Guest network with WAP321

Hello everyone.
My client has a WAP321 Wireless N  POE AP.   It is connected to  port g0/2 on an ESW-520-24 cisco switch.  I have a Cisco 5505 firewall with an unlimited user base license.   Is it possible to setup a guest network that is on a different subnet than my internal LAN. If so can someone please direct me to doing so.
Thanks

Hello,
I believe what you are describing is possible, although it will mostly come down to configuration on the ASA.  I know you mentioned you have an unlimited users license, but do you also have trunking in your license?  By default the 5505 only allows three VLANs, and they are used in a way that there isn't an extra one for you to use unless you have the Security Plus license (which raises your VLAN limit to 20).
You may be able to get around this by configuring the ESW to run in Layer 3 mode, and have it do all of the routing between the two VLANs, however there would still be quite a bit of config to be done on the ASA to get it to NAT and route for the VLANs behind it.
I can't really offer too much assistance on the ASA, since it isn't a Small Business device, so you may need to speak to TAC about setting that up.  However we can help setup the ESW to handle multiple VLANs, but I would check on your ASA before we move forward with that.
As for the AP, it is capable of multiple SSIDs on different VLANs, and on the ESW you would configure a trunk port going to the AP to pass both VLANs to it, but again I'd advise against doing any of that until you find out how/if your ASA will be able to handle multiple VLANs.
Hope that helps point you in the right direction,
Christopher Ebert - Advanced Network Support Engineer
Cisco Small Business Support Center
*please rate helpful posts*

Similar Messages

  • Guest Networking with Time Capsule - bridge mode?

    Hi, hopefully someone can help.
    I'm trying to set up guest networking with my time capsule but it's currently set up in bridge mode so it wont let me.
    When I try it in public IP address mode it says 'The DHCP range you have entered conflicts with the WAN IP address of your Airport wireless device'
    I'm completely new to networking and have no idea what most of these terms mean, despite googling them all!
    Can anyone advise on what I need to do to get it all set up?
    Thanks in advance, any help much appreciated!!
    Andy

    Is there no way I could switch off part of the router so it just becomes a modem (or are they completely different things)?
    It might be possible to convert the gateway to function as a simple bridge only modem, but that would involve checking with the support folks for the device. I doubt that your service provider will provide any assistance with this, because they will likely claim that this type of configuration is not supported.
    So, look to see who actually manufactured the device and check with their online forum or support site to see if the conversion to a simple bridge only modem is possible.
    You don't indicate whether you have cable of DSL service, and that will of course affect things as well. If you need to go to a simple modem, the best choice is always a device offered by your service provider, so that you will be supported in the event of Internet connection difficulties.
    If you try an off-the-shelf modem and have any problems, your service provider will offer little or no support. Often, you can get a free modem from your provider in return for a commitment of a year's service. Might be worth checking that out.

  • Connecting to guest network with iPhone ios5

    After upgrading to iOS 5 my iPhone doesn´t work on the guest network on my Time Capsule (It connects, but internet won´t work). The reason seems to be that the assigned IP is not in the range defined for the guest network (but rather in the ip-range for my main network). Both my Macs and ipads get the right ip-address. I`ve tried this with 3 different iphones.
    All phones worked on the guest network before upgrading, and still works when I connect to my main wi-fi network.

    Did you perform a full power cycle and reset of your modem as follows?
    Push the reset button on the modem
    Power off the modem
    Pull the battery if it is easily accessible
    Power down all other devices on your network, order is not important
    Wait 30 minutes ( It sometimes takes even longer for the equipment back at the cable company to fully reset so that it will issue you a totally new fresh connection. The cable company will never admit this.)
    Reinstall the battery if you pulled it from the modem
    Power up the modem and let it run by itself for 3-4 minutes
    Start up the AirPort Extreme and let it run for 3-4 minutes so that it will fully associate with the modem
    Start each device up on the network one at a time about a minute apart
    Check for operation.

  • Using an airport extreme in both bridged mode and guest network with DHCP

    I currently use a third-generation airport extreme in bridge mode to connect my various Mac servers To the Internet. I'm using bridge mode on the AirPort Extreme because I have up to five static IP address (only using three now) I am currently not using the wireless network, and none of the servers are serving DHCP. I am looking at the Newer airport extreme with guest network Wi-Fi. My question is, does the new airport extreme base station support bridge- mode for any devices and host DHCP for the guest network connecting wirelessly to the base station?

    The AirPort Extreme cannot be in Bridge Mode and support a Guest Network.
    The AirPort must be configured to provide DHCP and NAT services if you want to enable the Guest Network function.
    If you really do have a 3rd Gen AirPort Extreme, it will support the Guest Network feature if you connect the AirPort directly to a simple modem.....not a modem/router or gateway type of devices.......and configure the AirPort to provide DHCP and NAT services for the network.

  • Guest network with a webpage to gain access

    Hi! How can I add a webpage like starbucks or shops or hotels to my guest network. Like a disclaimer befor dudes begins to enjoy access to internet trough my guest network?
    thanks!

    Sorry, but this is not possible with the AirPort Extreme.
    It is possible to add a simple message to the effect of "Welcome to the XYZ Network" when users log on to the network, but you will see the same message on either the "main" or "guest" network.
    If you want to do this....
    Open AirPort Utility - Click Manual Setup
    Click the Internet icon
    Click the DHCP tab
    Enter the message in the DHCP Message area and click Update to save the changes
    Allow 25-30 seconds for the AirPort Extreme to restart

  • Trying to create guest network on wap321 and sg200-50p using VLAN

    I have a SG200-50P and a WAP321. I am trying to create a guest wireless network using a separate VLAN on the WAP321. I have the production traffic on VLAN 1 and the guest network is on VLAN 100.
    The WAP321 is plugged in to port 7 on the switch. It is configured as follows:
    Trunk Port, 1UP, 100T, Ingress filter enabled
    The DHCP server is on port 22 and is configured as follows:
    Trunk Port, 1UP, 100T, Ingress filter enabled
    The production wireless client is able to work fine on VLAN 1.
    When I try to connect a device using the Guest network, the DHCP request does not appear to ever make it to the DHCP server. If I separate the Production network off of VLAN 1 and change the Untagged VLAN ID to a different VLAN than 1 (Management VLAN ID), the same thing happens to the client when it tries to get an IP address from DHCP.
    What am I missing here?

    I have the VLANs configured on the WAP321. VLAN 1 is the Mgmt and general VLAN and the VLAN is configured for the Guest network. I did a Wireshark trace and for some reason the pakets for VLAN 100 (Guest network) on the WAP321 are not getting to the DHCP server. I see them on the WAP321 using the packet capture, but there is not any response to them. I do not see them coming in at the DHCP server.
    When I connect to the WAP321 using the production SSID I see the same ackets at the AP and also coming in to the DHCP server. That is why I am so confused. I can't figure out why they do not get to the server. I was wondering if I have something configured wrong on the SG200, but this is new territory for me and I do not know what I am missing. I have taken some screen shots of the SG and WAP config screens in case it might help.

  • Setup Guest Network with OS X Server and Airport Extreme - NEED HELP!

    Hi All,
    So I have a small business with a Mac Mini Server (10.6.5) and an Airport Extreme. The Airport is handling the routing and DHCP duties, while the Server is handling the DNS. The Airport is pointed to pull DNS from the Server. All internal systems work great accessing the internet and folders on the Server.
    I need to setup a Guest network for internet access, so I turned this function on in the Airport Extreme. It sets up fine, but if you connect to that new Guest Network the system hangs trying to open a web page. My thinking is since the Server is the one handling the DNS it is not working for Guest computers since they are not part of our internal network. At least that is my theory, I could be wrong.
    With this type of setup what do I need to modify to get this working? Anyone have any ideas?

    After trying for days to figure this out I was finally able to get a working solution and I now have my APE providing a guest and main network while using my lion server as the Dsn server for the main network.
    The setup is a bit of a hack and does require you to have at least two devices with staticly assigned ip information on the main network but it does allow you to serve dhcp for both networks from the server and make some services available to the guest network such as iTunes remote for parties.
    1) delete your custom Dns entries from the Internet settings in the APE and set two dhcp reservations for .2 and .3 (in this case my Mac mini server and my airport express)
    2) reduce the dhcp range to only have 2 available IPs (10.0.1.2-10.0.1.3) and save settings
    3) on a computer connected to the main network install wireshark and begin sniffing for packets. Connect at least one device to your guest network and look for any packets that have an ip from your guest network (usually 172.16.42.x) once you capture one of these packets expand the vlan information. This should list a vlan ID ( in my case this was 1003. I would suspect this is universal but do not know)
    4) on your server open network preferences, click the gear at the bottom and click "manage virtual interfaces", add a vlan that matches the vlan ID from above. Click ok and apply your settings. The vlan interface should get an ip in the guest network range from your APE.
    * if you are running lion you will need to install server admin tools before proceeding*
    5) open server admin and add the dhcp service. Create an entry for your primary network (ex: 10.0.1.x) make the dhcp range one higher than the settings in step 2 ( ie: 10.0.1.4 to 10.0.1.253) assign this to the physical interface. Make sure this entry has your internal DNA servers
    6) add another entry for the guest networks ip range (ex: 172.16.42.x) again set it one ip higher than step 2 ( 172.16.42.4 to 172.16.42.253) save and activate both ranges. Assign this range to the vlan interface. Make sure this entry either contains your isps dns servers or another public dns server. Turn on dhcp.
    Because you have now assigned the only two addresses in the APEs pool for your primary network to static entries there will not be any addresses to assign and the APE will not respond to requests. This will allow your server to pick up the work of assigning IPs. As for your guest network, the APE will assign IPs for two host and then stop. Your clients may either get an IP from the APE or the osx server so both should have the same info. Just make sure the two static clients on your main network have the local DNA servers entered manually.

  • Unable to Create Guest Network with Time Capsule

    Time Capsule version: 7.6.1, AirPort Utility: 6.0(600.92), Cabel Modem Ambit U10C018, iMac w/ Mac OS X (10.7.3)
    I have the Time Capsule installed as the only router. The Network settings, Router Mode is: DHCP and NAT. I am unable to find any tab or button for "Advanced" that will allow me to set up a guest network.  I am pretty sure that cable modem does not function as a router because when I changed the Time Capsule to Bridge I was unable to make any wireless connections. 
    Any help woudl be greatly appreciated, but I will be away from the computer for the next 3 hours.

    We will assume that your Time Capsule is not one of the 1st Generation models, which did not have Guest Network capability.
    But, if your Time Capsule is a few years old, or you purchased it from another user....you may have a single band version of the product....which cannot offer the Guest Network option.
    If your Time Capsule has the capability....here is how to set up the Guest Network
    Open AirPort Utility and click on the Time Capsule icon that appears
    Click Edit in the next window that appears
    Click the Wireless tab at the top of the window
    Enter a check mark next to Enable Guest Network
    Edit the name of the network as you wish
    Select Wireless Security...either WPA2 Personal or WPA/WPA2 Personal would be good
    Enter a password for the Guest Network and verify
    Click Update at the lower right

  • Extend both main and guest networks with a 2nd Time Capsule?

    I have a 4th generation 2TB Time Capsule set up to broadcast primary and guest networks.  I am running out of storage.  I would like to increase my storage and I would also like to extend both primary and guest networks.
    I currently use an older Linksys router (WRT330N) operating in bridge mode (wired connection to the TC) to extend the primary network, but it does not extend the guest network.
    If I purchase a second (5th generation) Time Capsule to replace the Linksys, can it be set up to extend both the primary and guest networks?
    From searching the forum, it appears not, but I'd like to confirm.  Is true for both both wireless and cabled range extension options?
    If I'm not able to extend the guest network this way, I'm inclined to settle for extending the primary network as I currently do and look for other ways to increase my network storage capacity (e.g. by upgrading the drive in my existing TC).

    If I purchase a second (5th generation) Time Capsule to replace the Linksys, can it be set up to extend both the primary and guest networks?
    Yes, either using wireless or an Ethernet connection between the two Time Capsules, providing that the 4th Gen Time Capsule is running at least firmware version 7.6.3.
    A wired Ethernet connection between the two Time Capsules is highly recommended. If you plan to extend using wireless, the second Time Capsule will need to be located where it can receive a very good signal from the first.

  • Extending Time Capsule primary and guest networks with 2nd Time Capsule

    Hi
    I have two Time Capsules. The first is configured to run a primary and guest network. It is connected to an ADSL modem. All of this works fine.
    The second Time Capsule is cable connected to the first, in a 2nd location (a next door building).
    I want the 2nd Time Capsule to extend _both_ primary and secondary networks in its location.
    How do I configure the 2nd Time Capsule (and the first if there is anything I have to do there to get this to work).
    Please! and thanks...
    Graham

    Sorry, but the Guest network cannot be extended either through wireless or Ethernet.
    If you would like to see this feature in a future product, you might want to let Apple know
    Apple - Time Capsule - Feedback

  • Is a guest network with password the best choice for tenants?

    My mom bought a new Airport Extreme 802.11n to use when she switches from AT&T to Time Warner. Everyone uses PCs. I'm assuming that allowing my mom's tenants access as guests will keep them out of my mom's network.
    However, are there security problems associated with the tenants using the network to gain access to one another's computers?
    Also, my mom paid her computer guy to set up her AT&T router. Is this necessary for setting up the Airport Extreme with reasonable security?

    Hi,
    Try the [Certification forum| http://forums.oracle.com/forums/forum.jspa?forumID=459]
    or explain your doubts regarding the choice you're facing.
    Because: I have no clue what's the difference between 144 and 147.

  • Wireless only working with guest network?

    I've just about gotten a new TC working, but strangely it the wireless only seems to work on the guest network. Have checked the password, and its correct, but still no joy.
    I didn't think it was that big a deal, but now I'm wondering if its stopping me seeing old backups when going in to TM, as when I do it only shows me the current situation, and no backups. Which kinda makes sense, as I guess the whole idea of logging in as a guest is that you don't have access to files.
    Also - when on the guest network, the TC doesn't show up in AU, presumably for the same reason.
    Any ideas what's going on here, assuming the password is correct for the non guest network?
    Thanks.

    How about a "new" wrinkle: I can only acquire TC/Airport on the Guest Network, with both a new Mac Book Pro and recent iMac desktop. Plus, Airport Utility will not recognize any wireless device in the house (such as the TC!) Thus, I cannot access any manual settings. Advice or fixes?
    Also experiencing slow or limited buffer rates while watching You Tube, etc... Colleague suggested resetting the unit (unplugging router and power and putting laptop in close proximity to TC), and, for an instant, Airport Utility did recognize TC long enough for me to manually set to another channel to avoid interference.
    New TC purchased at Best Buy (had coupons!). Time Machine side works fine. Still frustrated that all is not working as it should...

  • Airport Extreme 802.11AC + 5th Gen and guest network access

    I have the current gen Airport Extreme 802.11AC with a 5th Gen extending the network. With this setup, I am unable to login using our guest network setup. I have tried using guest network with a password and one without but its the same results. When a guest logins, it stuck attempting to login with no error messages.
    So is it possible to have this configuration and still have guest network access?

    Please review what I said originally.......that the guest network function on the AirPort Extreme is designed to work with a simple modem......so the AirPort acts as the main router for the network..
    Another way of saying the same thing is that the AirPort needs to be "in charge" of your network for the guest feature to work correctly. The AirPort cannot be in charge if it is connected to another device that is already configured to be the main router on your network.....your Actiontec modem/router.
    The Actiontec device combines the functions of a separate modem and a separate router in one package. This type of device is known as a modem/router, or also known as a gateway.
    Some folks call a modem/router or a gateway......a modem. So, things can get confusing.
    I do not know if it is possible for the Actiontec device that you have to be configured to act as a simple modem.....so the routing functions of the device are completely turned off. (Turning off the wireless on the Actiotec does not turn off the routing function).
    If you turn off the wireless on the Actionec, it becomes a modem and a wired router. And that wired router is still in charge of your network.
    The guest network feature will not work correctly unless the AirPort is in charge of your network.
    My suggestion was for you to ask your Internet Service Provider (ISP), if they could supply you with a simple modem.  That is all that you need. You don't need two routers....and the Actiontec that you have now is not allowing the guest feature to work correctly.

  • Wired + Private Wireless + Guest Networks

    I'm attempting to setup a configuration that I don't seem able to get correct. I have a small wired network at my church with a file server and a couple of dozen users, some of which have laptops and would like to be able to roam wirelessly through the building. In addition, I would like to have an unsecured wireless guest network for visitors which provides access to the internet and does not have access to the file server.
    The specifics are a wired 192.168.1.xxx network with a NAT'd DSL modem/router. I have 4 Airport Extreme dual radio N devices. I've tried setting the first Airport Extreme unit to shared IP, the only setting that allows me to also use a guest network, with a private SSID handing out 172.0.xxx.xxx addresses and a guest network handing out 10.0.xxx.xxx addresses. It seems logical to me that I would want to used bridged mode to allow my private wireless uses to see the server, but the Airport Extreme tells me I can not use a guest network with that setting.
    With this setup, I can not get to my server by name, but I can get to by IP address. I guess that's not a huge problem since I have such a small number of users, I can add the server IP address to a hosts file on each client. What bothers me most is that I can get to the server IP from the guest network as well as the private network. Am I missing something?
    My second point of confusion is when I try to configure the other 3 Airport Extremes to extend the network. The configuration tools asks me which wireless network I want to extend, and allows me to choose only the private network OR the guest network. I thought it should be able to extend both networks simultaneously. Am I mistaken on this as well?
    I'm certain I've left out plenty of information you may need to assist so please ask, I will gather what ever I can. Thanks in advance.

    Hello muellgre. Welcome to the Apple Discussions!
    Unfortunately, Apple does not provide you with very many options when it comes to their Guest network feature. It is basically designed to work with a single AirPort/Time Capsule router in your network configuration.
    As you have found out, it will only be available if you have the AirPort configured as a NAT router and not as a bridge. Also you cannot extend a Guest network. I'm actually surprised that you were given this option.
    Since you have a DSL gateway upstream of your AirPorts that is performing as your primary Internet router, you would want all of your AirPorts to be configured as bridges. Regardless if you were connecting them all back to the DSL gateway by Ethernet or creating a WDS extended network.
    If you go the route of configuring a single Extreme as a router, you will have a Double NAT configuration, which is not bad in itself, but does add some complexity when attempting to share between network segments.
    One option would be to reconfigure the DSL gateway as a bridge, and then, configure one of the Extremes as a router to allow it to handle NAT & DHCP services for the network. This will also give you your guest network. You can also extend this Extreme with the others, but not its guest network ... so, overall, this might not satisfy all of your networking requirements.

  • Set up guest network?

    I just set up new time capsule, no problems , up and running.
    Going from Airport Extreme to Time Capsule.
    On Exteme I had a Guest network, I cannot figure out how to
    set up Guest Network with Time Capsule, arrgggh!
    Any suggestions? Model #A1470
    Thanks

    The Guest Network feature will not work correctly if the Time Capsule is in Bridge Mode, so it might make sense to check that first.
    On your Mac....
    Open Macintosh HD > Applications > Utilities > AirPort Utility
    Click on the Time Capsule
    Click Edit in the smaller window that appears
    Click the Network tab at the top of the window
    Check to make sure that the setting for Router Mode is set to DHCP and NAT
    If it is, you can proceed to the next step. If it is not, do NOT proceed any further. Post back with the make and model number of your modem.
    Click the Wireless tab next to the Network tab
    Enter a check mark in the box next to Enable Guest Network
    Type in a name that you want to use for the Guest Network
    Security should be WPA2 Or WPA/WPA2 Personal
    Type in password that you want to use
    Verify the password
    Click Update at the lower right an allow a full minute for the Time Capsule to restart

Maybe you are looking for

  • Why doesn't Thuderbird IMAP my BT account in the inbox? It maps sent items and draft, but gets stuck 'thinking' about the inbox.

    I have just migrated to a new laptop and have set up Thunderbird with various work and personal accounts. All the gmail accounts work fine, but the I am experiencing some problems with my btinternet account. 1. When it sends an email if gets stuck at

  • InDesign CS6 print number of copies issue

    Hello! I have a document that I needed 25 copies of, so I set the # of copies to 25 and off it went. No issue. However, now when I go to a different doc and I print, the # of copies stayed at 25 when I only needed 1. I have to remember to change the

  • Dataource transport resulting in error

    Hi Experts, In production one datsource 80MATERIALM was inactive. The source of this datasource is another BI system . I again captured the active datasource in development and transported it to production . The transport was successful in test syste

  • Infoset data validation

    hi experts, i need small confirmation wheather i'm doing correct or not. I have created infoset based one cube and 2 ods. e.g: C1, ODS1,ODS2(this ODS doesn't have chanle) the similar key are material, country, chanel, 0calmonth. Note: In my ODS havin

  • I can,t hear YouTube videos on my ipad

    I can hear some things. I can see the videos posted on Facebook but I can't hear them all. It seems it's mostly YouTube that I can't hear. Any suggestions? BTW I can hear them on my iPhone.