Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1154
  • Last Modified:

VLAN and multiple SSID setup Cisco 1130/PIX 506e

I have a T1 line connected to a PIX 506e through an unmanaged switch. The switch provides access to the T1 for a few other statically addressed devices, and the PIX provides DHCP for a Cisco 1130 wireless access point that in turn broadcasts a single SSID for unrestricted/unsecured public access to the Internet.

I'd like to connect a Windows 2003 domain controller to the setup as a VLAN and add a second secured, non-boradcast SSID to the access point so my staff can access the Active Directory services on the Windows domain controller instead of adding another physical access point.

Can someone suggest a fairly painless way to do this with the current setup?

Thanks,
Noz
0
Nozmoking
Asked:
Nozmoking
  • 3
  • 3
1 Solution
 
dfxdeimosCommented:
You cannot "conntect a Windows 2003 domain controller to the setup as a VLAN" you can connect it TO the VLAN though.

What kind of switch do you have? You will have to have a switch that has some sort of layer 3 capability in order to create the VLANs.
0
 
NozmokingAuthor Commented:
True - I misstated that. The switch is currently an unmanaged Trendnet workgroup switch but it can easily be swapped for a Cisco Catalyst 2950. If I use the switch to set up 2 VLANS, then I'm guessing I can leave the PIX appliance where it is and still use it as a DHCP server for both SSID's... is that correct?

Thanks
0
 
dfxdeimosCommented:
Yes, although if the unsecured SSID is sitting on a different subnet than the DHCP server you will have to have some sort of DHCP relay agent in place, as DHCP requests are sent via broadcast and will only reach to the edge of the collision domain.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
NozmokingAuthor Commented:
As it is now, the single unsecured SSID is on the same subnet as the DHCP server and I'm hoping that connections to the second, secured SSID can use the same subnet and can also be served by the PIX appliance's DHCP server even though they will be using a different VLAN.

If that is not the case, and the VLAN's need separate DHCP servers then I suppose I could use the domain controller on the secured VLAN as a DHCP server.

Thanks
0
 
dfxdeimosCommented:
If they are going to be on the same VLAN (as the boundry of the VLAN is the boundry of the broadcast domain) they can use the same DHCP server.

If they are not on the same VLAN then you will either need a DHCP server on each VLAN or a DHCP relay agent on one VLAN that listens for and realys requests to the VLAN containing the DHCP server.
0
 
NozmokingAuthor Commented:
Thanks - we got it sorted out.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now