Proper way for setting up Cisco WLAN guest access on seperate subnet
Hello all.
First off, here is our setup.
Main LAN Subnet 192.168.1.0/24
WLAN Controller 2504 on subnet above
Cisco ASA 5505 on subnet above.
We are currently almost maxed out on our IP addresses.
What we are trying to accomplish is to have all wireless users on a separate subnet (e.g. 192.168.50.0/24).
What is required hardware wise, do we need a Cisco Router? We have our DHCP server on 192.168.1.0/24 subnet and would like that to assign addresses to all users on the 192.168.50.0/24 subnet.
I know this can not be as complicated as I am making it.
Please advise, thank you!
First off, here is our setup.
Main LAN Subnet 192.168.1.0/24
WLAN Controller 2504 on subnet above
Cisco ASA 5505 on subnet above.
We are currently almost maxed out on our IP addresses.
What we are trying to accomplish is to have all wireless users on a separate subnet (e.g. 192.168.50.0/24).
What is required hardware wise, do we need a Cisco Router? We have our DHCP server on 192.168.1.0/24 subnet and would like that to assign addresses to all users on the 192.168.50.0/24 subnet.
I know this can not be as complicated as I am making it.
Please advise, thank you!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
sorry, my comment was posted to another question below. really no idea why it was also posted here
http://mobile.experts-exchange.com/questions/28417611/Apple-TV-WiFi-connection.html
anyway, sorry for the inconvenience, if any.
http://mobile.experts-exchange.com/questions/28417611/Apple-TV-WiFi-connection.html
anyway, sorry for the inconvenience, if any.
ASKER
Really quick - I don't really work with VLANs a lot. I have around 13 switches here, do I need that VLAN to be on all the switches going to the DHCP server? Or just one switch that the ASA/WLAN controller are connected to? Thank you.
What switches are they? If they have VTP, you could configure a central switch (or two) to be VTP server and automatically distribute the VLAN config from them ...
Anyway, this depends on the way you have the WLC configured ... if you're running everything in central switching mode, all the traffic will go through the controller, so additional VLANs aren't necessary for the APs. In FlexConnect, you will need the VLANs on the switches they are connected to, all the way through to your ASA.
Anyway, this depends on the way you have the WLC configured ... if you're running everything in central switching mode, all the traffic will go through the controller, so additional VLANs aren't necessary for the APs. In FlexConnect, you will need the VLANs on the switches they are connected to, all the way through to your ASA.
ASKER
They are Cisco 2960's, 3560's.
ASKER
Hm. Well I have everything configured what I thought was correctly, but no go. Doesn't the switch need to know some sort of routing?
I have it like this:
ASA Ethernet0/1.50 (192.168.50.1) -> Port 7 on a switch
WLANC Interface (Port 2) 192.168.50.2 (Gateway set to .1) -> Port 8 on a switch
On the switch, Port 7 and 8 are 802.1Q Trunk with VLAN All. Vlan 50 is configured.
What is doing the routing, I'm confused here :( How does WLAN controller know how to get to cisco asa? Interface GUEST-VLAN (Ethernet 0/1.50) showing 0Kbps....
I have it like this:
ASA Ethernet0/1.50 (192.168.50.1) -> Port 7 on a switch
WLANC Interface (Port 2) 192.168.50.2 (Gateway set to .1) -> Port 8 on a switch
On the switch, Port 7 and 8 are 802.1Q Trunk with VLAN All. Vlan 50 is configured.
What is doing the routing, I'm confused here :( How does WLAN controller know how to get to cisco asa? Interface GUEST-VLAN (Ethernet 0/1.50) showing 0Kbps....
The WLC is just an L2 device ... do you have the SSID assigned to VLAN 50 as well as configured a VLAN subinterface ?
ASKER
Yup. WLAN 'Guests' is assigned interface group guest-vlan which is assigned to port #2, VLAN 50. IP is 192.168.50.2, 255.255.255.0 mask, 192.168.50.1 gateway (which is IP of vlan on inside interface on asa).
I'm missing something silly I'm sure :(
I'm missing something silly I'm sure :(
ASKER
Well, you won't believe this. I was testing with a static IP and typed in 192.168.5.200 instead of 192.168.50.200.
Haha!! Thanks for the help, everything works. Just for future note or anyone else who might need it, NATIVE VLAN should just be 1, correct?
Haha!! Thanks for the help, everything works. Just for future note or anyone else who might need it, NATIVE VLAN should just be 1, correct?
1. check if there are other APs around working on the same or close WiFi channel(s). if yes, try to manually change the
2. check if the MTU is correct or proper. normally for LAN connection, its value should be 1500.