You want to provide wireless access for corporate and guest users, but guest users should have access to the Internet only.
Create security zones for each type of user group. For this recipe, we will create a
corp zone for corporate users, and a
guest zone for guest users:
set zone name "corp" set zone name "guest"
Assign the wireless interfaces
guest; also, configure the wired interfaces
ethernet0/0 to the
Untrust zone and
ethernet0/2 to the
Trust zone. Then, configure the IP addresses to each interface:
set interface "ethernet0/0" zone "Untrust" set interface "ethernet0/2" zone "Trust" set interface "wireless0/0" zone "corp" set interface "wireless0/1" zone "guest" set interface ethernet0/0 ip 192.168.1.35/24 set interface ethernet0/2 ip 192.168.4.1/24 set interface wireless0/0 ip 192.168.2.1/24 set interface wireless0/1 ip 192.168.3.1/24
You can use the DHCP server on the wireless network by configuring the DHCP server service on the wireless interfaces:
set interface wireless0/0 dhcp server service set interface wireless0/1 dhcp server service set interface wireless0/0 dhcp server option gateway 192.168.2.1 set interface wireless0/1 dhcp server option gateway 192.168.3.1 set interface wireless0/0 dhcp server ip 192.168.2.33 to 192.168.2.126 set interface wireless0/1 dhcp server ip 192.168.3.10 to 192.168.3.20
For the guest users, configure authentication using