Description: This document describes how a LANCOM LW-500 can be used to implement a Public Spot scenario using a LANCOM device with Public Spot capability and VLAN. Requirements: Scenario: - An existing network infrastructure is to be supplemented by a Public-Spot Wi-Fi network for guests, where guests only have access to the Internet.
- Access to the management network (INTRANET) is prohibited to guests.
- A LANCOM managed switch of the type GS-23xx is used as a central network component.
- One or more LANCOM LW-500s should broadcast both the in-house Wi-Fi with the SSID “INTRANET” as well as the Public Spot Wi-Fi “GUEST”. Users login to Public Spot on the GUEST Wi-Fi by means of the user credentials issued to them.
This configuration example assumes the following: - All components already have a basic configuration and can be reached on the local network
- The central gateway has a functional Internet connection
 Procedure: 1) Configuration steps on the central gateway: 1.1) Open the configuration dialog for the LANCOM router and switch to the menu item IPv4 → General → IP networks. 1.2) Open the entry for the network INTRANET. In this example, the INTRANET network is given the VLAN-ID 1. 1.3) Create a new IP network with the name GUEST and give it the VLAN-ID 2 along with the other IP parameters. 1.4) In this example, the LANCOM router operates as a DHCP server for both networks. 1.5) For the new GUEST network, add an entry to the menu IPv4 → DHCPv4 → DHCP networks. 1.6) Navigate to the menu Interfaces → VLAN → VLAN table. - Modify the Default_VLAN by adding the logical network LAN-1 under Port list.
- Add a new entry called GUEST and assign the VLAN-ID 2 to it along with the logical network LAN-1.
1.7) Now check the Port table to make sure that the logical network LAN-1 is set with the tagging mode “Hybrid (mixed)” and that it is assigned the port ID 1. This is the default setting. 1.8) Then enable the VLAN module in the LANCOM router. 1.9) Navigate to the menu Public Spot → Authentication and select the desired authentication mode. 1.10) Open the menu Public Spot → Server → Operational settings → Interfaces and enable user authentication for the logical network LAN-1. 1.11) Open the menu Public Spot → Server → Operational settings → VLAN table and assign VLAN-ID 2 as used by the GUEST network to the Public Spot. 1.12) Open the menu Firewall/QoS → IPv4 rules → Rules and add two new firewall rules. - The rule ALLOW_GUEST_DNS ensures that DNS resolution can be performed on the GUEST network.
- The rule DENY_GUEST_INTRANET ensures that the GUEST network cannot access the management network INTRANET.
2) Configuration steps on the LANCOM switch: 2.1) Open the configuration of the switch, go to VLAN → VLAN Membership and add the two VLANs. Activate the ports that the VLANs belong to: - VLAN-1: VLAN-ID 1 / INTRANET network / all ports
- VLAN-2: VLAN-ID 2 / GUEST network / ports 1 and 2
2.2) Click on Apply to save the configuration. 2.3) Save the current configuration as the start configuration in the menu Maintenance → Save/Restore → Save Start.
3) Configuration steps on the LANCOM LW-500: 3.1) Open the configuration of the LANCOM LW-500 and go to the menu item Wireless LAN → WLAN networks. 3.2) Create a new SSID for the guest Wi-Fi. - Enter a name for the entry.
- In this example, the SSID for the guests should be broadcast as GUEST.
- Make sure you set the encryption profile to P-NONE.
- Since the guest network has VLAN-ID 2, this has to be entered into the appropriate field of the SSID configuration.
3.3) Write the configuration back to the access point. This concludes the configuration.
| 
