+ Post New Thread
Results 1 to 7 of 7
Wireless Networks Thread, VLAN for Guest Wireless in Technical; Having recently had a new wireless system installed at the school which I have to admit works a treat for ...
  1. #1

    Join Date
    May 2008
    Location
    Norfolk
    Posts
    111
    Thank Post
    16
    Thanked 2 Times in 1 Post
    Rep Power
    13

    VLAN for Guest Wireless

    Having recently had a new wireless system installed at the school which I have to admit works a treat for the existing domain equipment, I am looking to branch out and set up guest wireless access for staff/students/visitors. The AP's have been configured with 2 SSID's one for Domain and one for Guests which are set on the AP's for the default VLAN and a GUEST VLAN. We have also had a new proxy installed for the internet access which can be set for open authentication so not requiring any link to AD accounts. Now that was the easy bit, now comes my problem of configuring the switches.

    The network uses all HP Procurve managed switches with 2 x 5412zl switches forming a backbone between the main building (Cab B) and a new building with the servers and some classrooms (Cab A). The AP's are connected to the core switches and edge switches which are 2510G-24 models. The edge switches are linked back to Cab B by fibre which is currently trunked to give 2 Gig links.

    Now I've started the ball rolling by creating a GUEST VLAN (VLAN 2) on all of the edge switches and the two main switches. My next step is to get my head around tagging and trunking. My understanding is that I need to tag all the ports connected to the AP's to VLAN 2 so that the traffic can be routed depending on SSID to one of the two VLAN's. My question is how to route the VLAN 2 traffic to a new proxy which we have had installed by the LEA which will act as DHCP for a private network and also give internet access, separate from the domain network.

    I'm still in the research phase but as the holidays are slipping away any assistance would be much appreciated.

    Unfortunately with no prior knowledge of VLAN's this is a major learning curve but an ideal opportunity to learn a new skill.

  2. #2
    robk's Avatar
    Join Date
    Nov 2005
    Location
    Ashbourne
    Posts
    654
    Thank Post
    165
    Thanked 124 Times in 103 Posts
    Blog Entries
    1
    Rep Power
    47
    It sounds like you are on the right track. You need to "tag" the new vlan on all ports connecting either switch to switch (uplinks) or to the APs themselves. Put the new proxy on a port that is untagged on the new vlan. Think of the new vlan as a seperate network, when you tag a port you turn the cable into two one for each vlan, assigning a port as untagged makes it act as if it was on the seperate network.

  3. #3

    Join Date
    May 2008
    Location
    Norfolk
    Posts
    111
    Thank Post
    16
    Thanked 2 Times in 1 Post
    Rep Power
    13
    Quote Originally Posted by robk View Post
    It sounds like you are on the right track. You need to "tag" the new vlan on all ports connecting either switch to switch (uplinks) or to the APs themselves. Put the new proxy on a port that is untagged on the new vlan. Think of the new vlan as a seperate network, when you tag a port you turn the cable into two one for each vlan, assigning a port as untagged makes it act as if it was on the seperate network.
    Thanks robk. I have tagged all the switch ports that connect directly to the AP's to use VLAN 2. If I read you right do I also need to tagg the trunk uplink ports between switches to VLAN2 also.

    At present looking at the switches the VLAN2 does not have any settings for IP address, does this option need configuring. If the VLAN2 is a separate network it will use its own subnet and gateway, would the new proxy be the gateway ?

  4. #4

    Join Date
    May 2008
    Location
    Norfolk
    Posts
    111
    Thank Post
    16
    Thanked 2 Times in 1 Post
    Rep Power
    13
    Have manually set IP addresses for all the switches on the VLAN2 to the new private address range and subnet. Still can't see how the VLAN2 (Guest SSID ) traffic will route from the AP's to the new proxy. Still have some way to go yet me thinks but any sugestions welcome.

  5. #5
    robk's Avatar
    Join Date
    Nov 2005
    Location
    Ashbourne
    Posts
    654
    Thank Post
    165
    Thanked 124 Times in 103 Posts
    Blog Entries
    1
    Rep Power
    47
    Ah, think of vlan 2 as a old unmanaged network. Your router will give the network addresses etc so you don't need to worry about switch addresses in this case.

  6. #6

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,607
    Thank Post
    49
    Thanked 444 Times in 330 Posts
    Rep Power
    136
    Simple rule, if a port carries more than one van it needs to be tagged.
    A port can belong to any one van in an untagged state.
    Uplinks are normally tagged with all vlans that are needed on all switches.
    Draw a simple map use different colours for each vlan.
    Where you have two colours tag the appropriate vlans.

  7. #7

    Join Date
    May 2008
    Location
    Norfolk
    Posts
    111
    Thank Post
    16
    Thanked 2 Times in 1 Post
    Rep Power
    13
    Quote Originally Posted by m25man View Post
    Simple rule, if a port carries more than one van it needs to be tagged.
    A port can belong to any one van in an untagged state.
    Uplinks are normally tagged with all vlans that are needed on all switches.
    Draw a simple map use different colours for each vlan.
    Where you have two colours tag the appropriate vlans.

    Useful info, like the map idea.

    Still unsure of routing GUEST traffic to our second proxy even though they are all now on the same VLAN.

SHARE:
+ Post New Thread

Similar Threads

  1. A Definitive Guide ... to guest / student devices on a wireless network.
    By GrumbleDook in forum Netbooks, PDA and Phones
    Replies: 8
    Last Post: 19th April 2010, 02:07 PM
  2. HP msa750 wireless guest access?
    By nicholab in forum Wireless Networks
    Replies: 0
    Last Post: 9th October 2009, 09:27 AM
  3. Wireless Guest Access for PDA's,Laptops,IPhones using VLAN
    By steveo2000 in forum Wireless Networks
    Replies: 15
    Last Post: 28th July 2009, 11:07 AM
  4. Wireless Guest Access
    By steveo2000 in forum Internet Related/Filtering/Firewall
    Replies: 9
    Last Post: 19th March 2009, 06:41 PM
  5. VLAN for guest internet access
    By plexer in forum How do you do....it?
    Replies: 3
    Last Post: 17th December 2007, 12:50 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •