This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Wireless Guest AP on eth2

Hello,

i have to configure 2 Wireless netzworks for my customer.

One internal which was no problem to configure, and one Guest WLAN.

I'd like to connect the AP for the Guest Access to its own interface.

This should be eth2.

 

I'm using one AP15 for internal and one AP55 for the Guestnetwork

Now i have a Guest Wlan (on wlan0) on one side and a AP55 on eth2 at the other side.

I can not find the logical connection from eth2 to wlan0.

thank you for your help

Tibor



This thread was automatically locked due to age.
Parents
  • Odi, you can put both Internal and Guest on both APs, all on the same LAN.  I usually make the Internal SSID/network "Bridge to LAN" with the SSID hidden.  I make the Guest SSID/network a Separate Zone with Client isolation enabled.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Odi, you can put both Internal and Guest on both APs, all on the same LAN.  I usually make the Internal SSID/network "Bridge to LAN" with the SSID hidden.  I make the Guest SSID/network a Separate Zone with Client isolation enabled.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • I was afraid of this answer ;-)

     

    But what if i'd like to follow your Guide:

    Configure HTTP Proxy for a Network of Guests

     

    II. Topology

    Guests should be on a separate subnet and on a different interface from your normal, internal
    networks.

     

    I'm not feeling well having both WLAN's on one network interface.

  • You can feel perfectly well when you have both SSID's on the same AP (and thus connected to the same physical interface). Since you can create a separated (virtual) interface for the Guest SSID, it will be totally separated from the other networks. The different interface is more needed for wired guest connections and/or access points not managed by Sophos UTM.

    If you do insist on physically separating them, then you can connect the guest AP to its own interface and create an SSID that's only attached to the AP you connect to this interface. You can then bind the SSID to this same interface but it's really not necessary and by using both AP's for both SSID's you can increase your Wifi range by placing them farther apart from each other.


    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • As apijnappels says - no worries!  You will have two virtual NICs, wlan0 and wlan1.  With one of those, you will create an Interface definition that is separate from "Internal."  When you don't bridge an SSID to the LAN, all of its traffic to the UTM is sent in a variation of a RED tunnel.  If the UTM goes down, devices using the Guest SSID will not be able to do anything.  The devices on the SSID bridged to the LAN will still be able to communicate inside the LAN.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA