Guest Wireless with DHCP/DNS & NAT

[benny]

I came across the following Youtube videos on this topic. Maybe it is interesting for you ...

English:


German:

[nidal_malla]

I tried this scenario and there is the below problem :
- I can get IP address from DHCP only when I connect directly to the PVC , because the DHCP is located and worked only on teh PVC.
- When connecting to the same SSID but with un-PVC access point , I will never get dynamic IP address.

[silvio]

at your switch ports (with attached access points) you have to tag the vlan of the SSID. And if the AP are at different switches you need to tag this vlan also at the switch connections.
regards
Silvio

[dervodebayern]

Hi,

what are Pros/Cons of having the AP do DHCP&NAT vs letting a Router e.g. Lancom do DHCP?

Im atm deciding between those scenarios.
Curious on your thoughts here,

Regards

[silvio]

Both is working. But if you NAT your wireless guest traffic f.e. at the AP mostly you need special policies to block this traffic to the company network. So I prefere to use NAT at a firewall/router. All the guest traffic are within a guest vlan and will be forwarded through whole the wired network to this gateway (and this is the dhcp server too).
best regards
Silvio

[dervodebayern]

Allright.
Thanks for the answer!
Regards

[Cristek]

at your switch ports (with attached access points) you have to tag the vlan of the SSID. And if the AP are at different switches you need to tag this vlan also at the switch connections.

Follow-up question: doesn't this scenario make you vulnerable if that one AP (the PVC in this case) goes down? How would you approach this then? 2 APs with guest dhcp and let them fight over who leases an IP first?

[silvio]

For redundancy it will be a good idea to activate the DHCP server at two APs. But with different ranges. F.e. for the first AP 192.168.1.10-119 and the second from 192.168.1.120 to 250. One of the range should be enough for all clients.
BR Silvio