2 different subnet for 2 different SSID

  • 1
  • Question
  • Updated 2 years ago
Hello everybody,

I have the following scenario, our Aerohive is connected to a checkpoint firewall, the firewall is providing ip addresses for internet access. right now we have 1 Vlan and 2 SSID sharing same profile (address range for these 2 are 192.168.1.x), I was asked to create a new SSID to be used by specific people and they want to be on different VLAn.

what i did i create new Vlan for these specific people in aerohive, create new profile also create DHCP server in Aerohive with subnet 10.0.0.x assign this DHCP server to access point i want.

the problem i can connect to this specific vlan i can get all config (IP,subnet and dns which i used the google public dns) but i can't access the internet.

I've tried to ping the google dns ip from my iphone using the tool "inet tools" but getting request time out.

what do you suggest guys? 
Photo of Robert

Robert

  • 3 Posts
  • 1 Reply Like

Posted 2 years ago

  • 1
Photo of Will Rhodes

Will Rhodes

  • 45 Posts
  • 9 Reply Likes
Check to make sure you have an outbound NAT rule setup in your checkpoint firewall to handle the new 10.0.0.x subnet.
(Edited)
Photo of Robert

Robert

  • 3 Posts
  • 1 Reply Like
is there a way to create static route from GUI on the aerohive?
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
Robert, you need to be clear about your network design first. It sounds like you only created the new VLAN on the Aerohive APs, but your whole network infrastructure (Switches and Firewall) should support it!

A clean design would be to add this new VLAN on the Firewall which would then be the default gateway. Ideally even the DHCP server, but that's up to you. This VLAN must be tagged on the link to your switches, and also on all ports where you connect Aerohive Access Points. If you want to keep the DHCP server on one Access Point you can do that, but make sure that the correct default gateway and DNS servers are given via DHCP as well.
Photo of Robert

Robert

  • 3 Posts
  • 1 Reply Like
i resolved the issue, i had to tag the vlan on the switch too.
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
Do you know the VLAN probe tool?
http://boundless.aerohive.com/blog/its-not-a-wi-fi-problem--use-vlan-probe-to-troubleshoot-the-wired...

It can help you save a lot of time, sometimes ;-)