Tech Support Guy banner
Status
Not open for further replies.

Guest Setup on Cisco SG300 Switch

1K views 6 replies 2 participants last post by  morum 
#1 ·
bd

Hello,
Can you tell me what I would need, to allow a guest device internet access, but not give them access to the LAN?
I have the output from the internet router going into a sg300 box which controls the lan. If I plug a device into the router, that device also gets access to the lan. I tried playing with vlan settings on the sg300 but it seems that that will only work for vlan aware devices. Any suggestions?
Thanks
 
#2 ·
I need more details about your network. You need to post up a topology diagram. It should be simple as it appears you only have a router and a managed switch. The issue is it appears you may not have been the one who configured this setup.

Specifically, I need to know how many router interfaces/subnets you have in addition to identifying the VLANs (if any) being used. The SG300 provides very basic layer 3 functionality which can improve or complicate matters depending on how your network is currently set up.

The main issue I have is based on your line of questioning, I don't think you possess the knowledge necessary to configure the network devices to do what we need them to do. It's one thing to provide hints and pointers on how to accomplish a specific task. It's another to have to walk someone all the way through configuring the network devices to include specific commands or clicks on a GUI.
 
#3 ·
bd

Thank you. It's true that I don't posses the knowledge presently, but I'm pretty good at figuring things out if you point me in the right direction. The topology is as simple as it sounds.
A dir601 router. An sg300-20 which serves 5 computers, 2 nas, and 3 printers. I sometimes use the wireless of the 601 to connect a laptop to a printer or nas. It may anyway be time to upgrade the 601. The only functional configuration that has been done to the sg300 is allocating bandwidth.
Thank you for your help.
 
#4 ·
I need to know if you only have one IP subnet configured on your network. If this is the case the 601 is acting as the overall router. While simple, this is going to complicate the network configuration to add in the guest component. One way to configure guest access focused on the SG300 is for you to create a separate VLAN for guest access. Then configure a routing interface on the SG300 on a new IP subnet you create for the guest clients. On the VLAN for your regular traffic you have to configure a router interface on the SG300 with an IP that is not being used and outside of the DHCP scope configured on the 601. Next on the SG300, you have to create a default route to point to the 601 as the gateway for all routed traffic. Finally, you would need to create an ACL rule to block all traffic on your LAN with the exception of the IP for the 601.

The final hurdle is you'll need to set up a DHCP server which to hand out IP addresses on the Guest network. Normally, I would say set up a DHCP relay on the SG300 and forward DHCP requests over to the DHCP server. But the 601 is probably your only DHCP server and can only do one DHCP scope.

Since this is a business, I personally feel you need to get some different hardware. One which supports captive portal that provides you the ability to put up an acceptable use policy before anyone connects. And I haven't even talked about any wireless requirements which is a totally different discussion and integration topic.
 
#6 ·
After looking at the datasheet, it appears the SG300 can act as a DHCP server. And it appears there may be a built in guest VLAN function. Here is the SG300 page with various documentation:

https://www.cisco.com/c/en/us/support/switches/sg300-28-28-port-gigabit-managed-switch/model.html

I did a search online for SG300 guest vlan and found some hits where people were asking for advice on getting it to work. So it doesn't seem so straight forward.

For different hardware, I have experience with Aruba Networks wireless equipment. Their Instant Access Points have a built in Guest wireless feature which a basic captive portal function if you choose to use it. The nice thing is the access point handles everything on its end which includes the ability to provide DHCP services for guest clients and routing that through to the Internet. I have this set up at my vacation property for guests to use.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top