Q:
VLAN for Public Wifi
Hi,
I was hoping someone could help me out with my HP ProCurve 4208vl switch. It's in a mostly default configuration:
switch (default vlan)
ip: 10.1.1.95
default gateway: 10.0.0.1 / 255.0.0.0.
I would like to create a second VLAN for a Public Access WiFi. I have a DHCP server running on one of the ports of the Default VALN. My problem is. I would like to use the last port on the switch for my public Wifi: F24. I've created a second VLAN with ID 2 and *think* I've moved port F24 to from VLAN 1 to VLAN 2. What I would like in the end is to have VLAN 2 use default gateway / router (10.0.0.1) and the DHCP server from the default VLAN. Been playing around a while, but screwing up could be a 'hangin' offense for me.l
If anybody has a sample config I would be *greatly* appreciative. Note: Using a Access Point from Linksys with 4 SSID's. I have configured SSID to go to default VLAN and second SSID to VLAN ID 2 on AP.
Thanks!
Software/Hardware used:
HP procure 4208vl, Linksys AP
I was hoping someone could help me out with my HP ProCurve 4208vl switch. It's in a mostly default configuration:
switch (default vlan)
ip: 10.1.1.95
default gateway: 10.0.0.1 / 255.0.0.0.
I would like to create a second VLAN for a Public Access WiFi. I have a DHCP server running on one of the ports of the Default VALN. My problem is. I would like to use the last port on the switch for my public Wifi: F24. I've created a second VLAN with ID 2 and *think* I've moved port F24 to from VLAN 1 to VLAN 2. What I would like in the end is to have VLAN 2 use default gateway / router (10.0.0.1) and the DHCP server from the default VLAN. Been playing around a while, but screwing up could be a 'hangin' offense for me.l
If anybody has a sample config I would be *greatly* appreciative. Note: Using a Access Point from Linksys with 4 SSID's. I have configured SSID to go to default VLAN and second SSID to VLAN ID 2 on AP.
Thanks!
Software/Hardware used:
HP procure 4208vl, Linksys AP
ASKED:
Aug 18 2009 1:41 AM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
A:
RATE THIS ANSWER
0
Click to Vote:
0
Click to Vote:
- 0
0
vlan 2
name "Public"
tagged F24
ip address a.b.c.d 255.255.255.0
exit
Where a.b.c.d is the subnet IP address for this router in the new VLAN. This will be the default gateway address for this VLAN.
This is tagged to the Access-point as you say you have already configured the vlans on that device, and vlan 2 is the public access SSID.
To pass the DHCP requests to the server in VLAN 1 you need to add the following commands
vlan 2
ip helper-address e.f.g.h
exit
Where e.f.g.h is the IP address of the DHCP server. This passes the DHCP request from the stations in VLAN2 to the DHCP server. Obviously you need to create a scope in the server for the Public subnet.
The other things you will need to do are to allow the new subnet to have Internet access in the configuration of the Internet router. This includes the NAT (address translation) and adding a route to the new subnet, via the Procurve.
You should also add an access list on the VLAN interface, to prevent the public network users having access to the private network.
Create the access list as follows
ip access-list extended 100
permit udp 0.0.0.0 255.255.255.255 eq 68 0.0.0.0 255.255.255.255 eq 67
deny ip 0.0.0.0 255.255.255.255 {vlan 1 subnet} {vlan 1 subnet mask}
permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
vlan 2
access-group "100" in
exit
This should allow the DHCP packets to the server (which this interface receives as a broadcast), but deny any other access to the private VLAN, and still allow any further traffic to the Internet. You may need to add more permit statements at the start of the access list, if you have a local DNS or any other systems that are needed by the users on the Public VLAN.
I think that should sort you out, or at least get you on the road to having this solution working.
