Guest wlan

[pkjacobsen]

Hello,
How do I configure a guest wireless lan?

My setup:
Internet - pfsense - layer 2 switch - 2 dual antenna AP. The APs are controlled through a wireless lan controller connected to the switch.

I have set up 2 separate vlans (10 and 20) on pfsense, switch, controller and APs. The pfsense acts as a DHCP server on both VLANs, and the APs are handed an IP address, but they are offline for some reason.

I have 2 SSIDs: One for guests on VLAN 10 and one private on VLAN 20. I would prefer to have both SSIDs broadcasted on both APs, but I think it messes things up, since each AP's IP belongs to the separate VLANs.

I have a feeling that the problem relates to the controller not communicating with the APs.

Does anybody have a solution?

 

[Dreamslacker]

Is your L2 switch a VLAN capable switch (smart/ web)?

If not, it might be stripping the 802.1Q tags from packets passing through it.

If your switch is VLAN capable, you need to ensure that the ports connected to pfSense, wifi controller, and both access points are all set to trunk mode with membership in VLANs 10 & 20. The wifi controller should also be set to allow management access on VLAN 20.

Edit: Just an update. There should be no issues with having guest ssid on the AP's since they should work off the primary management VLAN. They don't need an IP on the guest VLAN to function, only that you assign the guest VLAN to the tagged guest VLAN. The clients simply do not need to know the APs' IP addresses to work since the AP effectively acts like a switch to link wifi to ethernet (simple way of looking at it).

 

[remixedcat]

Does the controller have a DHCP server activated?

 

[pkjacobsen]

My switch is vlan capable.
The controller does have a DHCP server, but it is inactive. Shouldn't it be?
My controller is a zyxel NXC2500. I have set up three adresses with IP 192.168.1.2, 192.168.10.2 and 192.168.30.2, respectively.
I have tried to do as instructed, but still no luck.

 

[remixedcat]

Here's how I do my VLANs on the router's side:

The second pic is how I do it on the AP side:

Also it has to support trunk ports on the switch or router.

 

[Dreamslacker]

My switch is vlan capable.
The controller does have a DHCP server, but it is inactive. Shouldn't it be?
My controller is a zyxel NXC2500. I have set up three adresses with IP 192.168.1.2, 192.168.10.2 and 192.168.30.2, respectively.
I have tried to do as instructed, but still no luck.

Did you disable Native VLAN on the controller?

Also, are your APs connected to the controller directly or through a switch?

 

[pkjacobsen]

Did you disable Native VLAN on the controller?

Also, are your APs connected to the controller directly or through a switch?

I have looked, and cannot find any buttons to disable native VLAN on my controller.
My APs are connected through a switch.

 

[pkjacobsen]

Here's how I do my VLANs on the router's side:

The second pic is how I do it on the AP side:

Also it has to support trunk ports on the switch or router.

My switch is a Cisco SG200-26P and it supports trunk ports.

 

[pkjacobsen]

On my controller I enabled Tx tagging on the port connected to the switch, and now the APs get IP addresses and are active.
But: They both get IP addresses from VLAN10 e.g. 192.168.10.102 and 192.168.10.103, and the addresses they deliver to clients are a mess: When connecting to the private SSID, they get 192.168.1.xxx and when connecting to the guest SSID, they get a correct address belonging to VLAN 10.
I feel I'm close to a solution since I get IP addresses, but it's cumbersome with the wrong IP addresses being delivered...