Support
Community

Hi clillie360:

Are you looking into VLANs and/or SSIDs?  ADTRAN's Bluesocket WiFi platform functions from a virtualized controller they call vWLAN.  Conversely, AOS router (and switch) products can act as simple access point controllers for NetVanta 150/160-series APs.  Let us know your goal and we'll be glad to help!

Best,

CJ

This application guide is exactly what you need: 

Check out page 33 for a diagram confirming your design.  One important concept is that ADTRAN refers to Virtual Access Points (VAPs).  The idea is for you to create two VAPs (Private and Guest) which have different SSIDs.  Page 22 describes VAP setup.  VAPs are tied to VLANs for separation (page 19).  After you setup everything (VAPs/SSIDs tied to VLANS) on one access point, you can then apply the VAPs to each of your access points as a template.  The first AP is used as the Reference AP.  As you add access points, you simply apply the VAPs to them from the Reference AP. 

The guide includes examples with GUI screenshots and CLI commands.  Let us know how it goes, or if you have any specific questions!

CJ

It might be best to attach your configuration (be sure to remove any sensitive data from the CFG text file such as passwords or pre-shared keys).  But one of the things I encounter is the policy-class (security zone) for the guest network.  Assuming you created a new policy-class for guests, an allow policy must be in place for guest clients to request a DHCP address.

You wouldn't want to allow guests access to http or telnet for management though, only DHCP.  Possibly DNS too, if you're telling DHCP clients to use the 3430 as their DNS server.  This might do the trick:

!

ip access-list standard wizard-ics

  remark Internet Connection Sharing

  permit any

!

!

ip access-list extended RouterAdminAccess

  remark Types of connections used for management

  permit tcp any host 192.168.100.1 eq telnet

  permit tcp any host 192.168.100.1 eq ssh

  permit tcp any host 192.168.100.1 eq www

  permit tcp any host 192.168.100.1 eq https

!

ip access-list extended self

  remark Traffic to NetVanta

  permit ip any any

!

!

ip policy-class GUEST

  discard list RouterAdminAccess

  allow list self self

  nat source list wizard-ics interface eth 0/2 overload policy Public

!

ip policy-class Public

  ! implicit discard

!

In this example, the router's guest interface is 192.168.100.1 (also assigned in DHCP) and it's assigned to the GUEST security zone.  The Internet interface is in Public.  The order of policies listed under each policy-class is crucial. Here, we discard any connections from guests to the router used for administration, but then allow other, non-management connections.  DHCP requests would be part of that next "self" policy.  Last, we NAT out general Internet traffic like normal.

There could be other factors, so consider attaching your config (sanitized) if this doesn't help.

Chris

clillie360 -

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Noor