How to setup Cisco Wireless Lan Controller 2106

Hello!
Just bought the following equipment and need a little help pointing me in the right direction for correct setup.
1 x AIR-WLC2106-K9 WIRELESS LAN CONTROLLER 2106
2 x WS-C3560-8PC-S CATALYST 3560 8 10/100 POE + 1 T/SFP STANDARD IMAGE EN
4 x AIR-LAP1131AG-E-K9 Cisco AP1100 802.11a/b/g w/Antennas

I need to create 2 separate wireless networks, with SSID: Internal and another SSID: GUEST
Both networks must be completly separated

SSID: Internal should use ip range: 192.168.4.XXX
SSID: GUEST should use ip range: 210.210.2.XXX

Can someone point me in the right directions for setup this? :)
WhiteMafiosiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

itnetworknCommented:
Remote into each wireless device and configure your security, SSID, and DHCP server. How are you planning on segmenting your private and public networks? What will be directly connected to the switch? Do you need switch ports that are for the private and public networks?
Ernie BeekExpertCommented:
I set something like this up using VLANs, one called internal and one called internet (guest). Have a look and see if you can figure it out like this:

dot11 vlan-name internal-net vlan 20
dot11 vlan-name internet vlan 6
!
dot11 ssid internet
   vlan 6
   authentication open
   authentication key-management wpa version 1
   guest-mode
   wpa-psk ascii xxxxxxxxxxxxxxxxxx
!
dot11 ssid intra
   vlan 20
   authentication open eap eap_methods_tassintra
   authentication network-eap eap_methods_tassintra
   authentication key-management wpa version 1


interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 6 mode ciphers tkip
 !
 encryption vlan 20 mode ciphers tkip
 !
 ssid internet
 !
 ssid intra
 !
 station-role root access-point
!
interface Dot11Radio0.6
 encapsulation dot1Q 6
 no ip route-cache
 bridge-group 6
 bridge-group 6 subscriber-loop-control
 bridge-group 6 block-unknown-source
 no bridge-group 6 source-learning
 no bridge-group 6 unicast-flooding
 bridge-group 6 spanning-disabled
!
interface Dot11Radio0.20
 encapsulation dot1Q 20 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled

interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
!
interface FastEthernet0.6
 encapsulation dot1Q 6
 ip address 192.168.51.252 255.255.255.0
 ip helper-address 192.168.51.254
 no ip route-cache
 bridge-group 6
 no bridge-group 6 source-learning
 bridge-group 6 spanning-disabled
!
interface FastEthernet0.20
 encapsulation dot1Q 20 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 192.168.1.252 255.255.255.0
 ip helper-address 192.168.1.254
 no ip route-cache
!
interface BVI6
 no ip address
 no ip route-cache

ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host 1.1.1.1 auth-port 1812 acct-port 1813 key 7 smf,sdf,sbs
radius-server vsa send accounting
bridge 1 route ip



This way you can set up the switchport for the wireless like this:

switchport trunk encapsulation dot1q
 switchport trunk native vlan 20
 switchport trunk allowed vlan 6,20
 switchport mode trunk

Without any hassle.
lrmooreCommented:
The switchport to the controller should be a trunk port
The switchports connected to AP's should be Access ports in the AP Management VLAN

Example:
On the switch, create the vlans:
 - vlan 10
     name DATA
   vlan 20
     name GUEST

Controller should have a "management" interface, usually untagged (vlan 1) for AP management
Create 2 more interfaces on the controller
 - Internal LAN, vlan 10
 - Guest Internet, vlan 20

Now you can create the individual WLANS for DATA and GUEST, assigning them each to the proper interface

You need a DHCP server on EACH vlan. One on VLAN1 to assign IP addresses to the AP's, one on VLAN10 to support the clients, and one on VLAN20 to support the Guests.
You could use the same one with multiple scopes. The WLC will let you designate the IP address of the DHCP server for each interface and will relay the DHCP request.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Faisal KhanCommented:
it is very simple.
1. Create apporpriate vlans on switch i.e. vlan10 and vlan20
2. Connect ur WLC with your switch using a trunk port.
3.Configure DHCP on WLC.

Following link will explain all tihs in detail.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00805e7a24.shtml

Good Luck
WhiteMafiosiAuthor Commented:
Thanks lrmoore! Really helped me getting started. Now eveerything works fine :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.