configure VLAN 2 as follows:
A. Enter 2 for the VLAN ID.
B. Enter a address from your existing range for the IP Address and Net Mask.
C. Select the uplink ports that are connected to the existing network (To add physical ports to VLAN2, click Add in the VLAN Members section. Select the port to add to VLAN2). This should be the native VLAN so that it is untagged on 8 for uplink
3. Click Apply.
4. Now you must Access via new IP address just set
5. Navigate to the Configuration > Advanced > Switch > General > VLAN page.
6. click Edit for VLAN 1.
7. Configure VLAN 1 as follows:
A. Enter 172.16.0.1 for the IP Address and 255.255.0.0 for the Net Mask.
C. Select the Enable source NAT for this VLAN checkbox.
8. Click Apply.
9. Navigate to the Configuration > Advanced > Switch > General > DHCP Server page.
10. Select the Enable DHCP Server checkbox.
11. In the Pool Configuration section, click Add.
12. Enter information about the subnetwork for which IP addresses are to be assigned. Click Done. (Default router will be 172.16.0.1the controller and network is 172.16.0.0 with a mask of 255.255.0.0)
13. If there are addresses that should not be assigned in the subnetwork: ( E.G 172.16.0.1 the controllers IP on VLAN1 for routing)
A. Click Add in the Excluded Address Range section.
B. Enter the address range in the Add Excluded Address section.
C. Click Done.
14. Click Apply at the bottom of the page.
15. At the top of the page, click Save Configuration.
Sorry for any mistakes but it gives you both the idea of how to set it up.
Just spotted a couple of mistakes, you must also set the default route on the master controller to be your ISP’s router IP address so that traffic can get out to the internet and also so your original network can see the new one you should set the default gateway on DHCP and any statically set IPs on original network to point to the controllers IP instead of ISP’s router.
mtdmitchell (12th August 2009)
Thank you for you help,
I have configured the device as suggested but im a little confused with the tagging and Uplink? with vlan 1 i have ports 1-7 assiociated to it (tagged?) and vlan 2 i have just port 8
Also i dont understand "original network can see the new one you should set the default gateway on DHCP"
i have 1 master controller and 2 local controllers
OK no problems first lets deal with the VLANS.
For a port pump out one VLAN as a normal network port it must be untagged on that port. So if 0-7 have WAPS that you want to get IP addresses from your new network range they will be untagged on VLAN1. Or if you want them to get an Ip address from your original network (the network range running low on IPs) they will be untagged on VLAN2.
Now 802.1q VLANS and the uplink ports between switches must be untagged on VLAN1 (management vlan) to carry all other VLANs between switches. Then all other VLANS are tagged to stop traffic from VLANs merging. So if I have 5 vlans to send between controllers on port 8 VLAN1 is untagged and VLAN2, 3, 4 and 5 are tagged. Just to confuse things, some switches allow you to tag all vlans but there will always be one untagged underneath it all or 802.1q can’t work (sometimes it’s hiden in the GUI called the primary VLAN instead of management VLAN). Any way VLAN1 must be untagged on uplinks on WFS709TP with VLAN2 tagged or it will not work.
Same applyes for all other uplinks to switches inbetween the Netgear controlers.
Now on to the routing and default route.
I take it the NATing has worked but you may notes that things aren’t working correctly if you try pinging between networks. To fix this we must do the following replace the default router on whatever dishes out DHCP (your main server) on your original network (the network range running low on IPs) and set your ISPs router up as a static default route (or Gateway of Last Resort ) for the internet on the Netgear controller. This will case all computers to look at the controller first to see if it knows of a destination network and if it doesn’t it will get passed on to ISP router (Gateway of Last Resort/ default route)
On the Netgear controller to set a default static route to ISPS controller do the following.
1. Navigate to the Configuration > Advanced > Switch > General > IP Routing page.
2. Click Add to add a static route to a destination network or host. Enter the destination IP and network mask (0.0.0.0 and net mask 0.0.0.0 for default route) and the next hop IP address (ISPs Router).
3. Click Done to add the entry.
NOTE: The route has not yet been added to the routing table.
4. Click Apply to add this route to the routing table. The message Configuration
Last thing to do is some ping tests from original network to new wireless network range and then wireless network to original range and finely ping www.google .co.uk from both networks to test internet connectivity.
Good luck with the config you will get your head around it eventually.
Great my wireless is now picking up Address from 172.16 scope, but i cannot get the static route to work when entering the suggested ip address for destination i get "Invalid Destination IP address" What is the destination address? should it be my original network? I have tryed it and get the following error " Error processing command:Cannot Create Static Route "
Also i now seem to have lost all my access points. From the Error logs on the controller it would appear they cannot access the TFtp server to download the image (they are all stuck on the orange test light) I have tried a manual reset of a Few access points. Im presuming they are looking ofr the old controller still?
Altough i do have 6 out of 31 working for some reason
On the Configuration > Advanced > Switch > General > IP Routing page is there a box for “Default Gateway”. If so put your ISPs Routers IP address in there (this will be something on the old range so e.g something like 192.168.0.254). I think that should accomplish the same thing with the Gateway of Last Resort/ default route instructions that I gave above that an not working. One way of checking things for routes are set up correctly is do a “show ip route” on the command line but I don’t know if its possible to access it on the Netgear!!!
Basically with the whole routing thing what we are trying to do is stick your master controller in front of your ISPs router to intercept traffic for your networks before passing out to the internet.
@ dirtydogmitchell “Also I now seem to have lost all my access points”
This will likely be to do with some vlan configuration problems. Don’t forget that you will need to configure the switches that the controllers connect to in the same way and VLAN2 has to connect into your original network at some point on route, to enable access to ISP’s router.
Right i think im getting there the controllers are connected to a hp switch which then connects back to a core switch. So i need to configure the vlan2 on those first switches and also the core switch?
Not all of our Ap's are plugged into controllers?
Yes you will need to configure all of these switches.
You can just leave the WAPSs on the original network (now VLAN2) and once all of the routing is sorted with things are changed over in original networks DHCP (default gateway settings to point to the Netgear master controller instead of ISPs router).
Once VLANs are configured on switches between controllers, I would then concentrate on the routing and getting all of the networks to see and talk to each other. Worry about the missing access points last!
Nope im still struggling to get my head around this, with the other Hp switches which are connected to the netgear controllers you are saying to change the primary vlan to the new network 172.16.... which would have all the ports tagged except fot the uplink port which is for vlan 2 which is the original network 10.122....... But what about the wired hosts attached to these switches (pcs) which still need to use the original ip scope, are they affected?
Ok on the HP switches between controllers set any uplinks to other switches and controllers to be as follows:
VLAN 1 (management) untagged and VLAN 2 tagged
These settings will pass both VLANS between switches/controllers
Now for all of the original devices that are connected (so all other ports on the switch) set them to the following:
VLAN 2 untagged
And that’s it. The whole moving original VLANs around all reverts back to the controllers DHCP server only working on VLAN1 so blame it on Aruba who wrote the OS for the Netgear controller.
WARNING: Never untag two VLANs on one port or all hell will be unleashed.
Last edited by MicrodigitUK; 13th August 2009 at 02:37 PM.
There are currently 1 users browsing this thread. (0 members and 1 guests)