Add a VLAN (This Will Be for the Guest Network)

Configuration->Network->VLANs

Add a VLAN (this will be for the guest network)

Give it a VLAN ID number (Try to keep it simple so you can remember what it is later. i.e. 192.168.xxx.yyy where xxx is the VLAN id.)

Do not assign it to a port.

Apply

Configuration->Network->IP

Click ‘Edit’ for the VLAN you just created.

Click ‘Use the following IP address’ and enter the IP address root for the VLAN. (i.e. if you are using VLAN 200 enter 192.168.200.1. Change that as needed for your network/VLAN) Enter the subnet 255.255.255.0

Apply

Configuration->Network->IP->DHCP Server

Under Pool configuration click Add

Give the Pool a friendly name

In default router enter the IP address you entered into the IP address you entered into the IP address root for the guest VLAN you just created

Enter the DNS server on your network (if you have one)

In the Network section enter the IP address of the VLAN ending in .0 and netmask of 255.255.255.0 (i.e. if you configured the IP address of VLAN200 to 192.168.200.1 then 192.168.200.1 goes in Default router, 192.168.200.0 goes in IP address under the Network section)

Apply

It should take you back to the previous page and now you’ll see a range populated for the name you just created

Configuration->Wizards->Campus WLAN

Campus Only -> Begin

Click New -> Enter a new group name -> ok

Make sure the group name you just created is in the group window. If not select it then hit Next.

Continue

Make sure your Group you just created is selected then click “new” number WLANs

Call the first one what you want the SSID for your employee group to be and click ‘OK’

Make sure your new AP group and your new WLAN are both selected and click next.

Make sure ‘Tunnel’ is selected and click next

Select what Radio Type you want the Aps for employee to use. Then select VLAN1 in the drop down and click the button to put it in the VLAN box.

Click Next

Select ‘Internal’ and click ‘Next’

Move the slider to the top for ‘Strong encryption dynamic per-user keys generated by authentication server’

Under authentication select ‘WAP-2 Enterprise’

Under encryption select what you want to use. AES is ideal, but you can select TKIP or both if needed.

Next

Under the servers box, click ‘Add’

Click the ‘select from known servers’ radio button.

Click ‘Internal’ and ok

It should pop up in your servers box. (you may have to click ok twice to get it to go into the box, you may also see a red warning at the bottom)

Click Next

Click Finish (3 times I think)

Configuration ->Wizards->Campus WLAN

Campus only->Begin

In the drop down select the AP group you created earlier and then next

Continue

Make sure the new AP group is selected and then click ‘New’ under WLANs and enter the name of the SSID you want your new for guest access to have. Click Ok. Make sure that the correct AP group and new WLAN are now selected and click next.

Select ‘Tunnel’ and then next

Select the radio types you want on the guest network. In the drop down select the VLAN you created for the guest network and then click the  to put it in the VLAN box. Click next

Click Guest and then next

Move the slider to the top ‘Captive portal with authentication via credentials (username and password) provided by user’ click next

Make your selections on how you want the captive portal to look. You can change this later if you want.

Click Next

Click Add under the servers box, click the ‘select from known servers’ radio and select internal and click ok.

Click Next

Click Finish 3 times

Configuration->Wireless->AP Installation

Select all of your Aps and click Provision

Change the AP Group to the new AP group you just created

At the bottom click Apply and Reboot.

Configuration->Security->Authentication->Servers->Internal DB

Make sure you have a user setup in the internal DB.

After the Aps have rebooted test.