DHCP Guest Access Assign different scope to different SSID's

  • 1
  • Question
  • Updated 3 years ago
  • Answered

Running three SSID's.  One is the Corporate SSID -- all good - from this point on, not talking about them.

The others are a Registered Guests SSID and the other is Regular Guests SSID.  Right now the Registered Guests and Regular Guests are getting intermixed DHCP IP addresses.   I would like to give the registered guests one range of IP addresses and the regular guests another.  I want to do this so on our filtering gateway (next hop) I can do some filtering to sites if they are registered or not.  We are assigning 10.x.x.x addresses in the DHCP scope, so I don't care if the separation is a unique class B or C range.  

Is there anyway to simply do this?  I was thinking that we should just be able to assign a DHCP SCOPE to each SSID and put both scopes in the same VLAN.

Thanks, Dennis

Photo of Dennis

Dennis

  • 4 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of J. Goodnough

J. Goodnough, Champ

  • 266 Posts
  • 32 Reply Likes
Different user profiles with different firewall rules but same VLAN?
Photo of Dennis

Dennis

  • 4 Posts
  • 0 Reply Likes

I don't really care....I just want them to have different IP addresses so my filtering appliance can make some determinations.  Doesn't matter if it is same VLAN or user profiles, just want identifiable IP addresses based on the SSID they are using.   Trying to use the easiest way possible without using more hardware or making it too confusing.

Thanks, Dennis

Photo of J. Goodnough

J. Goodnough, Champ

  • 266 Posts
  • 32 Reply Likes
Ah, i misinterpreted, I thought you were going to use Aerohive's filtering abilities. You're going to want to make two user profiles that match to two different VLANs each with their own scope.
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
Putting them into 2 different VLANs is the "easier" option as this is the common way to do it, and well supported by all kinds of equipment. So you assign 2 different user profiles, and each user profile assigns a different VLAN, and each VLAN provides a different subnet. This design has to be, of course, supported by and configured on your switches and filtering appliance (which I assume is the router for all VLANs as well). But as you have a dedicated Corporate SSID already, I assume that the rest of your infrastructure supports that as well.

Now... if 2 different VLANs are, for some reason, not possible, you need to use 2 different DHCP servers, each with a different scope. For this, you want to manipulate the DHCP server & relay settings on each Access Point, under Server Settings. Honestly I am not sure if this is really doable with Aerohive, but if yes, I believe this should point you into the right direction.