3/26/2023 0 Comments Prune old backups duplicacy webui![]() Okay, your guest WiFi VLAN traffic is now battering itself against the LAN-side port of your firewall, so you need to configure the firewall to know what to do with it. ![]() Configure the OPNsense firewall to route the guest VLAN traffic appropriately In this way, VLANs 1 & 2 can pass traffic from the AP, 1 traffic can go anywhere, 2 traffic can only go to and from the firewall. Assign VLAN 2 as tagged to the port into which your firewall (or router) is plugged.Assign VLAN 2 as tagged to the port into which the Cisco AP is plugged.Ensure VLAN 1 is assigned to all ports and is untagged.Ensure you’re using 802.1Q tagging and not port-based tagging.This item will depend upon the switch topology you have and the models of device you use. Configure your switch(es) to pass the VLAN traffic Now you can disconnect from the access point. With all configuration done we need to write it to the EEPROM so that it will survive a reboot, as follows: Channel can be set to your preference for radio0, whilst 5GHz auto-selects the least congested channel automatically. Dot11radio0 is the 2.4GHz radio, whilst 1 is the 5GHz. Doing so also causes the radio configuration to be applied and the radio restarted. Each time we configure an interface IOS drops us into a new shell, so we have to exit the sub-shell each time. Cisco APs do support multiple SSIDs per radio, but I couldn’t work out how to configure it! Let me know if you have a good resource for this. For a dual band device the simplest approach is one network per radio. We now associate the VLAN’ed SSIDs with a radio. not a captive portal or RADIUS or whatever) and guest-mode, bizarrely enough, means broadcast the SSID. For those who’re interested, authentication open means that authentication is handled by the AP itself (i.e. Obviously enough, the items in italics are for you to supply and cannot contain spaces. Here’s the syntax to define two SSIDs (your personal one and the one to be used for guest WiFi):Īuthentication key-management wpa version 2 We need therefore to explicitly name the native VLAN and create the one we’ll use for guest WiFi traffic:ĭot11 vlan-name Guest-WiFi vlan 2 Define SSIDs By convention, the native VLAN is number 1. ![]() The way VLANs work, there is always a so-called ‘native’ VLAN which is that used by any traffic that is not explicitly tagged to use a VLAN.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |