Public & Private Access on same Access Point

Hi folks -
I recently purchased Cisco 1131AG Access Points, which have the ability to create VLAN's. I want to provide staff with wireless access, and also the guests with wireless access.
Staff needs access to all network resources, and public needs just access to the Internet. In addition, I want to limit public to a certain bandwidth in addition to blocking them from downloading movies, music etc.?
Can anyone recommend a way to do this?

You're on the right track. You will need to configure two VLANs on the AP plus a default VLAN (which must be VLAN 1). You can then apply configure an SSID for each VLAN and apply security to each VLAN separately. You will then need to define the VLANs on your switches and configure the APs switchport as a trunk port.
Once you've done this you will need to restrict access from the visitor SSID/VLAN so that all it can do is access the Internet, you'll need some means of issuing clients with an IP address, give them access to DNS, etc.
As to limiting their bandwidth and blocking downloads, can't do that through the AP, that needs to be handled by your Internet connection and the devices that manage that.

Similar Messages

  • Accessing a private variable from a public method of the same class

    can anyone please tell me how to access a private variable, declared in a private method from a public method of the same class?
    here is the code, i'm trying to get the variable int[][][] grids.
    public static int[][] generateS(boolean[][] constraints)
      private static int[][][] sudokuGrids()
        int[][][] grids; // array of arrays!
        grids = new int[][][]
        {

    Are you sure that you want to have everything static here? You're possibly throwing away all the object-oriented goodness that java has to offer.
    Anyway, it seems to me that you can't get to that variable because it is buried within a method -- think scoping rules. I think that if you want to get at that variable your program design may be under the weather and may benefit from a significant refactoring in an OOP-manner.
    If you need more specific help, then ask away, but give us more information please about what you are trying to accomplish here and how you want to do this. Good luck.
    Pete
    Edited by: petes1234 on Nov 16, 2007 7:51 PM

  • Scale out file server client access point using public nic

    Thoughts on this one.
    I have a Scale Out File Server cluster with a Client Access Point. Whenever i talk to the Client Access Point it uses the public nics.
    If i talk to the Scale Out File Server directly it uses the private like i want it to. How can i get the Client Access Point using the private nics?

    Hi JustusIV,
    Could you tell us why you want to modify the CAP use the “private” network, the CAP is used for client access, your clients may can’t access your cluster if modify your CAP
    use private network, if you want know how to modify the CAP of a cluster you can refer the following KB:
    Modify Network Settings for a Failover Cluster
    http://technet.microsoft.com/en-us/library/cc725775.aspx
    More information:
    Understanding Access Points (Names and IP Addresses) in a Failover Cluster
    http://technet.microsoft.com/en-us/library/cc732536.aspx
    Windows Server 2008 Failover Clusters: Networking (Part 4)
    http://blogs.technet.com/b/askcore/archive/2010/04/15/windows-server-2008-failover-clusters-networking-part-4.aspx
    Hope this helps.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Public Access Point Security

    Hi,
    Is it possible to extend the concept of layer 2 ethernet vlans to wifi networks, with a system that allocates a VLAN per user (allowing 4096 users) on wifi connection?
    I was thinking that this could help prevent Man In The Middle attacks as any new user joining a wifi network would be on their own separate subnet isolated from every other user.
    If this is achieved at the SSID level by assigning each one to a VLAN, is it possible to have this happen automatically?
    Is this how public access points work already and if so how is a MITM attack launched?
    Thanks.

    yes and no.
    the WLC will only take 512 interfaces so you could do that many /32 subnets if you really wanted to.  But you wouldn't be able to max out the 4096
    But, what you can do, is enable Peer to Peer blocking, which disallows clients to talk to each other on the same WLAN
    HTH,
    Steve
    Please remember to rate useful posts, and mark questions as answered

  • Apple TV 2G (Airplay and Homesharing) can only stream from devices on the same wireless access point range??

    connection:
    40 Mbps Fiber Broadband connection using:
    Devices:
    1. Main Modem/router (AP1): Huawei HG8245 (provided by ISP) - Wireless enabled.
    2. Remote Access point (AP2): Linksys/Cisco E3200 Wireless gigabyte router flashed with DD-WRT v24-sp2 (06/14/11) mini (Cascaded -wired- LAN to LAN from main modem).
    3. Wireless Repeater to cover a dead spot  (AP3): Linksys/Cisco E1000 wireless repeater.
    4. Apple Tv (AT2G) with home sharing/airplay enabled.
    5.( Ipad) with home sharing on itunes enabled.
    6. Win7 (PC) using iTunes with Home sharing enabled.
    all devices are updated to their latest firmware.
    In order to cover a large 3 story house with Wifi. I had (AP1) is located on the first floor, while (AP2) is located in the basement floor directly wired by LAN to LAN with (AP1). (AP3) is located on the Ground floor away from the living room to repeat wireless network into the back yard. While (AT2G) is located in the living room on the ground floor right in the middle of both (AP1) + (AP2) while connected via Wifi.
    Network SSID, security, passphrase and wireless settings of (AP2) are identical to (AP1) to create a single big LAN/WLAN roaming network where all devices connected to both wireless access points can find/share the others. As understood, it's refered to as bridging.
    I have noticed that my iphone/ipad does not show the airplay button anywhere within the wireless network. it seems that the apple TV randomly choses to connect to the AP with stronger signal, or switch to the other in case of a reboot to one of them.
    to elaborate further, if i was sitting in the living room (groundfloor), trying to airplay some you tube contents via Wifi to my Apple TV, i may not find the airplay button available all the time, i found out the reason is while i'm wirelessly connected to AP1, the Apple TV was connected to AP2 and both deviced cannot detect each others to enable my purpose. that goes the same for Home Sharing. only if my Ipad/PC and Apple Tv are on the same wireless AP. they would detect each others immediately.
    although, the second AP (AP2) is suppose to extend my wireless network of the same subnet in which any device connected can be found.
    After all sorts of trial and error tweaking my router/access point, I thought the problem would be due to the Linksys 3200 capability of bridging WLAN and lacks few protocols that enables my purpose. i have flashed the firmware to a DD-WRT, but again, problem was not solved.
    I have not tried having my Apple Tv wired to either router/AP, but i assume it may work well if i do so. i still need to solve this wireless connection issue though.
    Am i the only one with this problem, would there be something wrong with my setup? 
    Your feedback is highly appreciated.

    You may or may not already have your network set up correctly, it's just that I can't tell from what you have said.
    I have a main router provided by my ISP, I have several other Airport Extremes and Airport expresses connected by Ethernet, all set up to bridge the network created by the main router.
    Each maker has their own settings, but bridging should be reasonably obvious. In simple terms my main router distributes IP addresses to all devices, the Airports bridge that network by passing these addresses to the devices from the main router. A base station that isn't in bridging mode will distribute its own addresses to the devices connected to it.
    I don't really follow your next point.
    instruction for configuration vary from manufacturer to manufacturer, the best course of action here is to refer to the manual. If everything is set up properly the addresses of everything on your network will have identical sets of numbers for the first 3 of 4 groups of numbers that make up an address, the last set must always be different. I think the part you are referring to with your DD-WRT is the option to have Ethernet and wifi bridged or not.
    Some routers may be easier to configure than others, but generally speaking they should all work with the Apple TV. 5Ghz is less likely to suffer interference but it is much more likely to be blocked by solid objects, it may or may not be an advantage.

  • When I connect my apple tv to my access point upstair and connect my ipad to the same access point i cant see my apple tv when i open up the airplay menu on my ipad. but i can see the apple tv in the living room downstair which connect to the main router

    when I connect my apple tv to my access point upstair and connect my ipad to the same access point i cant see my apple tv when i open up the airplay menu on my ipad. but i can see the apple tv in the living room downstair which connect to the main router.
    Below is some info i get about ports.
    I tried to set DMZ on my main router to have full access to ported to access point upstair which is in the ip of 192.168.1.2 and the main router in the living room is the gateway router with the 192.168.1.1 ip.
    I still cant see apple tv after i try the DMZ method.
    any suggestion ?
    These network ports are used by Apple TV for communications on your network.
    TCP port 123 is used to communicate with a network time server.
    TCP port 3689 is used to communicate with iTunes while using the iTunes Library Sharing feature.
    UDP port 5353 is used by Apple TV for automatically finding computers with iTunes on your network using Bonjour.
    TCP port 80 is used for communicating with podcast servers.
    TCP port 80 and 443 are used for basic and secure communications with the iTunes Store via the Internet.
    TCP port 53 is used for regular DNS.
    These are well-known ports used by Apple products, like iTunes. If you can use all the features of iTunes, these ports are likely already open on your firewall or NAT router. Note: These ports may also used by other services such as YouTube and Flickr.

    When the Apple TV is paired with a remote, it means only that remote can control it, when it's not paired any remote can control it. You will need a remote for each of your devices.

  • Is there any way I can control which specific access point I connect (and stay connected) to from amongst a set of access points with the same SSID?

    I'm working from a boat in a harbor in which the ISP has deployed numerous access points around the periphery.  All the access points share the same SSID and each is configured to use either channel 1, 6 or 11.   From my location, there are over a dozen of these access points "visible" (based on the the output of WiFi Scanner) with a range of RSSI and S/N values that vary over time.
    The ISP has told me that the quality of my connection should be "perfectly fine" for any access point with an RSSI value better than -75, but I know from experience that my connection quality is miserable (i.e. < 50Kbps download) for almost all of these, including those with RSSI values better than -75.  There is at least one exception, however, which gives me on the order of 2Mbps download, which is "great" in this context.
    I've tried using a more powerful USB antenna plugged into my MacBook Air (mid 2011), but as far as I can tell, it really doesn't make much difference.  Neither does my location within the boat.   The overriding factor seems to be which access point I happen to connect up to.
    I should point out that the closest access points are about 75 yards away, with many of them being several hundred yards away or more.  I'm guessing that even though the signal strength of some of the distant access points is causing them to get "chosen" some times, the results are unacceptable due to the distance.
    I'm hoping that I can determine, through experimentation, which access point(s) provide(s) acceptable performance and then configure my Mac to limit my connection to those points through whatever mechanism I need to use (e.g. channel, MAC id, etc.).

    Establishing a wireless connection with a client computer is left to the access point for various reasons. One reason that your Mac may not connect to the strongest access point is that it may have reached a limit of the number of clients it can serve, leaving it unable to accept a connection with another. The limit may not be very large.
    Suppose that happens, and your Mac establishes a connection with a more distant access point having a weaker signal. Then, suppose a client drops off the network. Doesn't this mean your Mac will switch to the stronger access point? Not necessarily. The throughput delivered to and from your Mac would have to drop below a threshold specified in the AP for it to drop the client, leaving your Mac free to connect with another one. The reason for this is to prevent rapid switching from one AP to another in an area in which two signals are of approximately equal quality. If that were to occur the frequent and repetitive handshaking between the two devices would slow throughput to zero.
    In an environment in which several access points are broadcasting the same SSID, Apple provides no insight as to how it determines which access point to choose. This is the reason I suspect this "choice" is a function of the router, or access point. The connection originates with it, not the Mac.
    Now, what would solve your dilemma would be to determine a way to control the access point with which your Mac connects, by specifying the access point's unique MAC address for example. In this happy circumstance, you could maintain an editable "whitelist" or "blacklist" of the harbor's access points and be able to choose which among them you prefer.
    I do not believe OS X maintains such a record of MAC addresses though, only those of the routers it uses. If I am correct about that, such a solution is unlikely to exist. Don't let that discourage you from searching for one though... I would concentrate on something like "selecting access point by specific MAC address".
    I did find this patent application though:
    Roaming Network Stations Using A Mac Address Identifier To Select New Access Point
    Perhaps it's a start

  • AppleTV, iPad, Music, AirPlay & Wifi: Same Access Point? Stuttering. Different Access Points? Just Fine!

    I saw some discussions that seemed somewhat like what I have experienced, but thought I'd post this separately just in case.
    I have three AppleTV units. Two are wired, and one uses WiFi. The two wired ones work just fine, but using AirPlay for music was terrible for the WiFi one. It would play about a half second of music, then stop, then another half second, and so on, so it seemed to be stuttering and was unusable for that. It was strange that video and its associated audio worked just fine for me!
    I did stumble onto something that helped me, but it might not be applicable to all.
    I have a Cisco Dual-Band router. It shows as 2 access points/SSIDs - one on 2.4GHz and one on 5GHz. If the WiFi AppleTV and my iPad are on the SAME access point, I get the audio stuttering. If I switch so one is on the 2.4GHz and one is on the 5GHz, AirPlay music works great. It doesn't matter which is on which, but if both are on the same one, I get music stuttering.
    I plan on switching one or the other of the wired units to use WiFi for a test to see if they all exhibit this behavior, but the behavior was reliable on the one AppleTV I use via WiFi.
    I was actually going to switch from the 5GHz AP to the 2.4GHz AP for both to see if it worked differently, and happened to test when one was on each, then followed it up with tests for all 4 of the configurations (2.4-2.4, 2.4-5, 5-2.4, 5-5).
    If you aren't using a dual-band router, I don't know if there is any way to take advantage of what I see in my configuration, but I thought I'd share the information in case it does provide some options.

    Airplay uses ethernet / ip broadcast. This only works on the same ip subnet. A router typically connects different subnets. Hence being in one subnet you won't get the broadcast packets and won't see the advertised "airplay" services of the apple TV. You should make both "sides" (in your diagram) of the router into one subnet. That might involve connecting everyting to an ethernet switch.

  • Have apple tv 2g and several IDevices (ipad, iphone..)and around the house i have several access point connect via UTP cable to the same router/modem, but  when i try Airplay it wont work if the devices are on dif wifi conn. regardelless its the same LAN.

    Problem with Homesharing/Airplay with dif IDevices (Itunes with a PC, Iphone, Ipad, Itouch etc) using my home wifi connections that has several access point throu out the house and they all are connected via UTP cable to the same modem/router (My LAN).
    When i try to use airplay or homesharing both devices have to in the same ACCESS POINT (it does not mather if its WIRED or WIRELESS, i have the same problem with both).
    Any ideas?? This did not happen before i upgraded ITUNES in order to use IOS5.
    Thanks

    Thanks for the advice. But i dont have any devices sync wifi. It also happens with older versions of IOS on iphone 4.2.1 and 3.1.3 and also IOS5 (no wifi sync enable).
    Basiclly when i try to airplay music using itunes (pc) to my apple tv 2g (4.3.3.) they both have to be in the same access point, if the apple tv is connect via UTP cable i have to be connected to that access point wifi. Basicly dosent work with dif access points.  Also if i manage to be on the same access point (itunes using a pc and the apple tv) if i have to use Remote App to change songs i have to be in the access point to.. can not see the devices...
    Any ideas?

  • Is Access Point name and cluster name same, if we have only 1 access point ?

    if we have only 1 Access Points, will the name of access point be same as the cluster name ? can i create more then 2 cluster on same role ?
    sid

    Hi sid,
    You can not create a role same with your cluster name, it will cause the DNS resource confilect.
    More information:
    DNS Registration with the Network Name Resource
    http://blogs.msdn.com/b/clustering/archive/2009/07/17/9836756.aspx
    I’m glad to be of help to you!
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Help needed setting up access point to public network

    Hi from a newbie,
    Assuming they are suitable, I want to use one (or two) AP1232AG-E-K9 access points for Internet connection through a public wireless network (BTFON), where wire broadband is not an option. I've downloaded what I think is the correct manual for the APs and I'm now scratching my head as to where and how to start setting them up. I want to use these Cisco APs in the hope they will give me better wireless performance than I'm currently getting, which is frequently flakey.
    I've tried to reset the APs to the factory default but there seem to be different ways of doing this depending on what you want and what you've got. I made up a console cable  to access the console but there even appear to be different versions of  this so I'm not sure if the cable I have is the correct one.
    I have setup and used lower end wireless devices in the past but these Cisco units seem real complicated and I'm going to need help in getting them working.
    Any assistance would be much appreciated.
    Kind regards,
    Glenn.

    Updated network diagram.

  • 2 Access Points Same Wireless Network

    ok the basics: I have a cable modem hooked up to a linksys router ... the signal does not cover the whole house, so I got a linksys range expander ... set the whole thing up and everything works nice ... except that my PB keeps picking up the weak signal from the main router and doesnt connect to the range expander ... they both have the same security settings and all and they even appear as the same wireless network ... any thoughts on how to make my PB connect to the access point with the best signal?

    I don't think that was the question posed. The issue is not how do I increase a particular access point's range, or can I dispense with one of them.
    The issue is how to best work with TWO access points on the SAME network. I am very interested in this issue, as I have not been able to get my system to work properly. In short, there is an Airport Express (access point only) in the upstairs family room, and a Motorola (router and access point) in the basement. For those of us who own the new PB's, it is a lost cause to get reception comparable to the iBooks. Literally hundreds of posts exist in this area trying to improve it. So the ability to automatically connect to the highest reception point is a great benefit.
    I have a unique IP address to each access point, and the Airport Express is tied to the Motorola router through ethernet. I have tried both devices on the same wireless channel, and each on its own (1 and 11). I have also tried using the same SSID & password for each point, and giving them unique names. In all situations, the result is the same. Once the Mac is connected to a particular access point, it will never switch over to the other one, unless connectivity is completely lost to the first one (i.e. unplug the AE).
    This does not meet the 'roaming' idea. The goal is that when I am upstairs, I automaticallly connect to the AE, as it is strongest. When I move downstairs, it should connect to the Motorola, as the signal strength is SIGNIFICANTLY increased (we are running a PB, here). But this never happens. Instead, the PB will choke on internet browsing, because it is connecting to the gateway through a very weak wireless signal upstairs, when an alternate strong one is right next to it !!
    Doesn't matter if I sleep in between relocating. All settings are automatic; that is, the Airport will automatically connect to the available networks. What I have to do is click the airport signal meter and choose my access point in order to change.
    For those who think this is all acceptable performance, I don't have to do this with my HP work laptop. Windows does not seem to have a problem with proper, correct, and optimized roaming.
    Hi-res PB15, 1.5GB Mac OS X (10.4.7)

  • I cannot print to a p1102w if i am on a machine connected to the same access point as the printer..

    I have two p1102w printers set up in a school, any time I try to print it will only work if the laptop i'm using is connected to a different wireless access point than the printer. This happens anywhere in the school, has anyone ever encountered something like this before?
    The laotops are running xp sp3 professional by the way.
    Thanks in advance for your thoughts and ideas.
    joray75

    First thing to do is check your routing rules and tables in the network to make sure the type of communication you're wanting (printing via wireless on the same access point) is allowed. I'm betting something is off in those that's preventing communication.
    -------------How do I give Kudos? | How do I mark a post as Solved? --------------------------------------------------------

  • Multiple Cisco Aironet 1131AG access points and same SSID?

    We have multiple Cisco Aironet 1131AG devices, all wired on one Cisco L2 switch(2560)  who is connected to L3 switch (3550). We assigned one VLAN for access point in L3 switch who acts as vtp server (L2 switch is vtp client). All ap's will have static ip address and all will have same SSID and no security and they will be using multiple channels (ex. 1,6,11).  They will operate in 3 floor building for roaming wireless client. We won't using any wireless controller.
    So my question is this: How to configure APs-all the same with different ip's, can we use L3 switch to create dhcp server for access points VLAN (pool for clients, and the rest for static ip for ap's)? Can one of the ap's be WDS and in the same time local radius server with users without Cisco Secure ACS or similar controller or I didn't understand this quite well :-). I followed guide http://www.cisco.com/en/US/docs/wireless/access_point/12.3_2_JA/configuration/guide/s32roamg.html for WDS where the part abou Cisco ACS is a problem, so I can use same ap as Local Authenticator as in guide  http://www.cisco.com/en/US/docs/wireless/access_point/12.3_4_JA/configuration/guide/s34local.html#wp1035723.
    Many thanks...

    Well, just so you know, WDS and local RADIUS authentication is only needed if you're using authentication on your wireless connection.  You say you're not planning to use security, so this isn't necessary.  However, I'd highly recommend at least using a simple WPA2-PSK to lock down your connection, otherwise you might end up giving free Internet access at best, and at worst you might be giving access to company PCs and servers.  If you want to further use an 802.1x or WPA authentication method, then yes, you can use an AP as a RADIUS server and WDS to improve authenticated roaming, but this is far more limited than using a Cisco ACS.
    As for your other questions, yes, your APs can all be configured the same except for at least three parameters: IP address, channel, and hostname.  Configure your static IP addresses on the AP's BVI1 interface.  Don't place it on the Radio or Ethernet interfaces, because if either of these interfaces goes down you'll lose the ability to configure the AP, so it's best to use the BVI1 interface.
    And yes, configuring a DHCP scope for your clients on your L3 switch is a good design, or you could also use your DHCP server on a different subnet by using the ip helper-address command on the L3 interface.  I hope this helps!  Let me know if you need help configuring any of this.
    Merry Christmas!
    Jeff

  • AirPort Extreme used as a wired/wireless access point at same time?

    Can the gigabit ethernet ports (wired connection) on the AirPort Extreme be used at the same time as the wireless-N connection when it is installed to a switch on an existing network as an access point? Will it still broadcast simultaneous Wireless-N dual band signals?
    If both are yes, then do you have any other information regarding the cofiguration? Or helpful links that may help me? Thank You.

    I have not yet purchased an airport extreme or even tried this. I have an existing network with a simultaneous wireless-N dual band router feeding a main switch. From the main switch I have cat5e wired gigabit connections to 4 PC's then two cat5e cables, each going to a small switch at seperate media centers.
    I have one area that I have a single cat5e wire that can not get the wireless signal from the existing router. In addition to the wireless signal problem, I could use a couple extra gigabit ethernet connections to this same area, but can't pull any new cat5's to it.
    I was told I needed to install a multi-gigabit-port wireless-N access point or install another switch with a single port wireless-N access point connected to it. As I looked into this, the dedicated wireless-N access points are wireless-N dual band but do not broadcast them simultaneously (it's either/or).
    So I was wondering if I would benefit in any way by using the AirPort Extreme instead of the dedicated wireless access point recommended, and if it will give me what I need plus a simultaneous dual band wireless-N connection to the area? I don't know why the IT didn't recommend installing another router like I'm thinking? Don't know if it will even work? If it is a good idea or not? Don't want any conflict or networking problems to have to deal with just because I didn't listen and/or got the wrong item? What do you think?

Maybe you are looking for

  • Upgrade from Windows 7 pro to windows 8.1 pro I only get keep personal files only or nothing, I want to keep apps too

    when trying to upgrade from windows 7 SP1 to 8.1 pro from the DVD while being in windows I only get an option to keep personal files only or keep nothing. what do I have to do so I can do a upgrade and keep all the programs too ? thanks! Brandon Dill

  • Freight not to be loaded on the Material Cost in Purchase Order

    Hi, For Purchase Order, we want to configure a scenario where in we want the freight not to be loaded on the Material Cost. Where need to change in the configuration do achieve the same. Please guide. Regards, PK

  • VGA to DVI VGA splitter

    Well, at least this is what I think I need. At work I have a regular PC with a small screen that I believe uses a VGA connection, I have a three year old Mac screen (aluminum case)which has a DVI connection. I want to add the Mac screen to the PC as

  • COLUMN_RENAME IN ORACLE 8i

    IS THERE ANY WAY TO RENAME A COLUMN IN ORACLE 8i TABLE ?

  • File synchronization problem

    I have a file "C:/test.txt" that app1 is reading (which takes a long time lets say) At the same time app2 has an updated version of "C:/test.txt" so it creates "C:/test.txt.tmp" and writes it to that file, then it renames "C:/test.txt.tmp" to "C:/tes