Welcome to TP-LINK Tech Support Forum
+ Reply to Thread
Results 1 to 5 of 5
  1. #1
    Junior Member WayMB is on a distinguished road
    Join Date
    Jan 2018
    Posts
    1

    CAP 50 - isolate guest clients from lan

    Model :

    Hardware Version :

    Firmware Version :

    ISP : [/COLOR]

    Hello, i found an issue with configuring the cap50 wireless controller.

    I need to create 2 ssid
    the first with full access in my network
    the second (guest) with no possibility to access the other clients on the same lan.

    With wireless isolation the only goal i get is to isolate the wireless clients each others, but the rest of the lan keeps to be reachable from the wireless devices.

    With the EAP software i solved the issue in an access list style area where i made a proper rule and got the goal.

    Is it possible to get the same result with the cap50 wireless controller? ...the router i have cannot handle VLANs, so there is no possibility to run that way.
    Thank in advance

    WayMB

  2. #2

  3. #3
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,433
    Quote Originally Posted by WayMB View Post
    Is it possible to get the same result with the cap50 wireless controller? ...the router i have cannot handle VLANs, so there is no possibility to run that way
    No, not possible usings ACLs. AC50 uses VLANs for isolating user groups. But you could terminate the VLANs in a managed switch and connect either two routers or one router with a separate guest network (many routers offer this) to untagged ports of this managed switch.
    Last edited by R1D2; 01-16-2018 at 02:37.

  4. #4
    Junior Member ACC55 is on a distinguished road
    Join Date
    Feb 2018
    Posts
    1
    Hi, I'd like to expand on the question, since I'm looking for a similar solution, i.e. separate SSIDs for corporate and guest clients, with the guests limited to Internet access and prevented from reaching the corporate network.
    I am using multiple CAP1750s, but that is for improved coverage only, so I'm not sure that the example in http://forum.tp-link.com/showthread....mp-AC-products does apply.

    For simplicity let's assume that I have only one single CAP1750, and one AC50 (192.168.254.254/24).
    I do have two dedicated routers, one used by the corporate LAN (router IP 192.168.10.1/24) and one intended for the guest network (router IP 192.168.20.1/24).
    Everything is connected by a single PoE switch (D-Link GS1900, web smart, i.e. VLAN support but no routing or such).

    On the AC50 I have created two SSIDs, with the AC's global DHCP Server option set to "CAP only", since I'd like the clients to use their respective router's DHCP server.
    The CAP does get its IP from the AC in the 192.168.254.x/24 range.

    Now how would I go about directing/limiting traffic from the guest SSID/clients to the guest router and from the corporate SSID/clients to the corporate router?

    Thanks for your time, let me know if further information is needed.

  5. #5
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,433
    Quote Originally Posted by ACC55 View Post
    For simplicity let's assume that I have only one single CAP1750, and one AC50 (192.168.254.254/24).
    That's your mgmt subnet for communication between the AP and the AC50. Assign it to a mgmt VLAN, connect the AC50 to it.

    I do have two dedicated routers, one used by the corporate LAN (router IP 192.168.10.1/24) and one intended for the guest network (router IP 192.168.20.1/24).
    This are the subnets to be separated by VLANs with a separate SSID assigned to each VLAN.

    Now how would I go about directing/limiting traffic from the guest SSID/clients to the guest router and from the corporate SSID/clients to the corporate router?
    Traffic is sent to the default gateway sent to the clients by the DHCP servers running on each of the two routers. No special routing is needed. Just make sure router 1 is in the same (corporate) VLAN the corporate SSID is assigned to and router 2 is in the same (guest) VLAN the guest SSID is assigned to.


 

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Copyright 1996-2018 TP-LINK Technologies Co., Ltd. All rights reserved.