"Mike Webb" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I've got a WLAN as part of our network. Six AP's (D-Link DWL-2200AP;s)
> and a managed switch (D-Link DES-3828). One AP is wired to the switch with
> an IP on the LAN - 192.168.16.x. Two SSID's - one for access to the LAN
> (it is WPA2 enabled) and the other is for guests/visitors (no security)
> [we are alone in a avery rural area].
If the AP only has one IP# then the two SSIDs are using the same network,
therefore the network is unsecured because everyone can just connect to the
Guest SSID instead of the LAN SSID and still get to the same place. Unless
the AP is capable of using the VLANs with a Virtual interface for each VLAN,
and the VLANs are separated from each other by a LAN Router running
ACLs,...the Guest SSID is serving no real purpose other than to provide a
"way around" the LAN SSID
> On the switch I have 3 VLAN's -- System (default), LAN and Guest.
Ok, but those are just "human friendly" names for the VLANs,...they have to
actually run on separate IP Segments and that is what really distiguishes
them from one another at the network level. Also a Switch may have
VLANs,..but a Switch cannot route between the VLAN so it is usless by
itself. There has to be a LAN Router to route between the IP Segments to
handle routing (and possibly ACLs) between them. Now there are Layer3
Switches that are a Switch and a LAN Router built into the same
hardware,..but you need to indicate if you have that,...if you just call it
a Switch then a Switch is all we think you have. For clarity, with a Layer3
Switch you need to call it a "Switch" when refering to the Layer2 Switching
functions,...but refer to it as a Router when refering to its Layer3 routing
function (treat it like it was two separeate devices).
> I have configured a static route pointing to the internal network. I
> created one IP interface (I don't really understand them), pointing to the
> internal network.
I don't understand what you are talking about there. I see no need for a
static route in a fairly simple three-subnet LAN.
> I am testing this setup with the notebook. It can detect the 2 SSID's
> fine, but I can't conect. The notebook diagnostics say it is getting no
> response from the AP. Checked the log of the AP - nothing there, and no
> client info. Checked the Security Log in Event Viewer on the server (Small
> Business Server 2003 Premium SP2) and saw Event ID's 529 and 680 for the
> attempts. Apparently the access is being passed right to the server to
> verify the credentials -- although I was not given a login window. (same
> results for either SSID)
I don't understand your environment well enough to make any other comments
yet.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Similar Threads
Linear Mode
