Separate Guest VLAN but GuestPortal only in Default VLAN: Unleashed R600

  • 1
  • Question
  • Updated 11 months ago
  • (Edited)
As the title says, we are running a guest wifi on a separate vlan, which causes the management IP to unleashed to be unavailable. 

This is clearly a design flaw of the system, why offer vlan options if you can't use it for this. Cannot use guest wlan option under a separate vlan at all due to this. 
Photo of silent

silent

  • 10 Posts
  • 1 Reply Like

Posted 11 months ago

  • 1
Photo of GITM

GITM

  • 12 Posts
  • 0 Reply Likes
You can do this very easily. Set your port as a trunk port and allow the VLANs you want. Set the management IP address on your management VLAN and set that as the native VLAN on your port. For example, this is what I did:

I set the ports on the switch to Trunk 802.1q with native VLAN 99 (management) and allowed VLANs 99, 30, 60. I want the regular traffic on 30 and the guest traffic on 60.
I gave the APs management addresses of xx.xx.99.xx and you have to set the VLAN on the AP to 1 (the AP is going to see VLAN 99 as the native VLAN, i.e. VLAN 1.
Photo of silent

silent

  • 10 Posts
  • 1 Reply Like
Are you using guest authentication on the guest network?

Even in your scenario i think the management ip is not available on the guest vlan. Also this is a security risk opening up to have the management IP available to the guest network. 
Photo of GITM

GITM

  • 12 Posts
  • 0 Reply Likes
You don't want the management IP available on the guest VLAN. Actually, I went back and looked at my configs again and what I gave was incorrect -- I am not using the management IP on the Ruckus setup (was confusing it with another Meraki net I've set up -- sorry to muddy the waters, but it should work in any case). This is what I did on the Ruckus setup:
Set the ports on the switch as Trunk 802.1q and allow VLANs 30 (employees) and 60 (guest). Set native VLAN to 30.
Set IP addresses for the APs on the xx.xx.30.xx subnet.
Under WLAN setup, set the access VLAN to 1 for the employee SSID and 60 for the guest SSID.
Restrict subnet access on the guest SSID.
I can manage my APs through the employee network, but not through the guest network.
Photo of silent

silent

  • 10 Posts
  • 1 Reply Like
Are you running your guest SSID as a 'standard' network type? 

I have the vlan working for normal networks, when i introduce 'guest mode' where it's prompting the user to accept to terms is where my issue lies, since that is done via the management IP address of the AP/Unleashed. 
Photo of GITM

GITM

  • 12 Posts
  • 0 Reply Likes
No, I've got it usage type set to Guest Access for the guest SSID with an access list blocking access to any local addresses. I don't have a management IP set up on the Ruckus network. Taking your point on the 30 net being the native VLAN on that port, it might make sense to set up a management address though.
Photo of silent

silent

  • 10 Posts
  • 1 Reply Like
Interesting, do you have no authentication selected for guest? Even if i select no authentication i get prompted with the "Accept these terms" portal
Photo of silent

silent

  • 10 Posts
  • 1 Reply Like
This is fixed with update: 200.5.10.0.291