rcooper83
asked on
Setting up VLAN for 1130AG on ASA 5505
I have a Cisco ASA 5505 as my main router here and we have an 1130AG WAP for our wireless. I have configured two different SSID's on the WAP. One is for guests to login to and have access to the internet. The other ties into the main network. I am sort of at a loss as to what needs to be configured to make it accomplish what I would like for it to accomplish.
I would like for guests to be able to connect to the WAP on the guest SSID and get an IP address via DHCP. Does it need to be configured on the WAP or on the ASA?
I would like for the main connection to tie into the regular network.
What steps of configuration are involved?
I would like for guests to be able to connect to the WAP on the guest SSID and get an IP address via DHCP. Does it need to be configured on the WAP or on the ASA?
I would like for the main connection to tie into the regular network.
What steps of configuration are involved?
ASKER
I have a Netgear 48 Port Smart Switch....It does do DHCP and VLAN on it.
However, if I put that switchport on a VLAN seperate from the others would that not isolate the main connection as well as the guests?
However, if I put that switchport on a VLAN seperate from the others would that not isolate the main connection as well as the guests?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Normally you would create a new vlan for the guest side, create a vlan sub interface on the asa side, and pass the guest traffic directly out (ASA would do DHCP, etc), however the 5505 does not allow more than the two vlans (no subinterface), so you will need to do the DHCP and the routing on the switch level.
Or you could use a product like untangle or m0n0wall http://m0n0.ch/wall/ to handle the control of the "guest" wireless traffic and keep it away from your internal network.