Configuring N4000 core switch to limit the Guess Wireless VLAN - Networking - Forum - Networking - Dell Community

Configuring N4000 core switch to limit the Guess Wireless VLAN

Networking

Networking
Learn how to modernize & transform the network with the latest solutions from Dell Data Center, Campus and Wireless networking solutions.

Configuring N4000 core switch to limit the Guess Wireless VLAN

This question has been answered by DELL-Daniel C

Hi,

I have a dedicated VLAN for Guess Wireless clients. As expected I only want to give them access to the internet and DHCP+DNS nothing else.

Guess VLAN ID is 1033

How I should configure my core router (N4000) ?

Verified Answer
  • Sorry about that, I had the syntax off a bit.

    Try it this way.

    ROUTER(config-ip-acl)#permit ip 10.33.0.0 0.0.248.255 10.20.0.50 10

    Daniel Covey
    Dell EMC | Enterprise Support Services
    Get support on Twitter: @DellCaresPRO

    Download our QRL app: iOSAndroidWindows

All Replies
  • The two options that come to mind are ACLs and private VLANs.

    Here is an ACL guide on the older PowerConnect switches, but the concepts are the same.

    http://dell.to/1AACg9V

    Page 675 of the user guide also details ACLs and their use.

    http://dell.to/1WFiTWT

    You could setup specific permit rules for the internet gateway, DHCP, and DNS IP addresses, and then deny all other access.

    Private VLANs are detailed on page 755 of the user guide and may be another option to look into.

    Daniel Covey
    Dell EMC | Enterprise Support Services
    Get support on Twitter: @DellCaresPRO

    Download our QRL app: iOSAndroidWindows

  • Hi Daniel,

    Thanks for your reply but I am a bit lost. ACL seems easier but commands haven't been recognized by N4032 (Firmware 6.3.2.7) core switch/router (10.20.0.254). Is it too much if I ask you script the commands according to environment below please?

    VLAN Name VLAN ID IP
    Guest_VLAN 1033 10.33.0.0 /21
    Server_VLAN 1020 10.20.0.0 /24
    DHCP Server 10.20.0.50 /24
    DNS Server 10.20.0.60 /24
    UTM/Firewall 10.20.0.1 /24
    Gateway/Router 10.20.0.254
    STAFF_VLAN 1040 10.40.0.1 /21
    LIBRARY_VLAN 1070 10.70.0.1 /24
    PRINTER_VLAN 1080 10.80.0.1 /24
                                                                                                                            
  • We can use one of the examples from the user guide, and modify it to fit your needs.

    console(config)#ip access-list GuestVLAN
    console(config-ip-acl)#10 permit ip 10.33.0.0 0.0.248.255 10.20.0.50
    console(config-ip-acl)#20 permit ip 10.33.0.0 0.0.248.255 10.20.0.60
    console(config-ip-acl)#30 permit ip 10.33.0.0 0.0.248.255 10.20.0.1
    console(config-ip-acl)#40 permit ip 10.33.0.0 0.0.248.255 10.20.0.254
    console(config-ip-acl)#exit
    console(config)#interface gi1/0/1
    console(config-if-gi1/0/1)#ip access-group GuestVLAN in 10
    console(config-if-gi1/0/1)#
    exit
    If something does not appear to work, please include information on the command you ran and the results.

    Daniel Covey
    Dell EMC | Enterprise Support Services
    Get support on Twitter: @DellCaresPRO

    Download our QRL app: iOSAndroidWindows

  • Hi Daniel,

    I think commands are not recongnized with this switch. I'd like to remind that my swicth is  N4032 (Firmware 6.3.2.7)


    ROUTER(config)#ip access-list GuestWireless
    ROUTER(config-ip-acl)#10 permit ip 10.33.0.0 0.0.248.255 10.20.0.50
    Command not found / Incomplete command. Use ? to list commands.


  • Sorry about that, I had the syntax off a bit.

    Try it this way.

    ROUTER(config-ip-acl)#permit ip 10.33.0.0 0.0.248.255 10.20.0.50 10

    Daniel Covey
    Dell EMC | Enterprise Support Services
    Get support on Twitter: @DellCaresPRO

    Download our QRL app: iOSAndroidWindows

  • Thank you so much Daniel, very much appreciated with your help.

    Kind regards