no internet access on guest SSID on netgear WNR2000 router
up vote
3
down vote
favorite
I have a WNR2000v2 Netgear router that I want to put on our company's network. My boss wanted me to set up two SSIDs, one is for guests and the other is for employees. He wanted the guest wireless account configured for internet access ONLY, which means that any guests connected to this SSID should not be able to see any company computers.
I've never configured a router this way so I did some research and found out that since my company's network already has a DHCP server and a gateway that I have to disable DHCP on the router and plug the ethernet cable connected to my gateway into one of the LAN ports, NOT the WAN port. I did this and entered the IP addresses of my company's gateway, DHCP servers, and DNS servers. Then I setup the two SSIDs and I restarted the router. First, I connected to the Non-Guest SSID, it connected without a problem and gave my computer a company IP address (10.*..132, not a 192.168.1.*** address) and I had internet access. I took this as a good sign because it tells me that my companies DHCP server is assigning the IP address, not the router. Then I tried connecting to the Guest SSID. I was able to connect to the SSID and it gave me a company IP address, but I was not able to get internet access.
Since I've never set up a guest wifi SSID like this before I'm not sure where to go from here. Is what I'm trying to do possible with this router? I would like to set it up so that computers connected to the guest SSID can access the internet. Any help would be much appreciated. Thanks.
networking wireless-networking router wireless-router
asked Apr 23 '13 at 19:41
b10hazard
14538
add a comment |
up vote
3
down vote
favorite
I have a WNR2000v2 Netgear router that I want to put on our company's network. My boss wanted me to set up two SSIDs, one is for guests and the other is for employees. He wanted the guest wireless account configured for internet access ONLY, which means that any guests connected to this SSID should not be able to see any company computers.
I've never configured a router this way so I did some research and found out that since my company's network already has a DHCP server and a gateway that I have to disable DHCP on the router and plug the ethernet cable connected to my gateway into one of the LAN ports, NOT the WAN port. I did this and entered the IP addresses of my company's gateway, DHCP servers, and DNS servers. Then I setup the two SSIDs and I restarted the router. First, I connected to the Non-Guest SSID, it connected without a problem and gave my computer a company IP address (10.*..132, not a 192.168.1.*** address) and I had internet access. I took this as a good sign because it tells me that my companies DHCP server is assigning the IP address, not the router. Then I tried connecting to the Guest SSID. I was able to connect to the SSID and it gave me a company IP address, but I was not able to get internet access.
Since I've never set up a guest wifi SSID like this before I'm not sure where to go from here. Is what I'm trying to do possible with this router? I would like to set it up so that computers connected to the guest SSID can access the internet. Any help would be much appreciated. Thanks.
networking wireless-networking router wireless-router
asked Apr 23 '13 at 19:41
b10hazard
14538
1
Sounds like you want to use the router as an access point (“put it on the network”). In that case, the guest network mode will not work. It relies on the fact that the router does the routing, which is not the case in AP mode.
– Daniel B
Jun 10 '17 at 9:40
add a comment |
up vote
3
down vote
favorite
up vote
3
down vote
favorite
I have a WNR2000v2 Netgear router that I want to put on our company's network. My boss wanted me to set up two SSIDs, one is for guests and the other is for employees. He wanted the guest wireless account configured for internet access ONLY, which means that any guests connected to this SSID should not be able to see any company computers.
I've never configured a router this way so I did some research and found out that since my company's network already has a DHCP server and a gateway that I have to disable DHCP on the router and plug the ethernet cable connected to my gateway into one of the LAN ports, NOT the WAN port. I did this and entered the IP addresses of my company's gateway, DHCP servers, and DNS servers. Then I setup the two SSIDs and I restarted the router. First, I connected to the Non-Guest SSID, it connected without a problem and gave my computer a company IP address (10.*..132, not a 192.168.1.*** address) and I had internet access. I took this as a good sign because it tells me that my companies DHCP server is assigning the IP address, not the router. Then I tried connecting to the Guest SSID. I was able to connect to the SSID and it gave me a company IP address, but I was not able to get internet access.
Since I've never set up a guest wifi SSID like this before I'm not sure where to go from here. Is what I'm trying to do possible with this router? I would like to set it up so that computers connected to the guest SSID can access the internet. Any help would be much appreciated. Thanks.
networking wireless-networking router wireless-router
asked Apr 23 '13 at 19:41
b10hazard
14538
I have a WNR2000v2 Netgear router that I want to put on our company's network. My boss wanted me to set up two SSIDs, one is for guests and the other is for employees. He wanted the guest wireless account configured for internet access ONLY, which means that any guests connected to this SSID should not be able to see any company computers.
I've never configured a router this way so I did some research and found out that since my company's network already has a DHCP server and a gateway that I have to disable DHCP on the router and plug the ethernet cable connected to my gateway into one of the LAN ports, NOT the WAN port. I did this and entered the IP addresses of my company's gateway, DHCP servers, and DNS servers. Then I setup the two SSIDs and I restarted the router. First, I connected to the Non-Guest SSID, it connected without a problem and gave my computer a company IP address (10.*..132, not a 192.168.1.*** address) and I had internet access. I took this as a good sign because it tells me that my companies DHCP server is assigning the IP address, not the router. Then I tried connecting to the Guest SSID. I was able to connect to the SSID and it gave me a company IP address, but I was not able to get internet access.
Since I've never set up a guest wifi SSID like this before I'm not sure where to go from here. Is what I'm trying to do possible with this router? I would like to set it up so that computers connected to the guest SSID can access the internet. Any help would be much appreciated. Thanks.
networking wireless-networking router wireless-router
networking wireless-networking router wireless-router
asked Apr 23 '13 at 19:41
b10hazard
14538
asked Apr 23 '13 at 19:41
b10hazard
14538
asked Apr 23 '13 at 19:41
b10hazard
14538
asked Apr 23 '13 at 19:41
b10hazard
14538
asked Apr 23 '13 at 19:41
b10hazard
14538
14538
1
Sounds like you want to use the router as an access point (“put it on the network”). In that case, the guest network mode will not work. It relies on the fact that the router does the routing, which is not the case in AP mode.
– Daniel B
Jun 10 '17 at 9:40
add a comment |
1
Sounds like you want to use the router as an access point (“put it on the network”). In that case, the guest network mode will not work. It relies on the fact that the router does the routing, which is not the case in AP mode.
– Daniel B
Jun 10 '17 at 9:40
1
1
Sounds like you want to use the router as an access point (“put it on the network”). In that case, the guest network mode will not work. It relies on the fact that the router does the routing, which is not the case in AP mode.
– Daniel B
Jun 10 '17 at 9:40
Sounds like you want to use the router as an access point (“put it on the network”). In that case, the guest network mode will not work. It relies on the fact that the router does the routing, which is not the case in AP mode.
– Daniel B
Jun 10 '17 at 9:40
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
Alright your problem can be broken down into two main things here.
- You need clients to have company access on a secure SSID
- You need guests to only have internet access on an open SSID
Now, for the first problem, you need to set up the router so that all DHCP requests are forwarded to your DHCP server. These clients need to behave as if they were plugged into the network. Your DHCP server must be involved because they are usually interfaced with AD & DNS. It sounds like you've already managed to do this. This should be placed on your company VLAN so the traffic is treated as such.
For, your second problem, these clients should behave as if they originated in a DMZ (De-Militarized Zone). They should have no company access, and only able to access internet exterior to your network. Typical implementations would have you create a separate VLAN for these clients so their DHCP requests are responded to ONLY by a DHCP server that handles this type of thing. If you already have a DMZ DHCP server then set it up to listen to that VLAN (If you have a webserver it can sometimes be serviced by this). If you have only one DHCP server that handles both, you need to make sure it can differentiate and assign addresses to that VLAN and that all traffic is routed/switched through this DMZ with no access to the company VLAN.
I know this may look complicated, but this is the necessary steps to have the traffic entirely differentiated from each other.
answered May 23 '13 at 19:07
Will.Beninger
1,349724
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Alright your problem can be broken down into two main things here.
- You need clients to have company access on a secure SSID
- You need guests to only have internet access on an open SSID
Now, for the first problem, you need to set up the router so that all DHCP requests are forwarded to your DHCP server. These clients need to behave as if they were plugged into the network. Your DHCP server must be involved because they are usually interfaced with AD & DNS. It sounds like you've already managed to do this. This should be placed on your company VLAN so the traffic is treated as such.
For, your second problem, these clients should behave as if they originated in a DMZ (De-Militarized Zone). They should have no company access, and only able to access internet exterior to your network. Typical implementations would have you create a separate VLAN for these clients so their DHCP requests are responded to ONLY by a DHCP server that handles this type of thing. If you already have a DMZ DHCP server then set it up to listen to that VLAN (If you have a webserver it can sometimes be serviced by this). If you have only one DHCP server that handles both, you need to make sure it can differentiate and assign addresses to that VLAN and that all traffic is routed/switched through this DMZ with no access to the company VLAN.
I know this may look complicated, but this is the necessary steps to have the traffic entirely differentiated from each other.
answered May 23 '13 at 19:07
Will.Beninger
1,349724
add a comment |
up vote
0
down vote
Alright your problem can be broken down into two main things here.
- You need clients to have company access on a secure SSID
- You need guests to only have internet access on an open SSID
Now, for the first problem, you need to set up the router so that all DHCP requests are forwarded to your DHCP server. These clients need to behave as if they were plugged into the network. Your DHCP server must be involved because they are usually interfaced with AD & DNS. It sounds like you've already managed to do this. This should be placed on your company VLAN so the traffic is treated as such.
For, your second problem, these clients should behave as if they originated in a DMZ (De-Militarized Zone). They should have no company access, and only able to access internet exterior to your network. Typical implementations would have you create a separate VLAN for these clients so their DHCP requests are responded to ONLY by a DHCP server that handles this type of thing. If you already have a DMZ DHCP server then set it up to listen to that VLAN (If you have a webserver it can sometimes be serviced by this). If you have only one DHCP server that handles both, you need to make sure it can differentiate and assign addresses to that VLAN and that all traffic is routed/switched through this DMZ with no access to the company VLAN.
I know this may look complicated, but this is the necessary steps to have the traffic entirely differentiated from each other.
answered May 23 '13 at 19:07
Will.Beninger
1,349724
add a comment |
up vote
0
down vote
up vote
0
down vote
Alright your problem can be broken down into two main things here.
- You need clients to have company access on a secure SSID
- You need guests to only have internet access on an open SSID
Now, for the first problem, you need to set up the router so that all DHCP requests are forwarded to your DHCP server. These clients need to behave as if they were plugged into the network. Your DHCP server must be involved because they are usually interfaced with AD & DNS. It sounds like you've already managed to do this. This should be placed on your company VLAN so the traffic is treated as such.
For, your second problem, these clients should behave as if they originated in a DMZ (De-Militarized Zone). They should have no company access, and only able to access internet exterior to your network. Typical implementations would have you create a separate VLAN for these clients so their DHCP requests are responded to ONLY by a DHCP server that handles this type of thing. If you already have a DMZ DHCP server then set it up to listen to that VLAN (If you have a webserver it can sometimes be serviced by this). If you have only one DHCP server that handles both, you need to make sure it can differentiate and assign addresses to that VLAN and that all traffic is routed/switched through this DMZ with no access to the company VLAN.
I know this may look complicated, but this is the necessary steps to have the traffic entirely differentiated from each other.
answered May 23 '13 at 19:07
Will.Beninger
1,349724
Alright your problem can be broken down into two main things here.
- You need clients to have company access on a secure SSID
- You need guests to only have internet access on an open SSID
Now, for the first problem, you need to set up the router so that all DHCP requests are forwarded to your DHCP server. These clients need to behave as if they were plugged into the network. Your DHCP server must be involved because they are usually interfaced with AD & DNS. It sounds like you've already managed to do this. This should be placed on your company VLAN so the traffic is treated as such.
For, your second problem, these clients should behave as if they originated in a DMZ (De-Militarized Zone). They should have no company access, and only able to access internet exterior to your network. Typical implementations would have you create a separate VLAN for these clients so their DHCP requests are responded to ONLY by a DHCP server that handles this type of thing. If you already have a DMZ DHCP server then set it up to listen to that VLAN (If you have a webserver it can sometimes be serviced by this). If you have only one DHCP server that handles both, you need to make sure it can differentiate and assign addresses to that VLAN and that all traffic is routed/switched through this DMZ with no access to the company VLAN.
I know this may look complicated, but this is the necessary steps to have the traffic entirely differentiated from each other.
answered May 23 '13 at 19:07
Will.Beninger
1,349724
answered May 23 '13 at 19:07
Will.Beninger
1,349724
answered May 23 '13 at 19:07
Will.Beninger
1,349724
answered May 23 '13 at 19:07
Will.Beninger
1,349724
1,349724
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f586758%2fno-internet-access-on-guest-ssid-on-netgear-wnr2000-router%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Sounds like you want to use the router as an access point (“put it on the network”). In that case, the guest network mode will not work. It relies on the fact that the router does the routing, which is not the case in AP mode.
– Daniel B
Jun 10 '17 at 9:40