Skip to main content

4 Messages

 • 

110 Points

Sat, Jan 30, 2016 5:37 AM

r300 vlan without ZD

Hi i am deploying (3) R300 access points without the zone director. We would like to run the wireless on a different Ip range as the wired lan and not have the wireless clients able to connect to any resources on the wired lan. is that possible with only the access points?

Thank you.

Responses

824 Messages

 • 

13.2K Points

5 years ago

Hi.

Both things are possible without controller however you would need a L3 switch. L3 switch would help you create VLAN's which will segment your WIFI network away from your LAN.

VLAN created on L3 switch need to be tagged on WLAN's on the AP to make your requirements getting fulfilled...

4 Messages

 • 

110 Points

5 years ago

thank you for the response. i setup the access points using the option for the separate subnet and dhcp so the wireless clients are receiving ip addresses that are different from the lan range but in testing i am still able to reach the lan from a wireless client. The access points are connected to a net gear ProSafe FS728TPv2. do you know if that is an L3 switch and can it do what i need?

333 Messages

 • 

5.1K Points

You dont need a Layer 3 switch as this can be done via VLAN's which are Layer 2

You can seperate client and management access by changing the wan ip address on the AP.

Prior to setting the IP address on the WAN make sure that port on the AP that is connected to the switch is set to trunk:
set interface eth0 type vlan-trunk untag 1
Note: it may be eth2 if its a 7363

IP Address Commands
set ipaddr wan vlan 10 dynamic
or
set ipaddr wan vlan 10 10.10.10.2 255.255.254.0 10.10.10.1
Then for client traffic just adjust the access VLAN in the WLAN config.

Note:the ports facing the AP's, and the uplink ports between switches, need to be set to trunk (tagged frames), and allow the VLAN's for both MGMT and client traffic.

Good Luck

4 Messages

 • 

110 Points

5 years ago

Hello Sean thank you for the reply. I tired the setup with my netgear switch based on your instructions and once I do I cannot connect to the Internet. I already had the separate subnet setup in the access point so my wireless clients are receiving alternate ip addresses apart from the lan but like I said when I tried following the instructions they could no longer reach the Internet. Is it possible a step may be missing?

Thank you

333 Messages

 • 

5.1K Points

Is your topology is like this:

4 Messages

 • 

110 Points

Sorry not exactly no.

I have the R300 Access point(one port) connected to--> netgear switch which is connected to another netgear switch that servers, pcs,  sonicwall etc are on and the sonicwall connects to the internet service

333 Messages

 • 

5.1K Points

Log in to an AP via the cli and post the output from the following commands:
get interface
and
get ipaddr wan