Guest WIFI and isolation from network and each other

Product Discussion InControl
1

I spend a lot of time reading the various post on this forum and manuals but I am stuck.

Goals:

  • Create a Guest WiFi network that is separated from the main network
  • Prevent Guests connected to the WiFi from seeing each other

Peplink > Network > Lan > Network Settings

  • Created a VLAN “Guest” (1) and gave it its own IP address, enabled the DHCP server with the same IP address range as used for the VLAN. DNS servers are automatically assigned.

Peplink > Network > Lan > Port Settings

  1. Assigned port 8 “Access” to Guest VLAN
  2. Connected laptop with ethernet to port 8
  3. Network DHCP picks up network settings and DNS
  4. IP scan doesn’t reveal other network devices (Good!)
  5. Able to browse the internet (Good!)

Peplink > AP > Wireless SSID

  • Created Guest SSID with VLAN Guest (1)
  • Security settings Open (keeping it simple for test purposes

Problem:
I am able to connect to the Guest network but DHCP is not working (self-assigned IP address)

Technical details:

  • Peplink Balance Core Firmware 7.1.0
  • Access Point AP_One_AC- Mini Firmware 3.5.4
  • Access Point AP_One_Rugged Firmware 3.5.4
  • HP unmanaged switch

Questions:

  1. How do I make the DHCP for the Guest VLAN work under WiFi
  2. How do I isolate Guest users from each other?

Thank you very much for your support.
For some it might be very simple but I am stumped…

Thanks!

Rogier

2

How the devices physically connected ? Suspect this may related to VLAN trunk issue from the AP up to the Balance One Core. Guest VLAN is not fully carry up to the Balance One Core.

2 Likes
3

Hi Sitloonng,

The WiFi AP’s are connected to the unmanaged HP switch.
If you want I can connect them directly to the ports on the Ballance One.

4

Would you able to help isolate this first ?

Balance Core LAN port (Trunk) <----> APs

1 Like
5

You mean physically connect the WiFi AP to a LAN port on the router?
Basically, use the same ethernet port and setting I was successfully able to use the VLAN with my laptop?

6

@ScooterIT

We need to isolate the physical port trunk from the APs up to the Balance One core. Direct connect the AP to the Balance One Core is the good test. From your configuration, make sure Balance One LAN port that connected to the AP is configured as “Trunk”

Your Balance One should have the following VLANs:

  • Default VLAN -Untagged - Staff
  • Guest VLAN - VLAN1
  • Balance One core LAN Port connect to AP must configured as “Trunk”

B1 (Port 8)<–VLAN Trunk–> AP <— Client device connect to SSID: Guest VLAN

Would you able to refer to the following forum post for the sample setup:

1 Like
7

Hi Sitlong,

Connecting both AP’s to the router worked!
I had to use the default port settings Trunk - Any so make all SSID and VLANs available.

Tomorrow I will look into your advice to isolate the guest users from each other.

Thanks!

Rogier

1 Like