This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AP7632 (firmware 5.9.1.5-001R) a few questions

AP7632 (firmware 5.9.1.5-001R) a few questions

Ivaylo
New Contributor

‎02-12-2020 06:39 AM

Hello everybody!

I am new to the world of extreme AP`s and i have a few questions 🙂

I have 3 types of Ap`s- 6521,7622 and 7632. I updated the firmware to  5.9.1.5-001R on all of them.

Also have 2 VC - one 6521 and one 7622.

6521 are wing express and they cant see the 7622 and 7632, which are only WING.

7622 sees only 7622 ap`s.

7632 sees all the AP`s.

1st question - can i make all app`s to be adopted by only 1 VC (for instance the 7622 VC, because its interface is not so difficult to understand).

2nd question - can i make the 7632 VC to adopt all other ap`s, and if it is possible, please tell me how to make a guest wi-fi on 7632.

0 Kudos
15 REPLIES 15

Christoph_S
Extreme Employee

‎02-18-2020 09:20 PM

It security is paramount, you should create a VLAN on you network that is specifically tailored for your guest users (segregated from the rest of your corp network). This is done at router/switch level. Then you simply create a WLAN on the AP and map it to this VLAN (make sure that you trunk the ge 1 port and allow all vlans out). No need for ACLs or anything else in this case. 

Second option would be Natting. This way you will have the guest WLAN on its own subnet and natted to the corp network. Here are the instructions: https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-Natting-on-a-WiNG-Express...

Third option would  be to have the guests and corp users on the same network but use an ACL to route traffic on the guest side to the internet. This is the least secure and should be a last resort. 

Christoph S.
0 Kudos

Ivaylo
New Contributor

‎02-18-2020 03:15 PM

Ok, let`s start from the begining.

I reseted all 7632 APs and created SSID for the office.

Now i want to create another SSID for guest users so that they do not have access to the main network (in this case 10.10.10.1 and 10.10.11.1). What steps should i go through to create it?

I am using GUI, the web interface this time.

0 Kudos

Christoph_S
Extreme Employee

‎02-14-2020 03:48 PM

At this point it may be advisable to contact GTAC and open a support ticket for in depth analysis of issue. 

 

Thank you

Christoph S.
0 Kudos

Ivaylo
New Contributor

‎02-14-2020 03:02 PM

I`ve tried both, but It is the same again.

my DGW is 10.10.10.1

Any ideas?

0 Kudos

Christoph_S
Extreme Employee

‎02-14-2020 01:26 PM

Let’s say your fist deny rule looks like this:

deny ip any 172.16.16.0/22 rule-precedence 10

The default gateway rule would look like something like this:

permit ip any host 172.16.16.110 rule-precedence 9     (DGW IP is 172.16.16.110)

The DNS rule will look like this:

permit udp any any eq dns rule-precedence 8

 

Thank you,

 

Chris

Christoph S.
0 Kudos
GTM-P2G8KFN