This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

DHCP for Guest network with no internal access

DHCP for Guest network with no internal access

TimP
New Contributor

‎07-15-2022 05:33 AM

Hello,

We've just got an Extreme Cloud IQ system and I want to quickly set up a separate Guest wifi network.  I want the guest network to be completely separate with no access to our internal network. 

I've created a new SSID and assigned it the default0-guest-profile, I can connect to the new SSID but the client PC does not get an IP address.  Is there somewhere that I need to configure DHCP for this specific SSID?  I’ve looked but can’t find a user guide on this so any help is appreciated

 

Thanks

0 Kudos
3 REPLIES 3

admin32
New Contributor

‎09-01-2022 02:47 PM

yeah I always thought this was a bit dumb, defaulting to vlan 1 same as management traffic, better to make your own guest profiles and vlans and use those, far easier to control and observe the users then, You can make firewall rules that only allow certian parts of your internal network or maybe just allow http for an intranet but not ip access for example

0 Kudos

TimP
New Contributor

‎07-15-2022 11:16 AM

Thanks Sam, I checked and it is the default VLAN of 1 but I expect this isn't set up on our network.  I'll double check and see what else I need to do.  Thanks for your guidance
0 Kudos

SamPirok
Community Manager Community Manager
Community Manager

‎07-15-2022 10:51 AM

Hi Tim, in the user profile where you set up the IP Firewall policy to all guest internet access only, there is another section for setting the VLAN for the traffic on this SSID. Can you check what VLAN is listed for this user profile? Is that VLAN set up all the way through your backend network to allow users to reach a DHCP server and your default gateway?

To confirm this, run a VLAN probe to see if we can get traffic to and from a DHCP server. The guides below review how to do this. 

Method 1 (on the CLI of the AP):

SSHing in to an AP
VLAN Probe via CLI

Method 2 (using the XIQ GUI instead of the CLI):

VLAN Probe in ExtremeCloud IQ

0 Kudos
GTM-P2G8KFN