<
WiFi
Network 's configuration for a Hotel
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Network 's configuration for a Hotel
Posts: 4
Helpful: 1
Solutions: 0
Stories: 0
Registered: 2018-01-30
2018-01-30 09:22:47
Posts: 4
Helpful: 1
Solutions: 0
Stories: 0
Registered: 2018-01-30
Network 's configuration for a Hotel
2018-01-30 09:22:47
Tags:
Models : TL-R480T+, T1700G-28TQ, T1600G-28PS, AC50
Hardware Version : TL-R480T+ v8.0, T1700G-28TQRev2, T1600G-28PS 2.0, AC50 v1.0
Firmware Version : 1.2.0 Build 20160809 Rel.40742s, 2.0.1 Build 20170608 Rel.61525(s), 2.0.0 Build 20160922 Rel.58984(s), 1.0.1 Build 20170706 Rel.72258
ISP : Orange
Hello everyone,
I am not a vlan expert :p and i need help for to configure my hotel's network.
I have already configured the ssid name and add the network to all CAPs.
Everything is working.
I joined a plan to see how it's working.
And i want :
- Customers should not see each other,
- Customers must not access to the lan network (AC50, router, switchs)
Is it better to put each cap in a different vlan or group them all in one ?
What is the "vlan blinding" of the AC50 ?
What is the best recommended configuration ?
Sincerely yours.
Hardware Version : TL-R480T+ v8.0, T1700G-28TQRev2, T1600G-28PS 2.0, AC50 v1.0
Firmware Version : 1.2.0 Build 20160809 Rel.40742s, 2.0.1 Build 20170608 Rel.61525(s), 2.0.0 Build 20160922 Rel.58984(s), 1.0.1 Build 20170706 Rel.72258
ISP : Orange
Hello everyone,
I am not a vlan expert :p and i need help for to configure my hotel's network.
I have already configured the ssid name and add the network to all CAPs.
Everything is working.
I joined a plan to see how it's working.
And i want :
- Customers should not see each other,
- Customers must not access to the lan network (AC50, router, switchs)
Is it better to put each cap in a different vlan or group them all in one ?
What is the "vlan blinding" of the AC50 ?
What is the best recommended configuration ?
Sincerely yours.
File:
Network's schema.pngDownload
#1
Options
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Thread Manage
Announcement Manage
5 Reply
Posts: 80
Helpful: 10
Solutions: 2
Stories: 0
Registered: 2018-07-24
Re:Network 's configuration for a Hotel
2018-01-30 16:40:20
j0sepHiroT wrote
Customers should not see each other
You can set "AP Isolation" at Radio > Wireless > Wireless Service> SSID configuration, then it will isolate the wireless clients connected to the same AP. And customer at different VLAN can't communicate with each other.
Customers must not access to the lan network (AC50, router, switchs)
Since you need username/password to login the management page of AC50, Router, Switchs, it is not easy for customer to access these devices.
And you can set other wired devices to other VLAN.
Is it better to put each cap in a different vlan or group them all in one ?
What is the "vlan blinding" of the AC50 ?
In this situation, you'd better put CAPs to different VLAN, and make sure AC50 belongs to all these VLAN. Then customers can't not see each other, but can connect to Internet.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#2
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 4
Helpful: 1
Solutions: 0
Stories: 0
Registered: 2018-01-30
Re:Network 's configuration for a Hotel
2018-01-30 22:50:48
Hi Tammy007, thanks you !
Yes it's set.
I mean that if clients will connect to a CAP, they will not can access to router's page at 192.168.0.1 for example. I read somewhere something about ACL on switch, but i don't know if it possible to block it.
Allright. On the AC50 is it necessary to set every CAP on each VLAN when those Vlan are been allready set on the switchs
Like CAP300-9 on VLAN 100, CAP300-0 on VLAN 101,...
Take a look at how i have configured these ports :
Tammy007 wrote
You can set "AP Isolation" at Radio > Wireless > Wireless Service> SSID configuration, then it will isolate the wireless clients connected to the same AP. And customer at different VLAN can't communicate with each other.
Yes it's set.
Since you need username/password to login the management page of AC50, Router, Switchs, it is not easy for customer to access these devices.
And you can set other wired devices to other VLAN.
I mean that if clients will connect to a CAP, they will not can access to router's page at 192.168.0.1 for example. I read somewhere something about ACL on switch, but i don't know if it possible to block it.
In this situation, you'd better put CAPs to different VLAN, and make sure AC50 belongs to all these VLAN. Then customers can't not see each other, but can connect to Internet.
Allright. On the AC50 is it necessary to set every CAP on each VLAN when those Vlan are been allready set on the switchs
Like CAP300-9 on VLAN 100, CAP300-0 on VLAN 101,...
Take a look at how i have configured these ports :
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#3
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 80
Helpful: 10
Solutions: 2
Stories: 0
Registered: 2018-07-24
Re:Network 's configuration for a Hotel
2018-02-01 16:10:57
j0sepHiroT wrote
I mean that if clients will connect to a CAP, they will not can access to router's page at 192.168.0.1 for example. I read somewhere something about ACL on switch, but i don't know if it possible to block it.
Yes, you can block it with ACL on switch. Just set the source IP address as the subnet of CAP and the destination IP address as 192.168.0.1(the interface of router)
Allright. On the AC50 is it necessary to set every CAP on each VLAN when those Vlan are been allready set on the switchs
Like CAP300-9 on VLAN 100, CAP300-0 on VLAN 101,...
Yes, you need to set the VLAN interface of AC50 to include all the VLAN of CAP. Then you need to set DHCP pools for all the VLAN of CAP, and the target of DHCP server should be "For AP and client"
Take a look at how i have configured these ports :
The access port means engress data without VLAN tag. All of the ports above should be trunk port(PVID can set to 1) or general port with tag, except port 10 of T1700-28TQ.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#4
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 4
Helpful: 1
Solutions: 0
Stories: 0
Registered: 2018-01-30
Re:Network 's configuration for a Hotel
2018-02-02 03:51:08
Hello Tammy007, thanks a lot :)
I need to block access to the router's web page 192.168.0.1 , the 2 switchs : 192.168.0.2 and 192.168.0.3 and the AC50 at 192.168.0.253
Everything will just works fine after that ?
My dhcp adress pool begins at 192.168.0.1/24 and if i sets it for the S-IP nothing could works again.
Ok, finally i try to do something similar to this configuration and the target of DHCP server is "For AP only" on the AC50.
Ok.
The configuration updated :
On AC50, every CAP is tagged on its VLAN and everything works great ! :p
Tammy007 wrote
Yes, you can block it with ACL on switch. Just set the source IP address as the subnet of CAP and the destination IP address as 192.168.0.1(the interface of router)
I need to block access to the router's web page 192.168.0.1 , the 2 switchs : 192.168.0.2 and 192.168.0.3 and the AC50 at 192.168.0.253
Everything will just works fine after that ?
My dhcp adress pool begins at 192.168.0.1/24 and if i sets it for the S-IP nothing could works again.
Yes, you need to set the VLAN interface of AC50 to include all the VLAN of CAP. Then you need to set DHCP pools for all the VLAN of CAP, and the target of DHCP server should be "For AP and client"
Ok, finally i try to do something similar to this configuration and the target of DHCP server is "For AP only" on the AC50.
The access port means engress data without VLAN tag. All of the ports above should be trunk port(PVID can set to 1) or general port with tag, except port 10 of T1700-28TQ.
Ok.
The configuration updated :
On AC50, every CAP is tagged on its VLAN and everything works great ! :p
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#5
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 80
Helpful: 10
Solutions: 2
Stories: 0
Registered: 2018-07-24
Re:Network 's configuration for a Hotel
2018-02-02 17:27:37
j0sepHiroT wrote
I need to block access to the router's web page 192.168.0.1 , the 2 switchs : 192.168.0.2 and 192.168.0.3 and the AC50 at 192.168.0.253
Everything will just works fine after that ?
My dhcp adress pool begins at 192.168.0.1/24 and if i sets it for the S-IP nothing could works again.
You can set the destination IP address as 192.168.0.1/32, then it will block 192.168.0.1 only.
On AC50, every CAP is tagged on its VLAN and everything works great ! :p
Do you mean clients are working fine when they connect to CAP? But in my opinion, all the general port need to be "tag' port, except port 10 of T1700-28TQ. If the Engress rule of these ports are 'untag', the output packets of these ports will not be attached VLAN 'tag', then CAP may throw these packets away. Or you can change these general port to trunk port directly.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#6
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 4
Helpful: 1
Solutions: 0
Stories: 0
Registered: 2018-01-30
2018-01-30 09:22:47
Posts: 4
Helpful: 1
Solutions: 0
Stories: 0
Registered: 2018-01-30
Information
Helpful: 0
Views: 1290
Replies: 5
Voters 0
No one has voted for it yet.
Tags
Related Articles
Report Inappropriate Content
Transfer Module
New message