• September 23, 2020, 09:48:18 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Guest VLAN with portal...extended? Encrypted?  (Read 2901 times)

0 Members and 1 Guest are viewing this topic.

Offline PaulN

  • Rookie
  • **
  • Posts: 6
Guest VLAN with portal...extended? Encrypted?
« on: February 04, 2014, 05:00:01 PM »
A few questions as we test a guest VLAN...

1.  Is there a way to start encrypting our guest data once they get through the portal?  Or if we are issuing guest IDs/passwords anyway, do we skip the portal and do 802.1x?  What about terms?

2.  To extend a guest VLAN from a controller across a routed L3 network, what kind of tunnels?
  • L2TPv3 - work in our WiNG 5.3.1?
  • Auto IPSec - can it extend VLANs for user traffic?
  • MINT Level 2 VLAN tunnels - added in 5.5 - has anyone tried it?
  • Something else?
Thanks for your thoughts.


Offline McNulty

  • Sr. Member
  • ****
  • Posts: 217
Re: Guest VLAN with portal...extended? Encrypted?
« Reply #1 on: February 09, 2014, 11:20:58 PM »
I think L2TPv3 was only added from WiNG 5.4.
If you are on 5.3.1 I recommend you upgrade anyway, I  had a lot of problems with that release.

Offline PaulN

  • Rookie
  • **
  • Posts: 6
Re: Guest VLAN with portal...extended? Encrypted?
« Reply #2 on: February 10, 2014, 12:29:59 PM »
@McNulty  Thanks. Version  5.3.1 has commands for l2tpv3 tunnels, but so far they haven't worked for us.

If you happen to recall details of any problems with 5.3.1, I'm curious.  We are still in pilot mode.

Offline McNulty

  • Sr. Member
  • ****
  • Posts: 217
Re: Guest VLAN with portal...extended? Encrypted?
« Reply #3 on: February 11, 2014, 11:58:50 PM »
Well if you are in Pilot I highly recommend upgrading to the latest firmware versions. (currently 5.5.1). There are many new features and fixes. Also, if ever you approach Motorola support for assistance, their first step is always for you to upgrade to the latest firmware before they are willing to assist you.

Regarding 5.3.1 I had issues with the firewall, which was fixed when I upgraded. Also, the development stream was split after 5.1 - so v5.3.x focused on one feature set while v 5.2.x focused on other features. If you are running 5.3.x and you want a feature from 5.2.x then too bad (I think LT2pv3 is one of those!)

Also it caused a lot of confusion with the numbering because for example v5.2.13 is a much newer firmware than v5.3.1. The good news is that they joined the 2 streams together again from 5.4 onwards.

I am running the latest 5.5.1 at a large site and it is working well and I am making use of the L2TPv3 tunnels in this version.

Looking back at your original question I will see if I can answer more:

IP Sec cannot extend VLANs. IP Sec is Layer 3.
Guest data is encrypted by operating encrypted sessions between the client and the server, independently of the network.

Regarding your other question I can highly recommend the Captive Portal How-To Guide located here:
http://www.michaelfmcnamara.com/files/motorola/WiNG5_Captive_Portal_Design_Guide_June_2011.pdf