Creating a Guest WLAN? How to?

  • 1
  • Question
  • Updated 4 months ago
Hi,

I am new to the world of rukus, i was wondering if anyone could share some information on how the guest access that the Rukus R500 offers?

We basically want to set up a seperate WLAN for guest access when we have visitors, to seperate bandwidth and so that they would not be able to access any other information stored over the network?

I have played around with the guest access a bit already, however the only way I have found to do it is by generating guest passes, however we want the guest access to just have a set password that we can display on our premises and those that connect to it do not have any access to what we share over our network.

Any help as to the best way to do this would be great.

Thanks,

Ethan
Photo of Ethan Wise

Ethan Wise

  • 1 Post
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Pavel Syulin

Pavel Syulin

  • 8 Posts
  • 0 Reply Likes
It is easy with managed switches. We create special wpa2 wlan, assign special vlan to it, then we isolate this vlan from corp. network. Or you can use router to isolate one network from another.
(Edited)
Photo of Warren-G

Warren-G

  • 6 Posts
  • 0 Reply Likes
I agree with Pavel - if it's a small network without a lot of high speed LAN connectivity requirements, then it's probably easier to just connect the AP to your router and put your guest SSID on a separate VLAN. Depending on the router you use of course, it would need to support that functionality. For example we primarily use SonicWALLs, and it's easy enough to add a virtual sub-interface for the VLAN traffic. You would also want to make sure the port on the router that you're connecting to is Gigabit speed in order to ensure the best performance - a number of routers are limited to 100Mbps switch ports, so that may not be ideal. In this option, you would also need to power your AP, so that might mean a separate PoE injector, DC adapter, or possibly your router has PoE capability?

If you already have a switch with PoE and VLAN support, you could also use that. This would be better if you have faster LAN connectivity requirements, such as needing Gigabit connectivity to the LAN for your wireless clients. A lot of PoE switches would provide VLAN support too, so just be sure to verify those two features before you buy (PoE and VLAN support). Good luck!
(Edited)
Photo of Pavel Syulin

Pavel Syulin

  • 8 Posts
  • 0 Reply Likes
And dont forget about dhcp and dns services. You need to setup dhcp for guest wlan. DNS servers can use from your ISP.
Photo of BenR

BenR

  • 2 Posts
  • 0 Reply Likes
Anyone know how to setup DNS specifically for Guests with full wireless client isolation? Right now fully isolated guests are getting the same internal DNS as my other clients but are unable to reach the internal addresses because of the isolation. Unfortunately I don't see where I can set DNS for the fully isolated clients specifically. Thanks!
Photo of Tim Morton

Tim Morton

  • 14 Posts
  • 4 Reply Likes
This would be set at the DHCP level for the VLAN that you are using. Set the DNS for 8.8.8.8 or 4.2.2.2. This will send the requests to outside DNS services and not use the internal DNS.
Photo of BenR

BenR

  • 2 Posts
  • 0 Reply Likes
Thanks for the answer! Currently Ruckus is the DHCP server for wireless clients. So to rephrase my original question I'm wondering how to do exactly what you suggest: set the DNS server to 8.8.8.8 for the clients in that are fully isolated.
Photo of Tim Morton

Tim Morton

  • 14 Posts
  • 4 Reply Likes
I believe that the DHCP server for the ZD is 'global' rather than VLAN specific. Meaning that the guest network is probably getting the same IP address range as the 'normal' SSID, Is this a correct assumption?
Photo of Tim Morton

Tim Morton

  • 14 Posts
  • 4 Reply Likes
Sorry, I hit  submit too soon. The ZD DHCP server is very limited and while supported, is not recommended.

To do what you are wanting to do, you should setup DHCP on your firewall, switch or server and then couple this with separate VLANS.