cancel
Showing results for 
Search instead for 
Did you mean: 

Unleashed: Separate Guest VLAN but GuestPortal only in Default VLAN

jimmy_van_der_m
New Contributor II
The R500 Unleashed publishes its Guest Portal on its management IP address.
We setup a separate VLAN for Guests with only internet-access through a fully separated proxy.
The guests in that separate VLAN are redirected to the (unreachable) management IP address for authentication.

To clarify, here is a larger explaination:
Ruckus Unlaeshed AP has fixed IP address 192.168.0.241.It has no option for VLAN tagging settings on it's management, so on the switch we let it land on the default untagged VLAN 1.
For simplicity, we leave it VLAN 1, which is then also our own internal management network.


We create several WLANs, each with a different VLAN setting.
These are recognized on the swich as Tagged VLANs, so we can fully separate them (separate from each other and from our management network).


One WLAN we use for Guests, so we configure the Ruckus internal Guest Portal.
On the Ruckus, this WLAN is configured with VLAN 2 to be fully separated from management and any other network.
Only the Ruckus and a internet proxy are in this network, connected by the switch on VLAN 2.
To avoid confusion, we use a different IP segment: 10.0.0.x on this network.
(but there is nothing on the Ruckus to make the Ruckus aware of that)


When I use a tablet as Guest device and connect to the Guest WLAN, I get redirected to 192.168.0.241 for entering my Guest code.
Since 192.168.0.241 is not reachable from the 10.0.0.x (because it is not in the same IP segment, not routed AND because we are on a different VLAN), it gives a timeout.
Also, we don't want to make 192.168.0.241 available on the Guest network, because that imposes a huge security risk (it's also the management IP).
7 REPLIES 7

louis_philippe_
New Contributor II
I second Jimmy's "feature request" as this is definitely a limitation of the unleashed AP. It has only one IP on the default VLAN for everything, including guest authentication and also for guest pass generation. This is also a security issue as I would like to keep the management IP in a dedicated management VLAN which is not accessible by users, then have the guest login and guest pass generation web pages on another VLAN, maybe even two separate VLANs.

jonhan
New Contributor
 This was never resolved?? It seems like an important distinction that should be clarified.

felix_winter
New Contributor

I want to bring this up again. Running Firmware 200.12.10.5.234 on a H550.

In the unleashed Dashboard I can choose for Guest Network under WLAN Priority different VLAN (default 1). 

I can set 3 as it is my VLAN for Guest as set in the firewall/router 192.168.3.1/24 range.

But the acces portal still use the number 2 range of the AP IP 192.168.2.1/24 . I would like to hide this network.

I can denay acces with roules

Any documentation how the VLAN feature should be used correctly?

thank you. 

PS I just switched my WAP from outdated Xclaim to up to date ruckus WAP.