This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Separate Guest VLAN but GuestPortal only in Default VLAN: Unleashed R600

kyle_bogenberge
New Contributor II

‎01-17-2018 08:17 AM

As the title says, we are running a guest wifi on a separate vlan, which causes the management IP to unleashed to be unavailable. 

This is clearly a design flaw of the system, why offer vlan options if you can't use it for this. Cannot use guest wlan option under a separate vlan at all due to this. 
7 REPLIES 7

robert_miller_b
New Contributor III

‎01-17-2018 08:47 AM

You can do this very easily. Set your port as a trunk port and allow the VLANs you want. Set the management IP address on your management VLAN and set that as the native VLAN on your port. For example, this is what I did:

I set the ports on the switch to Trunk 802.1q with native VLAN 99 (management) and allowed VLANs 99, 30, 60. I want the regular traffic on 30 and the guest traffic on 60.
I gave the APs management addresses of xx.xx.99.xx and you have to set the VLAN on the AP to 1 (the AP is going to see VLAN 99 as the native VLAN, i.e. VLAN 1.
0 Kudos

kyle_bogenberge
New Contributor II
In response to robert_miller_b

‎01-17-2018 08:51 AM

Are you using guest authentication on the guest network?

Even in your scenario i think the management ip is not available on the guest vlan. Also this is a security risk opening up to have the management IP available to the guest network. 
0 Kudos

robert_miller_b
New Contributor III
In response to robert_miller_b

‎01-17-2018 09:01 AM

You don't want the management IP available on the guest VLAN. Actually, I went back and looked at my configs again and what I gave was incorrect -- I am not using the management IP on the Ruckus setup (was confusing it with another Meraki net I've set up -- sorry to muddy the waters, but it should work in any case). This is what I did on the Ruckus setup:
Set the ports on the switch as Trunk 802.1q and allow VLANs 30 (employees) and 60 (guest). Set native VLAN to 30.
Set IP addresses for the APs on the xx.xx.30.xx subnet.
Under WLAN setup, set the access VLAN to 1 for the employee SSID and 60 for the guest SSID.
Restrict subnet access on the guest SSID.
I can manage my APs through the employee network, but not through the guest network.
0 Kudos

kyle_bogenberge
New Contributor II
In response to robert_miller_b

‎01-17-2018 09:10 AM

Are you running your guest SSID as a 'standard' network type? 

I have the vlan working for normal networks, when i introduce 'guest mode' where it's prompting the user to accept to terms is where my issue lies, since that is done via the management IP address of the AP/Unleashed. 
0 Kudos
Copyright © 2024 Khoros, LLC