Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to enable wireless guest network in Cisco Wireless AP

Posted on 2016-10-12
11
Medium Priority
?
106 Views
Last Modified: 2016-10-13
Dear experts, I will be placing 2 wireless Cisco 1831 AP in my network. It's a simple network with an ASA and a Cisco 2960 switch. I intend to assign an interface in the ASA for wireless network. My ASA will be the DHCP server for wireless clients. Is there any way I can create 2 SSIDs? I for internal use and 1 for guest? Guest will have direct access to the internet only.
0
Comment
Question by:totallypatrick
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 5

Expert Comment

by:Gareth Tomlinson CISSP
ID: 41841450
Yes, very simple to set up 2 SSID, match the VLAN with the existing network for the internal users, create a new VLAN for the guest users.
Set your switch ports for the AP as trunk ports for the 2 VLANs and connect the ASA interfaces to the same VLANs
0
 

Author Comment

by:totallypatrick
ID: 41841491
Thanks Gareth. How does DHCP work in this case? I do not have any Windows Server in my Network. I'm thinking of using the ASA to assign the IP Address. Say VLAN 1 is 192.168.30.0 for internal network and VLAN 2 is 192.168.40.0 for guest network. Can ASA assign the IP address for both VLANs? Do I create sub-interface on the ASA to do that?

Can I setup the trunk on my AP using the GUI interface? I am not really familiar with CLI.
0
 
LVL 5

Expert Comment

by:Gareth Tomlinson CISSP
ID: 41841505
Hi
DHCP is set up on the SSID setup on the AP, just tell it the IP address of the DHCP server; in this case the ASA
ASA can assign DHCP for both networks, just set up 2 scopes on the DHCP server section.
Remember DNS for the internet , use your local ISP DNS or google 8.8.8.8 and 8.8.4.4
Don't create subinterfaces if you don't need to, use 2 separate interfaces on the aSA and assign a scope to each, it is simpler. The switch needs a port in each VLAN for the ASA of course.
The AP will set up a trunk, the gui will do everything you need. I haven't used a cli on an AP for years!
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 5

Expert Comment

by:Gareth Tomlinson CISSP
ID: 41841512
0
 

Author Comment

by:totallypatrick
ID: 41841695
Hi Gareth, to be sure I got you right. Since this is a small office, I only have a 2960-X layer 2 switch only. No layer 3 switch.

i) I will assign 2 physical interface (internal and guest network) on the ASA to be connected to the switch. No trunking is needed between ASA and Switch.
ii) Create 2 separate VLANS on the switch. Vlan 100 for internal network (wired and wireless) and Vlan 200 for guest network (wireless)
iii) Assign 1 port on the switch to be setup as trunk to be connected to the AP. The trunk will carry Vlan 100 and Vlan 200.
iv) Create Vlan 100 and Vlan 200 in the AP. Do I create 2 different SSID on the AP and map each SSID to the corresponding Vlan?
v) Activate DHCP server feature on the 2 interfaces.
0
 
LVL 5

Expert Comment

by:Gareth Tomlinson CISSP
ID: 41841704
Exactly right, Patrick. part iv, yes you map the VLAN to the SSID
Layer 3 is not needed on the switch, the ASA will route for both vLANs
0
 

Author Comment

by:totallypatrick
ID: 41841727
Thanks Gareth.  Do i just configure vlan on the switch as follows?

Switch# configure terminal
Switch(config)# vlan 100
Switch(config-vlan)# name internal
Switch(config-vlan)# end

Switch(config)# vlan 200
Switch(config-vlan)# name wireless
Switch(config-vlan)# end

Switch(config)# int gi0/2
Switch(config)# switchport trunk encapsulation dot1q
Switch(config)# exit

ip route 0.0.0.0 0.0.0.0 192.168.100.1

In the AP,

I will create VLAN ID 100 and 200 then under SSID Manager I will create 2 separate SSID and map to corresponding VLAN. Is this all to it for the AP? Is there a place in the AP's GUI that let us specify that the link is a trunk?
0
 
LVL 5

Expert Comment

by:Gareth Tomlinson CISSP
ID: 41841742
All looks good. When you create the VLANs on the AP, it automatically makes the network link a trunk, don't worry.
0
 

Author Comment

by:totallypatrick
ID: 41841795
Hi Gareth, 1 last question. Is it necessary to configure a native vlan on the AP or VLAN 100 can be the native vlan for management?
0
 
LVL 5

Accepted Solution

by:
Gareth Tomlinson CISSP earned 2000 total points
ID: 41841802
yes, VLAN 100 can be native.
0
 

Author Closing Comment

by:totallypatrick
ID: 41841875
Many thanks for your help
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article I will describe how to setup a Cisco WLC 5508 to work with Apple's Bonjour protocol across VLANs.  I will also discuss using screen mirroring and Airplay on an AppleTV v3.  This article covers the wireless network only and requires m…
The Summer 2017 Scholarship Winners have been announced!
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question