OK, following on from my original request for help http://www.edugeek.net/forums/networ...ru-ruckus.html, I am now starting to get myself bogged down in what exactly I need on the back end with regard to security. As I said in my oiriginal question, I am looking at ensuring that any guests connecting to an AP (using a different SSID) would only be able to get out onto the internet and would not be able to touch the network at all. As far as I could see Aruba did this without the need for setting up Radius or anything else of that nature, Am I correct with this? Is it the case that with Ruckus and Meru (don't know anything about Xirrus yet) there is the need to set up either Radius or VLANS? I realise that it could be the case that I'm getting confused, but I just need a little clear guidance here.
Any help much appreciated.
VLAN it all the way, be the easiest solution.
VLAN sounds good. Don't forget the ACL's to block the VLAN from being routed to the rest of the network/VLAN's :-)
I haven't read the other thread but they probably set the RADIUS up for authentication.
I believe all 3 systems (Ruckus and Aruba do as I have worked with both systems)have captive portal functionality that can authenticate to an internal database of users/ gest passes or Active Directory for existing users.
Do you mean an internal database within the controller for those users not on active directory? (thanks for the help guys!)
2 VLANs is the answer. Trunk the 2 VLANs down to you AP, manage it in your private network and present the public as another SSID. You will need to route a different subnet for your public network and use ACL's or a firewall to separate the two networks.
What hardware are you using for switching/routing?
At present we have a load of old D-link kit DES 1024Rs, a DES-6000 and a Cisco 2800, but were looking at upgrading a fair few of the switches, we are looking at the Cisco Small Business SG 200-26P 26-port Gigabit PoE Smart Switches, just to get the backbone up to 1gb and also have PoE ports for wireless APs. But if Aruba et al can zone off guests (Aruba's controller has a built in firewall which does this apparently) why do I need to go down the VLAN route?