Hi clillie360:
Are you looking into VLANs and/or SSIDs? ADTRAN's Bluesocket WiFi platform functions from a virtualized controller they call vWLAN. Conversely, AOS router (and switch) products can act as simple access point controllers for NetVanta 150/160-series APs. Let us know your goal and we'll be glad to help!
Best,
CJ
I am looking at setting up multiple ssid's one for the private network and the other a guest network using the netvanta 3448 controlling 2 netvanta 150's
This application guide is exactly what you need:
Check out page 33 for a diagram confirming your design. One important concept is that ADTRAN refers to Virtual Access Points (VAPs). The idea is for you to create two VAPs (Private and Guest) which have different SSIDs. Page 22 describes VAP setup. VAPs are tied to VLANs for separation (page 19). After you setup everything (VAPs/SSIDs tied to VLANS) on one access point, you can then apply the VAPs to each of your access points as a template. The first AP is used as the Reference AP. As you add access points, you simply apply the VAPs to them from the Reference AP.
The guide includes examples with GUI screenshots and CLI commands. Let us know how it goes, or if you have any specific questions!
CJ
So i have set that up and made sure that all the settings are correct but the guest wi-fi is not obtaining an IP address, so there is no internet connection i have set the DHCP scope for that network on the router the domain controller is handling dhcp for the native vlan
It might be best to attach your configuration (be sure to remove any sensitive data from the CFG text file such as passwords or pre-shared keys). But one of the things I encounter is the policy-class (security zone) for the guest network. Assuming you created a new policy-class for guests, an allow policy must be in place for guest clients to request a DHCP address.
You wouldn't want to allow guests access to http or telnet for management though, only DHCP. Possibly DNS too, if you're telling DHCP clients to use the 3430 as their DNS server. This might do the trick:
!
ip access-list standard wizard-ics
remark Internet Connection Sharing
permit any
!
!
ip access-list extended RouterAdminAccess
remark Types of connections used for management
permit tcp any host 192.168.100.1 eq telnet
permit tcp any host 192.168.100.1 eq ssh
permit tcp any host 192.168.100.1 eq www
permit tcp any host 192.168.100.1 eq https
!
ip access-list extended self
remark Traffic to NetVanta
permit ip any any
!
!
ip policy-class GUEST
discard list RouterAdminAccess
allow list self self
nat source list wizard-ics interface eth 0/2 overload policy Public
!
ip policy-class Public
! implicit discard
!
In this example, the router's guest interface is 192.168.100.1 (also assigned in DHCP) and it's assigned to the GUEST security zone. The Internet interface is in Public. The order of policies listed under each policy-class is crucial. Here, we discard any connections from guests to the router used for administration, but then allow other, non-management connections. DHCP requests would be part of that next "self" policy. Last, we NAT out general Internet traffic like normal.
There could be other factors, so consider attaching your config (sanitized) if this doesn't help.
Chris
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons. If you have any additional information on this that others may benefit from, please come back to this post to provide an update. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Noor
ip subnet-zero
ip classless
ip routing
ipv6 unicast-routing
!
!
ip firewall
no ip firewall alg msn
no ip firewall alg mszone
no ip firewall alg h323
no ip firewall alg sip
!
dot11ap access-point-control
!
!
!
vlan 1
name "Default"
!
vlan 10
name "Guest Network"
shutdown
!
!
!
no ethernet cfm
!
!
interface switchport 0/1
no shutdown
!
interface switchport 0/2
no shutdown
!
interface switchport 0/3
no shutdown
!
interface switchport 0/4
no shutdown
!
interface switchport 0/5
no shutdown
!
interface switchport 0/6
no shutdown
!
interface switchport 0/7
no shutdown
!
interface switchport 0/8
no shutdown
!
!
interface vlan 1
ip address x.x.x.x 255.255.255.0
ip access-policy Private
no shutdown
!
interface vlan 10
ip address x.x.x.x 255.255.255.255
ip mtu 1500
no shutdown
!
!
interface dot11ap 1 ap-type nv16x
encapsulation 802.1q awcp-vlan 1 native priority 7
!
!
interface dot11ap 1/1 radio-type 802.11bg
radio-mode gn
no packet-aggregation
no shutdown
!
!
interface dot11ap 1/1.1
ssid broadcast-mode "SECURE"
security mode wpa tkip aes-ccmp psk securepass
no shutdown
!
interface dot11ap 1/1.2
vlan-id 10
ssid broadcast-mode "GUEST"
security mode wpa tkip aes-ccmp psk guestpass
shutdown
!
!
interface dot11ap 1/2 radio-type 802.11a
shutdown
!
!
!
interface dot11ap 2 ap-type nv16x
encapsulation 802.1q awcp-vlan 1 native priority 7
!
!
interface dot11ap 2/1 radio-type 802.11bg
radio-mode gn
no packet-aggregation
no shutdown
!
!
interface dot11ap 2/1.1
ssid broadcast-mode "SECURE"
security mode wpa tkip aes-ccmp psk securepass
no shutdown
!
interface dot11ap 2/1.2
vlan-id 10
ssid broadcast-mode "GUEST"
security mode wpa tkip aes-ccmp psk guestpass
shutdown
!
!
interface dot11ap 2/2 radio-type 802.11a
shutdown
!
!
!
!
!
ip access-list standard natpool
permit any
!
ip access-list standard self
permit any
!
!
!
ntp source ethernet 0/1
ntp master 2
ntp update-rtc
ntp server 0.pool.ntp.org source ethernet 0/1 prefer
!
!
!
!
!
end