To offer WLAN access for Notebooks in some home offices using an AP10 or AP30 behind a RED looks like a good solution. WLAN access is protected with WPA2 Enterprise/Radius and RED is configured with Transparent/Split to allow access to local devices like printer and NAS in the home office which is connected outside of the RED local network. That configuration works so far flawlessly.
For those who want to use this combination: You have to add the Network 1.2.3.4/32 in "Split Networks" of the RED as the host ip address 1.2.3.4 is the management server for the Astaro WLAN APs on the ASG which the AP tries to contact to acquire its configuration.
Now I want to prevent access from the RED LAN ports to the Company LAN as the LAN ports are not protected with 801.1x or MAC blacklist or anything else. As with Transparent/Split you don't have any control over the IP addresses of the devices behind the NAT and hence cannot filter them on the ASG, the only solution looks like using VLAN for the AP10 or AP30.
Does the combination AP10/AP30 over RED allows for VLAN?
network diagram:
Company LAN
|
ASG
|
Internet
|
Client-Router with NAT
|
+--- printer
|
+--- NAS
|
+--- RED --- AP10/AP30 --- Notebook
This thread was automatically locked due to age.