cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
New Contributor

How do you configure multiple VWlans

I am new to using adtran routers and trying to learn how to configure the router to control 2 VWLANS i am not sure where to begin.

Labels (1)
Tags (3)
0 Kudos
Reply
7 Replies
Highlighted
Valued Contributor
Valued Contributor

Re: How do you configure multiple VWlans

Hi clillie360:

Are you looking into VLANs and/or SSIDs?  ADTRAN's Bluesocket WiFi platform functions from a virtualized controller they call vWLAN.  Conversely, AOS router (and switch) products can act as simple access point controllers for NetVanta 150/160-series APs.  Let us know your goal and we'll be glad to help!

Best,

CJ

Highlighted
New Contributor

Re: How do you configure multiple VWlans

I am looking at setting up multiple ssid's one for the private network and the other a guest network using the netvanta 3448 controlling 2 netvanta 150's

0 Kudos
Highlighted
Valued Contributor
Valued Contributor

Re: How do you configure multiple VWlans

This application guide is exactly what you need: 

Check out page 33 for a diagram confirming your design.  One important concept is that ADTRAN refers to Virtual Access Points (VAPs).  The idea is for you to create two VAPs (Private and Guest) which have different SSIDs.  Page 22 describes VAP setup.  VAPs are tied to VLANs for separation (page 19).  After you setup everything (VAPs/SSIDs tied to VLANS) on one access point, you can then apply the VAPs to each of your access points as a template.  The first AP is used as the Reference AP.  As you add access points, you simply apply the VAPs to them from the Reference AP. 

The guide includes examples with GUI screenshots and CLI commands.  Let us know how it goes, or if you have any specific questions!

CJ

Highlighted
New Contributor

Re: How do you configure multiple VWlans

So i have set that up and made sure that all the settings are correct but the guest wi-fi is not obtaining an IP address, so there is no internet connection i have set the DHCP scope for that network on the router the domain controller is handling dhcp for the native vlan

0 Kudos
Highlighted
Valued Contributor
Valued Contributor

Re: How do you configure multiple VWlans

It might be best to attach your configuration (be sure to remove any sensitive data from the CFG text file such as passwords or pre-shared keys).  But one of the things I encounter is the policy-class (security zone) for the guest network.  Assuming you created a new policy-class for guests, an allow policy must be in place for guest clients to request a DHCP address.

You wouldn't want to allow guests access to http or telnet for management though, only DHCP.  Possibly DNS too, if you're telling DHCP clients to use the 3430 as their DNS server.  This might do the trick:

!

ip access-list standard wizard-ics

  remark Internet Connection Sharing

  permit any

!

!

ip access-list extended RouterAdminAccess

  remark Types of connections used for management

  permit tcp any host 192.168.100.1 eq telnet

  permit tcp any host 192.168.100.1 eq ssh

  permit tcp any host 192.168.100.1 eq www

  permit tcp any host 192.168.100.1 eq https

!

ip access-list extended self

  remark Traffic to NetVanta

  permit ip any any

!

!

ip policy-class GUEST

  discard list RouterAdminAccess

  allow list self self

  nat source list wizard-ics interface eth 0/2 overload policy Public

!

ip policy-class Public

  ! implicit discard

!

In this example, the router's guest interface is 192.168.100.1 (also assigned in DHCP) and it's assigned to the GUEST security zone.  The Internet interface is in Public.  The order of policies listed under each policy-class is crucial. Here, we discard any connections from guests to the router used for administration, but then allow other, non-management connections.  DHCP requests would be part of that next "self" policy.  Last, we NAT out general Internet traffic like normal.

There could be other factors, so consider attaching your config (sanitized) if this doesn't help.

Chris

Highlighted
Anonymous
Not applicable

Re: How do you configure multiple VWlans

clillie360 -

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Noor

0 Kudos
Highlighted
New Contributor

Re: How do you configure multiple VWlans

ip subnet-zero

ip classless

ip routing

ipv6 unicast-routing

!

!

ip firewall

no ip firewall alg msn

no ip firewall alg mszone

no ip firewall alg h323

no ip firewall alg sip

!

dot11ap access-point-control

!

!

!

vlan 1

  name "Default"

!

vlan 10

  name "Guest Network"

  shutdown

!

!

!

no ethernet cfm

!

!

interface switchport 0/1

  no shutdown

!

interface switchport 0/2

  no shutdown

!

interface switchport 0/3

  no shutdown

!

interface switchport 0/4

  no shutdown

!

interface switchport 0/5

  no shutdown

!

interface switchport 0/6

  no shutdown

!

interface switchport 0/7

  no shutdown

!

interface switchport 0/8

  no shutdown

!

!

interface vlan 1

  ip address  x.x.x.x  255.255.255.0

  ip access-policy Private

  no shutdown

!

interface vlan 10

  ip address  x.x.x.x  255.255.255.255

  ip mtu 1500

  no shutdown

!

!

interface dot11ap 1 ap-type nv16x

  encapsulation 802.1q awcp-vlan 1 native priority 7

!

!

interface dot11ap 1/1 radio-type 802.11bg

  radio-mode gn

  no packet-aggregation

  no shutdown

!

!

interface dot11ap 1/1.1

  ssid broadcast-mode "SECURE"

  security mode wpa tkip aes-ccmp psk securepass

  no shutdown

!

interface dot11ap 1/1.2

  vlan-id 10

  ssid broadcast-mode "GUEST"

  security mode wpa tkip aes-ccmp psk guestpass

  shutdown

!

!

interface dot11ap 1/2 radio-type 802.11a

  shutdown

!

!

!

interface dot11ap 2 ap-type nv16x

  encapsulation 802.1q awcp-vlan 1 native priority 7

!

!

interface dot11ap 2/1 radio-type 802.11bg

  radio-mode gn

  no packet-aggregation

  no shutdown

!

!

interface dot11ap 2/1.1

  ssid broadcast-mode "SECURE"

  security mode wpa tkip aes-ccmp psk securepass

  no shutdown

!

interface dot11ap 2/1.2

  vlan-id 10

  ssid broadcast-mode "GUEST"

  security mode wpa tkip aes-ccmp psk guestpass

  shutdown

!

!

interface dot11ap 2/2 radio-type 802.11a

  shutdown

!

!

!

!

!

ip access-list standard natpool

  permit any

!

ip access-list standard self

  permit any

!

!

!

ntp source ethernet 0/1

ntp master 2

ntp update-rtc

ntp server 0.pool.ntp.org source ethernet 0/1 prefer

!

!

!

!

!

end

0 Kudos