Configuring VLAN Tagging between Netscreen and Netgear WNDAP360

  1. Netgear:  Configure VLAN tagging on all Netgear Security Profiles
    1. Configuration -> Security -> Profile Settings
      1. Select each enabled profile, and choose Edit
        1. Assign a unique VLAN ID to each Profile
    2. Configuration -> IP -> IP Settings
      1. Select DHCP Client enable (so Netgear will be accessible after enabling VLANs on Netscreen)
  2. Netscreen:
    1. Create  VLAN configuration
      1. unset interface vlan1 ip
      2. set interface ethernet0/3.1 ip 6.6.6.254/24
      3. set interface ethernet0/3.1 nat
      4. set interface ethernet0/3.2 ip 6.6.7.254/24
      5. set interface ethernet0/3.2 nat
      6. set interface ethernet0/3.1 dhcp server service
      7. set interface ethernet0/3.2 dhcp server service
      8. set interface ethernet0/3.1 dhcp server enable
      9. set interface ethernet0/3.2 dhcp server enable
      10. set interface ethernet0/3.1 dhcp server option gateway 6.6.6.254 
      11. set interface ethernet0/3.1 dhcp server option netmask 255.255.255.0 
      12. set interface ethernet0/3.1 dhcp server option domainname example.com 
      13. set interface ethernet0/3.1 dhcp server option dns1 6.6.6.11 
      14. set interface ethernet0/3.1 dhcp server option dns2 8.8.8.8 
      15. set interface ethernet0/3.1 dhcp server option dns3 8.8.4.4 
      16. set interface ethernet0/3.1 dhcp server option smtp 6.6.6.11 
      17. set interface ethernet0/3.2 dhcp server option lease 60 
      18. set interface ethernet0/3.2 dhcp server option gateway 6.6.7.254 
      19. set interface ethernet0/3.2 dhcp server option netmask 255.255.255.0 
      20. set interface ethernet0/3.2 dhcp server option domainname example.com 
      21. set interface ethernet0/3.2 dhcp server option dns1 8.8.8.8 
      22. set interface ethernet0/3.2 dhcp server option dns2 8.8.4.4
      23. set interface ethernet0/3.1 dhcp server ip 6.6.6.100 to 6.6.6.149
      24. set interface ethernet0/3.2 dhcp server ip 6.6.7.100 to 6.6.7.149
      25. unset interface ethernet0/3.1 dhcp server config next-server-ip
      26. unset interface ethernet0/3.2 dhcp server config next-server-ip
      27. set address "Trust" "6.6.6.0" 10.53.48.0 255.255.255.0 "Trusted Wireless"
      28. set address "Untrust" "6.6.7.0" 172.16.47.0 255.255.255.0 "Untrusted Wireless"
      29. set interface ethernet0/3.1 dhcp server ip 6.6.6.50 mac
      30. set interface bgroup0 dhcp server ip 6.6.5.50 mac
    2. Create Reasonable Policies for Untrusted and Trusted wireless segments.

Comments

Post a Comment