Solved

How to enable wireless guest network in Cisco Wireless AP

Posted on 2016-10-12
11
83 Views
Last Modified: 2016-10-13
Dear experts, I will be placing 2 wireless Cisco 1831 AP in my network. It's a simple network with an ASA and a Cisco 2960 switch. I intend to assign an interface in the ASA for wireless network. My ASA will be the DHCP server for wireless clients. Is there any way I can create 2 SSIDs? I for internal use and 1 for guest? Guest will have direct access to the internet only.
0
Comment
Question by:totallypatrick
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 5

Expert Comment

by:Gareth Tomlinson CISSP
ID: 41841450
Yes, very simple to set up 2 SSID, match the VLAN with the existing network for the internal users, create a new VLAN for the guest users.
Set your switch ports for the AP as trunk ports for the 2 VLANs and connect the ASA interfaces to the same VLANs
0
 

Author Comment

by:totallypatrick
ID: 41841491
Thanks Gareth. How does DHCP work in this case? I do not have any Windows Server in my Network. I'm thinking of using the ASA to assign the IP Address. Say VLAN 1 is 192.168.30.0 for internal network and VLAN 2 is 192.168.40.0 for guest network. Can ASA assign the IP address for both VLANs? Do I create sub-interface on the ASA to do that?

Can I setup the trunk on my AP using the GUI interface? I am not really familiar with CLI.
0
 
LVL 5

Expert Comment

by:Gareth Tomlinson CISSP
ID: 41841505
Hi
DHCP is set up on the SSID setup on the AP, just tell it the IP address of the DHCP server; in this case the ASA
ASA can assign DHCP for both networks, just set up 2 scopes on the DHCP server section.
Remember DNS for the internet , use your local ISP DNS or google 8.8.8.8 and 8.8.4.4
Don't create subinterfaces if you don't need to, use 2 separate interfaces on the aSA and assign a scope to each, it is simpler. The switch needs a port in each VLAN for the ASA of course.
The AP will set up a trunk, the gui will do everything you need. I haven't used a cli on an AP for years!
0
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

 
LVL 5

Expert Comment

by:Gareth Tomlinson CISSP
ID: 41841512
0
 

Author Comment

by:totallypatrick
ID: 41841695
Hi Gareth, to be sure I got you right. Since this is a small office, I only have a 2960-X layer 2 switch only. No layer 3 switch.

i) I will assign 2 physical interface (internal and guest network) on the ASA to be connected to the switch. No trunking is needed between ASA and Switch.
ii) Create 2 separate VLANS on the switch. Vlan 100 for internal network (wired and wireless) and Vlan 200 for guest network (wireless)
iii) Assign 1 port on the switch to be setup as trunk to be connected to the AP. The trunk will carry Vlan 100 and Vlan 200.
iv) Create Vlan 100 and Vlan 200 in the AP. Do I create 2 different SSID on the AP and map each SSID to the corresponding Vlan?
v) Activate DHCP server feature on the 2 interfaces.
0
 
LVL 5

Expert Comment

by:Gareth Tomlinson CISSP
ID: 41841704
Exactly right, Patrick. part iv, yes you map the VLAN to the SSID
Layer 3 is not needed on the switch, the ASA will route for both vLANs
0
 

Author Comment

by:totallypatrick
ID: 41841727
Thanks Gareth.  Do i just configure vlan on the switch as follows?

Switch# configure terminal
Switch(config)# vlan 100
Switch(config-vlan)# name internal
Switch(config-vlan)# end

Switch(config)# vlan 200
Switch(config-vlan)# name wireless
Switch(config-vlan)# end

Switch(config)# int gi0/2
Switch(config)# switchport trunk encapsulation dot1q
Switch(config)# exit

ip route 0.0.0.0 0.0.0.0 192.168.100.1

In the AP,

I will create VLAN ID 100 and 200 then under SSID Manager I will create 2 separate SSID and map to corresponding VLAN. Is this all to it for the AP? Is there a place in the AP's GUI that let us specify that the link is a trunk?
0
 
LVL 5

Expert Comment

by:Gareth Tomlinson CISSP
ID: 41841742
All looks good. When you create the VLANs on the AP, it automatically makes the network link a trunk, don't worry.
0
 

Author Comment

by:totallypatrick
ID: 41841795
Hi Gareth, 1 last question. Is it necessary to configure a native vlan on the AP or VLAN 100 can be the native vlan for management?
0
 
LVL 5

Accepted Solution

by:
Gareth Tomlinson CISSP earned 500 total points
ID: 41841802
yes, VLAN 100 can be native.
0
 

Author Closing Comment

by:totallypatrick
ID: 41841875
Many thanks for your help
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Patch panel 7 65
HP 1920 Switch -- IFNET LINK_UPDOWN Errors 3 135
Reset HP V1905-24-PoE switch to factory default settings 2 111
How to separate mgmt & production vm network 8 79
Hopefully this article will help someone who's had the same issues I had. I have a Dell Wireless 1390 WLAN Mini-Card and Windows 7, and for the past couple of days I was beyond frustrated because my wireless laptop was not able to access the Inte…
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question