«

I've got a WLAN as part of our network. Six AP's (D-Link DWL-2200AP;s) and
a managed switch (D-Link DES-382. One AP is wired to the switch with an IP
on the LAN - 192.168.16.x. Two SSID's - one for access to the LAN (it is
WPA2 enabled) and the other is for guests/visitors (no security) [we are
alone in a avery rural area]. On the switch I have 3 VLAN's -- System
(default), LAN and Guest. I have configured a static route pointing to the
internal network. I created one IP interface (I don't really understand
them), pointing to the internal network.

I am testing this setup with the notebook. It can detect the 2 SSID's fine,
but I can't conect. The notebook diagnostics say it is getting no response
from the AP. Checked the log of the AP - nothing there, and no client info.
Checked the Security Log in Event Viewer on the server (Small Business
Server 2003 Premium SP2) and saw Event ID's 529 and 680 for the attempts.
Apparently the access is being passed right to the server to verify the
credentials -- although I was not given a login window. (same results for
either SSID)

What am I doing wrong??

--
Mike Webb
Platte River Whooping Crane Maintenance Trust, Inc.
a 501 (c)(3) conservation non-profit organization

"Mike Webb" <> wrote in message
news:...
> I've got a WLAN as part of our network. Six AP's (D-Link DWL-2200AP;s)
> and a managed switch (D-Link DES-382. One AP is wired to the switch with
> an IP on the LAN - 192.168.16.x. Two SSID's - one for access to the LAN
> (it is WPA2 enabled) and the other is for guests/visitors (no security)
> [we are alone in a avery rural area].

If the AP only has one IP# then the two SSIDs are using the same network,
therefore the network is unsecured because everyone can just connect to the
Guest SSID instead of the LAN SSID and still get to the same place. Unless
the AP is capable of using the VLANs with a Virtual interface for each VLAN,
and the VLANs are separated from each other by a LAN Router running
ACLs,...the Guest SSID is serving no real purpose other than to provide a
"way around" the LAN SSID

> On the switch I have 3 VLAN's -- System (default), LAN and Guest.

Ok, but those are just "human friendly" names for the VLANs,...they have to
actually run on separate IP Segments and that is what really distiguishes
them from one another at the network level. Also a Switch may have
VLANs,..but a Switch cannot route between the VLAN so it is usless by
itself. There has to be a LAN Router to route between the IP Segments to
handle routing (and possibly ACLs) between them. Now there are Layer3
Switches that are a Switch and a LAN Router built into the same
hardware,..but you need to indicate if you have that,...if you just call it
a Switch then a Switch is all we think you have. For clarity, with a Layer3
Switch you need to call it a "Switch" when refering to the Layer2 Switching
functions,...but refer to it as a Router when refering to its Layer3 routing
function (treat it like it was two separeate devices).

> I have configured a static route pointing to the internal network. I
> created one IP interface (I don't really understand them), pointing to the
> internal network.

I don't understand what you are talking about there. I see no need for a
static route in a fairly simple three-subnet LAN.

> I am testing this setup with the notebook. It can detect the 2 SSID's
> fine, but I can't conect. The notebook diagnostics say it is getting no
> response from the AP. Checked the log of the AP - nothing there, and no
> client info. Checked the Security Log in Event Viewer on the server (Small
> Business Server 2003 Premium SP2) and saw Event ID's 529 and 680 for the
> attempts. Apparently the access is being passed right to the server to
> verify the credentials -- although I was not given a login window. (same
> results for either SSID)

I don't understand your environment well enough to make any other comments
yet.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

Sorry about the confusion. The switch is a L3 one, and I have 3 IP
Interfaces on it -- one for each VLAN (with the hlpe of D-Link's tech
support).

I am unable to connect from this notebook, nor an old Tablet PC running XP
Pro (only capable of 802.1b), but was able to connect fine with 2 yr old
Dell D820 notebook with acard that can do 802.1b & g. Don't know why, but
it works and tells me the setup is okay.

Mike

"Phillip Windell" <> wrote in message
news:%...
> "Mike Webb" <> wrote in message
> news:...
>> I've got a WLAN as part of our network. Six AP's (D-Link DWL-2200AP;s)
>> and a managed switch (D-Link DES-382. One AP is wired to the switch
>> with an IP on the LAN - 192.168.16.x. Two SSID's - one for access to the
>> LAN (it is WPA2 enabled) and the other is for guests/visitors (no
>> security) [we are alone in a avery rural area].
>
> If the AP only has one IP# then the two SSIDs are using the same network,
> therefore the network is unsecured because everyone can just connect to
> the Guest SSID instead of the LAN SSID and still get to the same place.
> Unless the AP is capable of using the VLANs with a Virtual interface for
> each VLAN, and the VLANs are separated from each other by a LAN Router
> running ACLs,...the Guest SSID is serving no real purpose other than to
> provide a "way around" the LAN SSID
>
>> On the switch I have 3 VLAN's -- System (default), LAN and Guest.
>
> Ok, but those are just "human friendly" names for the VLANs,...they have
> to actually run on separate IP Segments and that is what really
> distiguishes them from one another at the network level. Also a Switch
> may have VLANs,..but a Switch cannot route between the VLAN so it is
> usless by itself. There has to be a LAN Router to route between the IP
> Segments to handle routing (and possibly ACLs) between them. Now there
> are Layer3 Switches that are a Switch and a LAN Router built into the same
> hardware,..but you need to indicate if you have that,...if you just call
> it a Switch then a Switch is all we think you have. For clarity, with a
> Layer3 Switch you need to call it a "Switch" when refering to the Layer2
> Switching functions,...but refer to it as a Router when refering to its
> Layer3 routing function (treat it like it was two separeate devices).
>
>> I have configured a static route pointing to the internal network. I
>> created one IP interface (I don't really understand them), pointing to
>> the internal network.
>
> I don't understand what you are talking about there. I see no need for a
> static route in a fairly simple three-subnet LAN.
>
>> I am testing this setup with the notebook. It can detect the 2 SSID's
>> fine, but I can't conect. The notebook diagnostics say it is getting no
>> response from the AP. Checked the log of the AP - nothing there, and no
>> client info. Checked the Security Log in Event Viewer on the server
>> (Small Business Server 2003 Premium SP2) and saw Event ID's 529 and 680
>> for the attempts. Apparently the access is being passed right to the
>> server to verify the credentials -- although I was not given a login
>> window. (same results for either SSID)
>
> I don't understand your environment well enough to make any other comments
> yet.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft, or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>

"Mike Webb" <> wrote in message
news:%...
> Sorry about the confusion. The switch is a L3 one, and I have 3 IP
> Interfaces on it -- one for each VLAN (with the hlpe of D-Link's tech
> support).
>
> I am unable to connect from this notebook, nor an old Tablet PC running XP
> Pro (only capable of 802.1b), but was able to connect fine with 2 yr old
> Dell D820 notebook with acard that can do 802.1b & g. Don't know why, but
> it works and tells me the setup is okay.

I don't know.
Better wait and see what the other guys here think about it.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------