This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How do I create an SSID with only internet access on WM3600 with AP4610s

How do I create an SSID with only internet access on WM3600 with AP4610s

CHRLX-ENG
New Contributor

‎01-14-2015 11:27 PM

I need to create an SSID for our clients that will only allow internet traffic. I want to block all other traffic to our LAN. How can I accomplish this? Thanks in advance.
0 Kudos
7 REPLIES 7

PARTHIBAN_CHINN
Contributor

‎01-16-2015 10:35 AM

Here is the guide for basic controller configuration

https://www.dropbox.com/s/4kb5p5rl1ycxakl/SVC%20Tech%20Implementation%20Guide%20WM3000%20Series%20SW...
use this as a reference.

0 Kudos

PARTHIBAN_CHINN
Contributor

‎01-16-2015 05:56 AM

b5554cb4e8164599bccd581e727e9293_RackMultipart20150116-1890-fzm0wt-wireless_inline.png


Note:Assumed L2 switch is a POe enabled switch.

I assume your default gateway is wireless controller and routing is done in controller
1.Assign ip address to controller
2.Create a wlan and map the ssid to the vlan.
Note:bridge mode "local" and bridge mode "tunnel" are two options.
3.map the required secuirty setting in the wlan. [wep,wpa2 etc]
4.Map the wlan to the radios.[wlan mapping]
This will get your wireless network up and running.
with static ip to clients.
now if needed you can use wireless controller as DHCP server or use and external dhcp server
for wireless clients
Gui is the easiest way to configure the controller.

Once the above steps are followed implemented and tested.

Add acl in controller to block specific subnets so that wireless subnets can access only internet.
below is the syntax.reference guide and user guides are available.

http://extrcdn.extremenetworks.com/wp-content/uploads/2014/01/WM3000CLIReferenceGuide_5.2.pdf

deny ip [|any|host ] [|any|host]
[log rule-precedence <1-5000>|rule-precedence <1-5000>]
{rule-description }

Hope this throws some light for your requirement.
0 Kudos

CHRLX-ENG
New Contributor

‎01-15-2015 09:52 PM

Parthiban... I appreciate your reply, but it is very vague. How can I accomplish what you are recommending? Thank you.
0 Kudos

CHRLX-ENG
New Contributor

‎01-15-2015 09:51 PM

Daniel... The router is on a different VLAN and therefore cannot be used as a default gateway. Thanks.

0 Kudos
GTM-P2G8KFN