Want Internet only - No server access

  • 1
  • Question
  • Updated 4 years ago
  • Answered
using AP121's can we easily configure access points to give out IP addresses for all devices (iphone, tablets) so they can access internet only through our firewall
Photo of Karl Pedde

Karl Pedde

  • 3 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Bradley Chambers

Bradley Chambers, Champ

  • 302 Posts
  • 53 Reply Likes
Yes. You'll do that through firewall rules on the guest SSID's user profile
Photo of Karl Pedde

Karl Pedde

  • 3 Posts
  • 0 Reply Likes
Thanks for the reply, but it doesn't seem to work what I need is to setup two security settings. One for teachers to access our network and get IP from server and one for students and guests who can access Internet and get IP from AP. The one for teachers works since they along with everyone else can access Internet, but they are all getting IP from server which is using up all our IP addresses and I'd rather not increase range on server. Do you know if this is possible?

Using Software Version: 6.1r6a
along with AP 121


Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
You need two VLANs:

  • Staff VLAN - you should already have this.  Once a staff member associates you match them into a staff (teacher) user profile that assigns them to the staff VLAN.  The staff member's wireless client will send out a DHCP request and it will be serviced by the DHCP server(s) managing the staff VLAN.
  • Guest VLAN - this is a new VLAN you will need to create.  Once a guest associates you match them to a guest (student) user profile that assigns them to the guest VLAN.  On the access points configure a DHCP scope for the guest VLAN and create AP firewall rules that only allows DHCP, DNS and Internet access for the guest (student) user profile.