How do I create an SSID with only internet access on WM3600 with AP4610s

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
I need to create an SSID for our clients that will only allow internet traffic.  I want to block all other traffic to our LAN.  How can I accomplish this?  Thanks in advance.
Photo of CHRLX-ENG

CHRLX-ENG

  • 92 Points 75 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of PARTHIBAN CHINNAYA

PARTHIBAN CHINNAYA, Alum

  • 4,362 Points 4k badge 2x thumb
Just create an ssid with security level for wireless.
You might need to do deny rule acl  based on ip subnets.
Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb
CHRLX,

The easiest way is to create an SSID and assign it to a vlan that can only connect to internet. The DHCP server should give the wireless clients the address of the internet router as their default gateway.
Photo of CHRLX-ENG

CHRLX-ENG

  • 92 Points 75 badge 2x thumb
Daniel...  The router is on a different VLAN and therefore cannot be used as a default gateway.  Thanks.
Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb
Can you extend that vlan to the controller?
Photo of CHRLX-ENG

CHRLX-ENG

  • 92 Points 75 badge 2x thumb
Parthiban...  I appreciate your reply, but it is very vague.  How can I accomplish what you are recommending?  Thank you.
Photo of PARTHIBAN CHINNAYA

PARTHIBAN CHINNAYA, Alum

  • 4,362 Points 4k badge 2x thumb

Note:Assumed L2 switch is a POe enabled switch.

I assume your default gateway is wireless controller and routing is done in controller
1.Assign ip address to controller
2.Create a wlan and map the ssid to the vlan.
Note:bridge mode "local" and bridge mode "tunnel" are two options.
3.map the required secuirty setting in the wlan. [wep,wpa2 etc]
4.Map the wlan to the radios.[wlan mapping]
This will get your wireless network up and running.
with static ip to clients.
now if needed you can use wireless controller as DHCP server or use and external dhcp server 
for wireless clients
Gui is the easiest way to configure the controller.

Once the above steps are followed implemented and tested.

Add acl in controller to block specific subnets so that wireless subnets can access only internet.
below is the syntax.reference guide and user guides are available.

http://extrcdn.extremenetworks.com/wp-content/uploads/2014/01/WM3000CLIReferenceGuide_5.2.pdf

deny ip [<SOURCE-IP/MASK>|any|host <IP>] [<DESTINATION-IP/MASK>|any|host<IP>]
[log rule-precedence <1-5000>|rule-precedence <1-5000>]
{rule-description <RULE-DESCRIPTION>}

Hope this throws some light for your requirement.
Photo of PARTHIBAN CHINNAYA

PARTHIBAN CHINNAYA, Alum

  • 4,362 Points 4k badge 2x thumb
Here is the guide for basic controller configuration

https://www.dropbox.com/s/4kb5p5rl1ycxakl/SVC%20Tech%20Implementation%20Guide%20WM3000%20Series%20SW...
use this as a reference.