Required INI settings
DNSServerIP=[put a real DNS server here]
This implementation, with separate LANs for the wireless guest vs. internal network, is strongly suggested to keep wireless patrons entirely out of the internal/office network.
Another way to accomplish this is if your firewall allows for multiple inside interfaces; such as LAN1, LAN2, or LAN1, DMZ you can use this second inside interface for the guest network.  See Example 9.
The Windows server runs DNS Redirector and two sites in IIS, each bound to a unique IP address.
* Optionally, an all-in-one device like the Cisco RV220W or ZyXEL ZyWALL USG20W could be used.  This would cut the cost of the separate Firewall, Switch, and Wireless AP as shown.  The only special consideration is that you must be able to specify the DNS Redirector server IP as the sole DNS Server handed out by DHCP Properties.
See FAQ 24.  Alternatively, you could run DHCP service from the Windows Server, turning it off on the Firewall.

DNS Redirector | Legal Information | 2003-2017