cancel
Showing results for 
Search instead for 
Did you mean: 

Guest SSID that only distributes a certain pool of IP address from our DHCP Server?

Guest SSID that only distributes a certain pool of IP address from our DHCP Server?

c_hardwick
New Contributor

In short we have a Smoothwall filter here at the school which is great but makes connecting un-domianed devices to the wireless a bit of a pain.

 

What we would like to achieve here is for our guest SSID to only distribute IP's from a certain pool of our DHCP, this pool has been white-listed on our Smoothwall filter to not authenticate but give guests filtered internet but no authentication for tracking usage.

 

For example our DHCP scope is 10.163.0.0 with 10.163.67.1-254 being the main pool for domained devices, a new pool has been created 10.163.69.1-254 this is the pool we would like the AP's to distribute if a client is connecting only through the guest wireless SSID, any one that connects through the normal SSID they recive a IP that is not inside this pool.

 

We would also like to setup no access to UNC paths or servers on the SSID if possible.

 

This seems like a big task and its blowing my mind, some assistance would be massively appreciated!

3 REPLIES 3

samantha_lynn
Esteemed Contributor III

My apologies, I didn't realize you were using Connect. Unfortunately you won't be able to set up a DHCP server on an AP while using Connect, you would need to upgrade to Select to unlock that feature. In that case, you'll want to set up a separate VLAN for that pool on your back end network and assign guest users to that VLAN to keep them separate. You can still use the Guest-Internet-Access-Only firewall in the user profile.

c_hardwick
New Contributor

Hi Sam

 

Thanks for your reply, I believe our back end network can support a VLAN but the second option sounds better to me! I did notice that the DHCP settings on the AP's are not accessible until you upgrade your licence would this be the case?

samantha_lynn
Esteemed Contributor III

Would you be able to assign that IP pool to a specific VLAN? If you can, the Aerohive set up will be easy, you'd just need to assign that VLAN to the Guest SSID user profile.

 

I see that you've already set up this pool on your own DHCP server, but if VLANs aren't an option for your backend network, you could create a DHCP server on an AP that would only host your guest users and we could limit their IP pool to whatever you'd like so long as that same pool wasn't in use anywhere on your network. We could also set this up as a NAT DHCP so that the network behind the AP wouldn't need to host the VLAN that the guests are using. If any of that sounds like what you're looking for, just let me know and I can walk you through how to set it up.

 

Also this guide reviews how to set up the SSID so that users have no access to any internal resources and can only reach the internet when connected: https://thehivecommunity.aerohive.com/s/article/How-to-Configure-Guest-Internet-Access-Only

GTM-P2G8KFN