1

Hi guys I need to do the following.

http://s17.postimg.org/nns8pmx1r/WLAN_DESING.jpg

I have this client. He wants this new WLAN connected to the firewall. But he wants 3 SSID 1 with a different access politics.

For example VIP has full access with DHCP for the ip

Guest same but with Restriction block porn site etc.

Employees Just access to the LAN servers no internet.

I dont know if I Ubiquity has any mechanisn to do this. If not I need to use the firewall. I going to do the following let me know if I am in the right path.

In the X3 port I going to creat subinterfaces with each VLAN. Then I going to create a ZONE for each SSID. And apply the correct content filter politics.

The switch is SG300 I going to create a trunk connected to the X3 and Each AP will have the 3 different VLAN/SSID so Each AP connected to the switch should be a trunk port right?

So what do you think? Any advice or a better idea?

Let me know,

Thank you

1 Spice up
2

I can tell you this would be a lot easier with a SonicPoint.

3

I know but they wanted a lot of APs for this site. And under a tight budget the ubiquity was the best option.

4

I have it setup like this at a client. just a corp and guest network. Guest network has a direct path to the interwebs.

Each SSID is on its own subnet and VLAN.

The DHCP server hands off addresses to the correct VLAN via IP Relay on the SonicWall NSA 240.

Its a pretty straight forward setup.

2 Spice ups
5

What about the Switch/Switches Trunking ports between AP and Switch right?

6

Do you have managed switches, if so, you need to pass tagged traffic along to your destination (AP’s), if you don’t have managed switches, you might need to get some, or in this case unify switch on the cheep so that you can control it from the same place as your AP’s

7

You will need to create sub-if on the SonicWALL for each wlan that you want to use.

Here is how you should do it:

  • Create your zones for each network and assign them to wireless security type and make sure to uncheck only allow traffic from sonicpoints. (Edit: you can also assign them to the trusted security type, I have seen it done both ways) I would also not allow the SonicWALL to auto create your rules between zones for you. This will make you create all firewall rules between your zones manually, which is good!
  • Create your sub-if with vlan tags and assign each zone. Use a separate port on the SonicWALL if you would like. If not create the sub-if from your main LAN port. Make sure you understand how that should work with tagging and trunking to your switch.
  • Plug in a managed switch to this port and make it a trunk port that allows the vlans you specified during the creation of your sub-if on the SonicWALL
  • Create a trunk port in the exact same fashion you did to the SonicWALL, but now on the ports where the AP’s will be plugged in
  • Configure your AP’s with different SSID’s and specify the VLANs in the section during the SSID creation
  • Test and have fun
1 Spice up
8

Thank you,

1 Spice up