Thread Info
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Hotspot and Cisco APs

Oliver Kess

We use the Hotspot functionality of the UTM and have integrated the Cisco Access Point Solution. 

We use Firmware 9.408-4 on the SG 230

 

As long as we do not involve the hotspot Functionality but try  to access the provoded Guest WLAN through the Access Points directly, it works. 

But we want the Voucher Services from the Sophos UTM to regulate guest access.

 

If we enable the Hotspot function, we are no longer able to access the internet or  the voucher web page from the Computer that is in the guest wlan.

The VLAN we setup is 254.

Thus we provied a DHCP Server in this net and enabled NAT Masquerading as several best practise guides recommended.

 

I can reach the network 10.0.254.x, I do get a DHCP Address from the Sophos UTM and although the settings are made

I cannot ping the 10.0.254.254 address and do not get the login webpage. 

It seems as somehow the route is not set or working correctly.

 

I can ping the guest network of the WLAN Controller.

I would be happy if someone could provide me with a solution or point me in a direction where to look further.

 

regards

Oliver K.



This thread was automatically locked due to age.
  • 0

    Cisco AP's? What AP's are these? AFAIK, the Sophos hotspots will only work with Sophos AP's....

    • 0 in reply to Louis-M

      Louis, the rest of Wireless Protection only works with Sophos APs, but Hotspots will work on any Interface, even wired ones, so an interface connected to a network of Cisco APs could use UTM Hotspot.

      Cheers - Bob

       
      Sophos UTM Community Moderator
      Sophos Certified Architect - UTM
      Sophos Certified Engineer - XG
      Gold Solution Partner since 2005
      MediaSoft, Inc. USA
      • 0 in reply to BAlfson

        Oddly enough Bob, I was just looking at this the other day and was surprised when the login popped up when I enabled it.

        It's a nice little feature to have for sure.

        • 0 in reply to Louis-M

          Do I need a dedicated interface connecting to Cisco AP to use hotspot feature?

          • 0 in reply to Usbkey

            Yes.

            Cheers - Bob

             
            Sophos UTM Community Moderator
            Sophos Certified Architect - UTM
            Sophos Certified Engineer - XG
            Gold Solution Partner since 2005
            MediaSoft, Inc. USA
            • 0 in reply to BAlfson

              BAlfson said:

              Louis, the rest of Wireless Protection only works with Sophos APs, but Hotspots will work on any Interface, even wired ones, so an interface connected to a network of Cisco APs could use UTM Hotspot.

              Cheers - Bob

               

              How can I set up an ap to work with UTM hotspot? I have 2 sophos AP30 using it but I'd like to add an aruba 93 to extend the signal.

              • 0 in reply to Sam0927

                The basic idea is 

                If you AP supports VLAN then you can create a SSID map to VLAN and then create a wifi hotspot associated to the same VLAN on your UTM

                 

                • 0 in reply to Usbkey

                  Usbkey said:

                  The basic idea is 

                  If you AP supports VLAN then you can create a SSID map to VLAN and then create a wifi hotspot associated to the same VLAN on your UTM

                   

                  I have 2 Sophos AP30 running a Guest Hotspot on a dedicated subnet, I want to add my aruba to the same existing hotspot, not to create one. Thank you.

                  • 0 in reply to Sam0927

                    It is even easier.

                     

                    Create a SSID as the same name of you guest WIFI on your aruba AP

                    Map this SSID to your dedicated subnet for guest

                     

                    Done !

                     

                    But of course in future if you want to change password then you will have to login to HP Aurba AP to change it as it can not be managed from UTM

                    • 0 in reply to Usbkey

                      Usbkey said:

                      It is even easier.

                       

                      Create a SSID as the same name of you guest WIFI on your aruba AP

                      Map this SSID to your dedicated subnet for guest

                       

                      Done !

                       

                      But of course in future if you want to change password then you will have to login to HP Aurba AP to change it as it can not be managed from UTM

                       

                       

                      Yes, but doing like that the voucher would be managed by aruba if connected to it, while from utm if connected to the sophos ones.

                      Is there no way to manage them all from utm?

                      • 0 in reply to Sam0927

                        I don't have any experience with HP Aruba APs, but I think you just don't use hotspot feature on Aruba APs. Use your UTM device to manage vouchers.

                        Manage Aruba AP from Sophos UTM? that will be a nice feature to have and I vote for Cisco AP as well.

                        • 0 in reply to Usbkey

                          Usbkey said:

                          I don't have any experience with HP Aruba APs, but I think you just don't use hotspot feature on Aruba APs. Use your UTM device to manage vouchers.

                          Manage Aruba AP from Sophos UTM? that will be a nice feature to have and I vote for Cisco AP as well. 

                          I'm trying to configure the aruba side to work with the existing hotspot.

                          Having hard times doing so, anyone here has experience with Instant manager?

                          Thank you.

                      • 0

                        Hi,

                        i think you enable DNS for this VLAN too.?

                        Try to connect a computer  with wire to this VLAN.

                        does the Hostspot function work?

                        Do you get access to the internet?

                         

                        Do you use a standalone  accesspoint or a controller based solution from cisco?

                        Some Cisco devices block some traffic.

                        Try a more simple accesspoint.

                         


                        Dirk

                        Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
                        Sophos Solution Partner since 2003
                        If a post solves your question, click the 'Verify Answer' link at this post.

                        • 0

                          Hi, Oliver, and welcome to the UTM Community!

                          This should work, so there must be something that you don't realize you need to tell us.  First, does #1 in Rulz give you any hints?

                          If that doesn't shine a light on the problem, please show us pictures of the relevant configurations.

                          Cheers - Bob

                           
                          Sophos UTM Community Moderator
                          Sophos Certified Architect - UTM
                          Sophos Certified Engineer - XG
                          Gold Solution Partner since 2005
                          MediaSoft, Inc. USA