Cisco 2500 Series Wireless Controller DHCP?

We're using a Cisco 2500 Series Wireless Controller for the facility wireless and its running 2 SSID's public and private. Whoever set it up set up the public and private on the same subnet 10.1.110.x and clients are getting DHSP from an ASA that's the buildings firewall that I have no access to. (Its managed by third party) My question is we want to have the public and private on different subnets or at the very least the public one. I haven't worked with this model before but see it has a DHCP option in the Cisco 2500 Series Wireless Controller. Can I enable that and set a scope that just gives DHCP to the public SSID and if so how?
LVL 2
Axis52401Security AnalystAsked:
Who is Participating?
 
Craig BeckConnect With a Mentor Commented:
No. I think it's safe to say you're not using FlexConnect so changes only need to be made at the WLC and the switch it connects to (if creating a new VLAN for guests).
0
 
AkinsdNetwork AdministratorCommented:
Yes
2 Methods, via CLI or Web browser. I will walk you through the browser method

Log on to to Controller
- Click "Controller" Tab
- Expand Internal DHCP server on the left
- Click New and create a new scope.
- Assign the address range
0
 
Axis52401Security AnalystAuthor Commented:
I've already got one created for the public, I left it disabled for now I didn't know how to specify just the one SSID use it. I used 192.168.10.100 - 192.168.10.200 for it
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
Axis52401Security AnalystAuthor Commented:
Also I'm logged into that network remotely. I'd like to set this up and is possible leave it disabled for now and then be on site to turn it on just to make sure there are no problems when I bring the new configuration for the wireless online
0
 
AkinsdNetwork AdministratorCommented:
Ok

You should be fine as long as the wlan and visitor interfaces are configured as you mentioned

If not
Create a new vlan and assign their wlan to it

- Controller
- Interfaces
- New
- Apply


- WLAN
- Create New :> (Go)
- General tab
- Interface/Interface Group
- Select drop down and choose the interface you created
- Apply
0
 
Axis52401Security AnalystAuthor Commented:
OK I don't have any VLANs created for this. What do I call it and VLAN ID?

For WLAN you're saying I need to create a new one or can I use the existing Public SSID one and change the Interface one from management to whatever one I create?
0
 
AkinsdNetwork AdministratorCommented:
You can call it anything eg PUBLIC

The VLAN ID here is not that critical, it is local to the controller and usually increments chronologically as you add new ones
WLAN

The VLAN ID you need to pay attention to is the one on the interface. It must match the vlan on your network.
Let's assume the subnet you reserved for it is in vlan 10 = 192.168.10.0 /24 based on the range you provided. (I am assuming it is most likely a class C IP range )
192.168.10.100 - 192.168.10.200

Then, the VLAN ID on the interface must be 10
Interface
0
 
Axis52401Security AnalystAuthor Commented:
So I that all I have to do and then clients on the public ssid will receive an address on the new network?
0
 
Axis52401Security AnalystAuthor Commented:
When I go to create the interface it wants this. For the existing management interface one for port number it has 1 for IP address is has the devioces LAN IP for this new one what do I use? Do I have to plug something into this port physically? For DHCP information for the existing one it has the firewall that is currently giving out DHCP but for this VLAN/SSID we are creating I want this device to be the DHCP server

Configuration    
 
 
 
   
Physical Information    
 
 Port Number    
Backup Port    
Active Port    
Enable Dynamic AP Management  
Interface Address    
 
VLAN Identifier  
IP Address    
Netmask    
Gateway  

DHCP Information    
 
Primary DHCP Server  
Secondary DHCP Server
0
 
Axis52401Security AnalystAuthor Commented:
.
0
 
AkinsdNetwork AdministratorCommented:
Use the same settings you have for the other ones. the only differences will the DHCP server address, which will be the IP address you assigned to the controller's interface you created

The following are assumptions

Port Number    1
Backup Port     2
Active Port     1

Enable Dynamic AP Management    
Interface Address    
 
VLAN Identifier   10
IP Address   192.168.10.253  
Netmask      255.255.255.0
Gateway    192.168.10.254

DHCP Information    
 
Primary DHCP Server   192.168.10.253
Secondary DHCP Server


I hope you get the picture.
0
 
Axis52401Security AnalystAuthor Commented:
it looks like the current only interface is called management has an IP address of 10.1.110.6 and port 1
So if I create this new Interface and set my IP 192.168.10.253 and use port 1 as well it won't cause a problem with 2 IP addresses using that port?
 I only as because I'm connecting to it remotely to IP 10.1.110.6 I don't want to hit save and lose connection and take everything down.
0
 
Craig BeckCommented:
Let's go back to the beginning.

Both your SSIDs use the management interface, which uses the ASA as the Primary DHCP Server.

You need to create a new DHCP scope on the WLC for the subnet you want to give IP addresses to from the WLC, and you need to create a new dynamic interface, as Akinsd said.

However, you need to tell that dynamic interface to use the management IP of the WLC as the Primary DHCP Server, not the IP address of the dynamic interface as Akinsd suggested.

So, let's say you create a dynamic interface called PUBLIC.
Port Number    1
Backup Port     2
Active Port     1

Enable Dynamic AP Management    
Interface Address    
 
VLAN Identifier   10
IP Address   192.168.10.253  
Netmask      255.255.255.0
Gateway    192.168.10.254

DHCP Information    
 
Primary DHCP Server   10.1.110.6   (WLC management IP)
Secondary DHCP Server
Then configure the PUBLIC WLAN to use the new PUBLIC interface you just created.

Just a note about the WLAN ID (not VLAN)...
Any WLAN with an ID greater than 16 (so 17, 18, 100...) will not be broadcast by your APs by default.  To use a WLAN with an ID greater than 16 you must configure AP groups.  You'll probably never do that if you only have 2 WLANs, but it's something to be aware of especially if you like to match the VLAN ID and the WLAN ID (some people do!) :-)
0
 
Craig BeckCommented:
So if I create this new Interface and set my IP 192.168.10.253 and use port 1 as well it won't cause a problem with 2 IP addresses using that port?
No it won't cause a problem - Port 1 is the primary port.  You can use different ports, but you don't have to.
0
 
Axis52401Security AnalystAuthor Commented:
OK, I think I've got it, going to go out to the facility and try it tomorrow. One more question since the APs are spread out throughout 3 buildings will it be necessary to do anything on any of the switches they connect through
0
All Courses

From novice to tech pro — start learning today.