Hi guys,
I have two WAPs that are connected to the USG 100. Main wifi is bridged to main network.
Main wifi is same SSID on both WAPs, radio is on different channels so that roaming between WAPs work. DHCP server for that network resides on the USG 100, classics so far.
I now need to implement a guest wifi on a separate subnet, which is unbridged to the main network and guest clients isolated from each other. Clients on the guest (wifi) network must only be able to route out of the WAN interface on the USG 100, i.e. see the internet but not able to access anything else (no access to router admin and other clients on the main network).
I want to use the existing cable to the WAPs, i.e. need to work probably with VLANs to transfer two subnets.
Each WAPs will get a virtual SSID (with its own MAC address) for the guest network that I can put on its own interface in the WAP (they are VLAN capable).
I need to have a DHCP server for the guest network in USG 100.
And some pollcy routes for the guest network.
The USG 100 also runs a s2s VPN and a L2TP VPN for mobile devices to the main network - guest clients should not have access to these resources.
Can a kind soul help with the VLAN config on the USG?
Any help is highly appreciated. Thanks a lot!
Config:
WAPs are all E4200 v1 with DD-WRT v24-sp2 (03/19/12) mini
Switches are HP ProCurve 1800-24G
USG 100 runs 3.00(AQQ.4) / 1.08 / 2013-01-18 19:31:54
↧