1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Guest Setup on Cisco SG300 Switch

Discussion in 'Networking' started by morum, Jan 17, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. morum

    morum Thread Starter

    Joined:
    Jan 16, 2019
    Messages:
    7
    bd

    Hello,
    Can you tell me what I would need, to allow a guest device internet access, but not give them access to the LAN?
    I have the output from the internet router going into a sg300 box which controls the lan. If I plug a device into the router, that device also gets access to the lan. I tried playing with vlan settings on the sg300 but it seems that that will only work for vlan aware devices. Any suggestions?
    Thanks
     
  2. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,130
    I need more details about your network. You need to post up a topology diagram. It should be simple as it appears you only have a router and a managed switch. The issue is it appears you may not have been the one who configured this setup.

    Specifically, I need to know how many router interfaces/subnets you have in addition to identifying the VLANs (if any) being used. The SG300 provides very basic layer 3 functionality which can improve or complicate matters depending on how your network is currently set up.

    The main issue I have is based on your line of questioning, I don't think you possess the knowledge necessary to configure the network devices to do what we need them to do. It's one thing to provide hints and pointers on how to accomplish a specific task. It's another to have to walk someone all the way through configuring the network devices to include specific commands or clicks on a GUI.
     
    morum likes this.
  3. morum

    morum Thread Starter

    Joined:
    Jan 16, 2019
    Messages:
    7
    bd

    Thank you. It's true that I don't posses the knowledge presently, but I'm pretty good at figuring things out if you point me in the right direction. The topology is as simple as it sounds.
    A dir601 router. An sg300-20 which serves 5 computers, 2 nas, and 3 printers. I sometimes use the wireless of the 601 to connect a laptop to a printer or nas. It may anyway be time to upgrade the 601. The only functional configuration that has been done to the sg300 is allocating bandwidth.
    Thank you for your help.
     
  4. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,130
    I need to know if you only have one IP subnet configured on your network. If this is the case the 601 is acting as the overall router. While simple, this is going to complicate the network configuration to add in the guest component. One way to configure guest access focused on the SG300 is for you to create a separate VLAN for guest access. Then configure a routing interface on the SG300 on a new IP subnet you create for the guest clients. On the VLAN for your regular traffic you have to configure a router interface on the SG300 with an IP that is not being used and outside of the DHCP scope configured on the 601. Next on the SG300, you have to create a default route to point to the 601 as the gateway for all routed traffic. Finally, you would need to create an ACL rule to block all traffic on your LAN with the exception of the IP for the 601.

    The final hurdle is you'll need to set up a DHCP server which to hand out IP addresses on the Guest network. Normally, I would say set up a DHCP relay on the SG300 and forward DHCP requests over to the DHCP server. But the 601 is probably your only DHCP server and can only do one DHCP scope.

    Since this is a business, I personally feel you need to get some different hardware. One which supports captive portal that provides you the ability to put up an acceptable use policy before anyone connects. And I haven't even talked about any wireless requirements which is a totally different discussion and integration topic.
     
    morum likes this.
  5. morum

    morum Thread Starter

    Joined:
    Jan 16, 2019
    Messages:
    7
    bd

    Thank you. It sounds like I should rather use the sg300 as the DHCP server. It might give more robust capabilities than the 601. Do you agree?
    Also, what 'different hardware' would you suggest?
    Thanks.
     
  6. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,130
    After looking at the datasheet, it appears the SG300 can act as a DHCP server. And it appears there may be a built in guest VLAN function. Here is the SG300 page with various documentation:

    https://www.cisco.com/c/en/us/support/switches/sg300-28-28-port-gigabit-managed-switch/model.html

    I did a search online for SG300 guest vlan and found some hits where people were asking for advice on getting it to work. So it doesn't seem so straight forward.

    For different hardware, I have experience with Aruba Networks wireless equipment. Their Instant Access Points have a built in Guest wireless feature which a basic captive portal function if you choose to use it. The nice thing is the access point handles everything on its end which includes the ability to provide DHCP services for guest clients and routing that through to the Internet. I have this set up at my vacation property for guests to use.
     
    morum likes this.
  7. morum

    morum Thread Starter

    Joined:
    Jan 16, 2019
    Messages:
    7
    bd

    Thank you. I won't get to trying this till next week so you may hear from me then.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Guest Setup Cisco
  1. morum
    Replies:
    4
    Views:
    423
  2. Buddy2020
    Replies:
    7
    Views:
    502
  3. Dioni01
    Replies:
    1
    Views:
    360
  4. SneakySssnake
    Replies:
    4
    Views:
    520
  5. rakeshoza
    Replies:
    6
    Views:
    281
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1222025

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice