AX guest network using vlan in the switch

Hi!
I'm thinking of setting up a wlan and guest wlan by setting up separate Airport Expresses on different VLANs. The new gen. The setup would be 3 AXs on the internal network and 3 AXs as guest network. VLAN1 is internal and VLAN2 is guest. All AXs wil lbe set up in brigde mode. The AXs aren't VLAN aware so they'll just pass along whatever packets coming their way, right? I will configure the switch to use VLAN1 on all ports except 4 on VLAN2. 3 for the AXs and one to hte firewall that also provides DHCP for VLAN2.
Would this work OR have i missed something vital here?
/Hasse

Thanks for the info, Unfortunately, as suspected the Arris model that you have is known as a "gateway", or "modem/router".
The AirPort Extreme recognizes that there is another router "upstream" on the network, so it correctly chooses the Bride Mode setting to allow correct operation on the network.
The downside to this is that the Guest Network cannot be enabled when the AirPort is configured in Bridge Mode.
If the Guest Network feature is important to you, check with your service provider to see if they can supply a simple modem to connect to the AirPort Extreme.....not a "gateway" or "modem/router" device.

Similar Messages

  • Does the guest network use more electricity?

    Does turning on the guest network cause the Airport Extreme to use more electricity?
    I wonder if I can save some money by turning it off since I don't have guests over that require WiFi very often. Also would the unit run any cooler w/o the guest network?
    Thanks for your help.
    Olaf

    Does turning on the guest network cause the Airport Extreme to use more electricity?
    Of course.
    Also would the unit run any cooler w/o the guest network?
    Maybe marginally.

  • Trying to set up a wireless guest network using Airport base station.  The first network setup was fine but the second one doesn't work.  Any suggestions?

    I purchased the new Airport base station that allows for a wireless setup of a primary network and a guest network.  The primary network installation worked great but I cannot get the guest network to work properly.  Any suggestions on how to make it work?

    The AirPort base station is designed to connect to a simple modem......not a modem/router or gateway device that is often furnished to users by Internet Service Providers.
    So, the first troubleshooting question would be to find out what the make and model of the device that you call your "modem" might be.....to see if you have the right kind of product that will allow the Guest Network to operate correctly.

  • Wireless Guest Network using Cisco 4402 as an Anchor Controller

    Hello,
    We have recently redesigned our wireless guest network in accordance to Cisco's recommended deployment using the anchor controller in the DMZ. We have created two mobility groups (enterprise and anchor). The anchor controller and DMZ has two subnets (guest managment and guest clients). The guest management subnet is connected to the controller and firewall allowing the mobility groups and EOIP tunnels while the guest client network is also connected to the controller and firewall to push the client traffic directly out the firewall. The setup works well but the one part that I'm not happy with is the DHCP. Currently DHCP is being handled on the firewall because of issues we had with dhcp relay and the controllers internal dhcp service.
    Does anyone have any information on getting DHCP relay working or the internal dhcp service on the controllers when using as a anchor?
    This is basically the setup guide that we followed.
    http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/ch10GuAc.html
    Thanks!

    Hi,
    Make sure you have the IP helper address configured under the VLAN interface on the L3 and also make sure to disable DHCP proxy on both the WLC (Anchor and Foreign).
    This will help us as well..
    lemme know if this answered your question..
    Regards
    Surendra
    ====
    Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

  • SG300 - Separating network using vlan?

    I am wondering what the best way to separate a network, both data, on a cisco SG300. I do not want network 1 to able to communicate with network 2 or vice versa.  I have one server for DHCP for network 1, 192.168.1.X. I would like network 2 to have ip of 10.0.0.X, can the cisco SG300 do dhcp for this vlan?
    Thank you for your help,
    Brian

    Hello Brian, the SX300 series do not support any DHCP service, you will need a router or a DHCP box for this. The SX300 can separate traffic with VLAN. However, as the default layer 2, all request will go to your router then route to the destinations. As the switch in layer 3 mode, you may have local connectivity, however, if your router does not support the vlans or dot1q encapsulation, the router would require static routes for those subnets to be able to correctly route to the internet.
    -Tom
    Please rate helpful posts

  • Setting up "Guest" Network Using LRT214 and LAPN600

    Hello, First off I have little experience setting up networks beyond the standard single router/network approach. I would like to be able to setup a non-secured internet access (guest) via our LAPN600 and LRT214 for visitors laptops/phoness.  I see where there can be multiple SSIDs on the WAP and that they would be seperated from seeing other wireless connections; but would they not still have access to any wired devices connected to the LAN? I also see where I could configure a seperate VLAN on the router but am unsure of how to make that play with the WAP to have seperate networks.  Can the VLAN on the router have a separate subnet say 192.168.2.X (vs 192.168.1.X) that the WAP would still have access to?  Or do I have to provide a certain range of IP addresses on the same subnet for each VLAN? Thanks for any help or direction,Mike

    This can be done but is kind of tricky. You will probably have to reset the LAPN600 a couple of times due to configuration errors so best to do this with the LAPN600 at your desk. It's been awhile since I've done this so I'm going by memory. You need to enable VLAN support in the LAPN600 and VLAN 1 as it's untagged VLAN:  Then you need to create a VSSID that is tagged on your LRT VLAN for your guests:  In the LRT you need to have a port untagged for VLAN1 and tagged for the LAPN600 Guest VLAN that the LAPN600 is connected to or something to that effect. I will have to do some config testing later to confirm exact settings but this should be you started.

  • Is there a way to create a virtual network using C# and the Azure SDK/API?

    I don't see a clear way to create an Azure Virtual Network using the SDK.
    I have all the methods to create the virtual network configuration, but no way to submit it:
    IList<string> VirtualNetworkAddressPrefixes = new List<string>();
    IList<string> LocalNetworkAddressPrefixes = new List<string>();
    IList<NetworkListResponse.DnsServer> DNSServers = new List<NetworkListResponse.DnsServer>();
    IList<NetworkListResponse.Subnet> Subnets = new List<NetworkListResponse.Subnet>();
    NetworkListResponse.Gateway Gateway = new NetworkListResponse.Gateway();
    IList<NetworkListResponse.LocalNetworkSite> LocalSites = new List<NetworkListResponse.LocalNetworkSite>();
    IList<NetworkListResponse.Connection> Connections = new List<NetworkListResponse.Connection>();
    VirtualNetworkAddressPrefixes.Add("a.b.c.d/cidr");
    DNSServers.Add(new NetworkListResponse.DnsServer() { Name = "TestDNS1", Address = "a.b.c.d" });
    Subnets.Add(new NetworkListResponse.Subnet() { Name = "Subnet-1", AddressPrefix = "a.b.c.d/cidr" });
    Subnets.Add(new NetworkListResponse.Subnet() { Name = "GatewaySubnet", AddressPrefix = "a.b.c.d/cidr" });
    Connections.Add(new NetworkListResponse.Connection() { Type = LocalNetworkConnectionType.IPSecurity });
    LocalNetworkAddressPrefixes.Add("a.b.c.d/cidr");
    LocalSites.Add(new NetworkListResponse.LocalNetworkSite()
    Name = "On-Prem",
    Connections = Connections,
    VpnGatewayAddress = "a.b.c.d",
    AddressSpace = new NetworkListResponse.AddressSpace() { AddressPrefixes = LocalNetworkAddressPrefixes }
    Gateway.Sites = LocalSites;
    Gateway.Profile = GatewayProfile.ExtraLarge;
    NetworkManagementClient netMgmtClient = new NetworkManagementClient(CloudCredentials);
    NetworkListResponse netlistresp = GlobalSettings.mainWindow.netMgmtClient.Networks.List();
    netlistresp.VirtualNetworkSites
    .Add(new NetworkListResponse.VirtualNetworkSite()
    Name = "TestVirtualNetwork",
    AddressSpace = new NetworkListResponse.AddressSpace() { AddressPrefixes = VirtualNetworkAddressPrefixes },
    DnsServers = DNSServers,
    Subnets = Subnets,
    AffinityGroup = "East US",
    Gateway = Gateway,
    Label = "LabelValue"
    I have also created the entire XML response and sent it to the NetworkManagementClient -> Networks.SetConfiguration() method, but it appears this command expects the virtual network to already be in existence. If anyone could give guidance, it would be
    appreciated.

    Hi,
    As discuss above , we have to create the XML response  ,before that first you have to
    GetConfiguration() details of existing virtual network. 
    string.format("@<NetworkConfiguration xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns='http://schemas.microsoft.com/ServiceHosting/2011/07/NetworkConfiguration'>
                <VirtualNetworkConfiguration>
                <Dns />
                <VirtualNetworkSites>
                <VirtualNetworkSite name=""{0}"" Location=""{1}"">
                <AddressSpace>
                <AddressPrefix>10.0.0.0/8</AddressPrefix>
                </AddressSpace>
                <Subnets>
                <Subnet name=""Subnet-2"">
                <AddressPrefix>10.0.0.0/11</AddressPrefix>
                </Subnet>
                </Subnets>
                </VirtualNetworkSite>",Networkname,location)+(@"<VirtualNetworkSite name=""demodsf1"" Location=""West Europe"">
            <AddressSpace>
              <AddressPrefix>10.0.0.0/8</AddressPrefix>
            </AddressSpace>
            <Subnets>
              <Subnet name=""Subnet-1"">
                <AddressPrefix>10.0.0.0/11</AddressPrefix>
              </Subnet>
            </Subnets>
          </VirtualNetworkSite>  </VirtualNetworkSites>
                </VirtualNetworkConfiguration>
                </NetworkConfiguration>")
    you have to append the node for existing node with new values , i got it its adding new virtual network 
    Best regards,

  • I cant seem to connect to the guest network i created on the airport extreme.

    i seem to have set the base station up ok, but setting up the guest network has me pulling my hair out, i have set this up on my mac however when i try to connect my ipad to the guest network it accepts the password but all i get is that pinwheel forever spinning and not actually connecting. also when i open airport utiliy and see the base station in the top left corner the button that says connected devices when clicked shows nothing, they are greyed out, however when i click on the base station i do see my ipad and iphone and mac.

    Whethere or not the guest network feature will work correctly depends on what type of device is providing your Internet connection.
    The Guest Network will work if you have a simple modem.
    Unfortunately, most Internet Service Providers furnish a modem/router to their customers.....which will not allow the Guest Network feature to be activated correctly.
    If you are not sure whether you have a modem or modem/router.....post back with the make and model number of the device that you call your "modem".

  • Flapping vlan's after guest network setup

    Hi,
    I did quite abit of work on our wireless network last night and I'm seeing alot of these logs on our core switch after the work...
    069130: Feb 16 12:36:20 CST: %SW_MATM-4-MACFLAP_NOTIF: Host 0018.de81.37ed in vlan 140 is flapping between port Gi1/0/37 and port Po2
    069131: Feb 16 12:37:44 CST: %SW_MATM-4-MACFLAP_NOTIF: Host 0021.5c46.12cd in vlan 140 is flapping between port Po2 and port Gi1/0/37
    069132: Feb 16 12:39:10 CST: %SW_MATM-4-MACFLAP_NOTIF: Host 001d.e058.f78b in vlan 140 is flapping between port Gi1/0/37 and port Po1
    The network here is in the shape of a "V" using 3750-E stacks with the bottom of the "V" being the core 3750-E stack doing the routing for our vlan's. I have 20Gig channels (LACP) creating the "V" between the stacks...Po1 and Po2. I have about 20 1252's and six 1131's connecting back to a 4404 controller...the controller is connected to port 1/0/37 on the core stack.
    My vlan's are..
    900 - Management vlan
    140 - secure wireless
    144 - employee guests
    145 - guest
    I setup our guest networks and H-REAP local switching last night. All wireless networks seem to work fine including the web authentication page for my guest networks. I configured the controller switch interface as a trunk, native vlan 900, and allowed the four vlan's above on the trunk. I did the same to all my AP's...configured the switch interfaces as trunks, native vlan 900, and allowed the four vlan's above on the trunk.
    All the AP's were set to H-REAP local switching, native vlan 900 on the controller H-REAP page and the VLAN ID's are correct on the three SSID's I have.
    I initally had LAG configured on the controller (this is the last item I did) when I noticed the logs. I removed the three additional interfaces from LAG on the switch, removed the port-channel etc... but the flapping continues.
    Did I do something wrong???

    Thanks Fella5,
    Been on the phone with TAC for 4 hours.
    Looks like since I was running H-REAP local switching and the AP interfaces were trunked, the controller interface trunk should not have had the 140,144 and 145 vlans on them.
    I now have only the management vlan (900) on the controller trunk and the native vlan is set to 900 as well....do I even need a trunk to the controller??
    Anyway, it looks like it's working. I can see clients connected, getting IP addresses, the vlan flapping is gone and I can ping them from around my network.
    Thanks for all the posts you and others give on H-REAP, guest networks etc. I did all my configuration from this forum and I really appreciate it.

  • Does or will the Airport Extreme be able to share the Guest network to a Ethernet port?

    Did not know if there was or possibly will be the ability to seperate ethernet ports to make a hardwired guest network?

    Sorry, not possible to extend the Guest Network using either wireless or Ethernet.
    You might want to let Apple know on any new features that you want to see.
    Apple - AirPort Extreme - Feedback

  • I created a "guest" network on my Time Machine router, but now i can't remember the password.  How can I reset the password on that guest network?

    When I upgraded to Time Machine to replace my Apple Airport, I created a "guest" network as well as a main network for the family.  Now I can't access the guest network, likely because I am not using the right password.  I have forgotten (if I ever knew) how to edit the password requirements for a network.  Any assistance would be welcome.

    On your Mac.....
    Open Finder > Applications > Utilities > AirPort Utility
    Click on the Time Capsule icon, then click Edit in the smaller window that appears
    Click the Wireless tab at the top of the next window
    The settings for the Guest Network are located in the center of the window, below the settings for the "Main" network.
    Edit/backspace out the password for the Guest Network and and then Verify the password again
    Click Update at the lower right of the window and give the Time Capsule a full minute to restart
    It might be a good idea to write down the new password that you created and keep it in a safe place.

  • Does the dot1q native VLAN need to be defined on the switch?

    I understand the issues with using VLAN 1 as the native VLAN on a dot1q trunk. I follow best practices and change the native VLAN to a VLAN that does not carry any other traffic (switchport trunk native vlan x). I usually go a step further and do not define the VLAN in the switch configuration. This way if traffic bleeds into the native VLAN because it is untagged then it cannot go anywhere.   So if I use VLAN 999 as the native VLAN, I do not create VLAN 999 on the switch.   I’m curious if anyone else does this or if there are any thoughts on whether this is a good or bad practice? 

    If you are tagging your native VLAN but do not have that VLAN in the vlan database - it makes no difference if the VLAN exists or not in my opinion. All the vlans on your trunks would be tagged anyway.
    It seems like a clever idea, but not sure if it provides any benefit.

  • Using an airport extreme in both bridged mode and guest network with DHCP

    I currently use a third-generation airport extreme in bridge mode to connect my various Mac servers To the Internet. I'm using bridge mode on the AirPort Extreme because I have up to five static IP address (only using three now) I am currently not using the wireless network, and none of the servers are serving DHCP. I am looking at the Newer airport extreme with guest network Wi-Fi. My question is, does the new airport extreme base station support bridge- mode for any devices and host DHCP for the guest network connecting wirelessly to the base station?

    The AirPort Extreme cannot be in Bridge Mode and support a Guest Network.
    The AirPort must be configured to provide DHCP and NAT services if you want to enable the Guest Network function.
    If you really do have a 3rd Gen AirPort Extreme, it will support the Guest Network feature if you connect the AirPort directly to a simple modem.....not a modem/router or gateway type of devices.......and configure the AirPort to provide DHCP and NAT services for the network.

  • How can I set up a guest WiFi network using Time Capsule and Airport Express extension?

    How can I set up a guest WiFi network using Time Capsule and Airport Express extension?

    Sorry, but it is not possible to "extend" the Guest Network using either wireless or an Ethernet connection.

  • Guest Network access

    Hello,
    Im trying to setup access for our guests to go out a specific interface/ISP
    We have our main connection to our datacenter.
    We also have a little SAT Receiver that we get internet from (10MB).
    I want a specific vlan to go out ONLY to that SAT Receiver connection. Here is my setup:
    Guest Network
    vlan 216
    name WIFI-Guests
    SAT Receiver
    interface Vlan70
    ip address 192.168.151.2 255.255.255.0
    interface Vlan216
    description Guest WIFI
    ip address 10.2.16.1 255.255.255.0
    ip helper-address 10.2.1.26
    Can this be done via vrf, and how? Or is there an easier way?
    Thanks...

    Just noticed that you are using an ip helper-address which means you won't be able to use a VRF effectively as your guest network needs access to the vlan with the DHCP server in it.
    Assuming you want to keep DHCP for this network on the DHCP server then probably PBR is better ie.
    access-list 101 permit udp any any eq bootps log
    access-list 102 permit ip 10.2.16.0 0.0.0.255 any
    route-map PBR permit 10
    match ip address 101
    route-map PBR permit 20
    match ip address 102
    set ip next-hop
    int vlan 216
    ip policy route-map PBR
    note that with the above the first acl has to allow DHCP to get through to the DHCP server. Normally with PBR you would simply use just the one acl eg.
    access-list 101 deny udp any any eq bootps
    access-list 101 permit ip 10.2.16.0 0.0.0.255 any
    but with the 3750 (and some other switches) if you use deny lines in the acl this can cause CPU issues on the switch. So a different acl is used for each PBR entry. The first PBR permit entry uses acl 101 and simply matches DHCP traffic and does nothing so it is routed normally. The second PBR permit statement uses acl 102 and matches all other traffic ie. internet and sends it to the SAT device.
    Also worth saying that all traffic is sent to the SAT device but you should also apply an acl on the SVI for vlan 216 to stop traffic from vlan 216 clients to other vlans. The PBR would send this to the SAT device anyway but the SAT device might then route it back to the switch which you don't want. So your acl would look like -
    access-list 103 permit udp any any eq bootps
    access-list 103 deny ip 10.2.16.0 0.0.0.255
    etc. for each internal subnet
    access-list 103 permit ip 10.2.16.0 0.0.0.255 any
    int vlan 216
    ip access-group 103 in
    Hope all that makes sense. If not please come back with any questions you have.
    Jon

Maybe you are looking for

  • How to load P&L items in SAP

    Hi, before Go-live we take all master data and transaction data from the client. There are two scenarios. 1.Year End 2.Middle of the year in the first case we upload only balance sheet items. 1.inventory 2.AP 3.AR 4.Asset 5.GL depend upon requirement

  • Under the music tab... songs not displaying correctly

    so i just got a new 60 gb ipod video... got home loaded the necessary software and loaded the songs to the ipod. videos, pictures, and songs are all diplaying. with one small problem. when you go into the music tab, instead of seperating it into the

  • Multimedia Hotkeys in Gnome... generally confusing [solved]

    Heyho everyone, I got some weird problems using the multimedia keys of my Chicony KBR0108 USB wireless Keyboard. My system is up to date and I'm using Device Hotplugging in my Xserver, so I use the "evdev" Germany Layout in Gnome. I think all these p

  • Sql server 2000 driver and windows 98

    i know that this has been discussed many times but i cant find an answer to my problem. was hoping someone could shed some light on it. getting the error: classnotfoundException: com.microsoft.jdbc.sqlserver.sqlserverdriver ive set the classpath and

  • DATE/TIME field in SNC Web UI - time field not visible in UI

    Hi, Typically DATE/TIIME field in SNC web UI comes with two separate fields, one for the date (DD.MM.YYYY) and the other for TIME (HH:MM:SS). I need to add an additional date field in the ASN screen in web UI. I was able to add the date field, but th