Solved

How to enable wireless guest network in Cisco Wireless AP

Posted on 2016-10-12
11
40 Views
Last Modified: 2016-10-13
Dear experts, I will be placing 2 wireless Cisco 1831 AP in my network. It's a simple network with an ASA and a Cisco 2960 switch. I intend to assign an interface in the ASA for wireless network. My ASA will be the DHCP server for wireless clients. Is there any way I can create 2 SSIDs? I for internal use and 1 for guest? Guest will have direct access to the internet only.
0
Comment
Question by:totallypatrick
  • 6
  • 5
11 Comments
 
LVL 5

Expert Comment

by:Gareth Tomlinson CISSP
ID: 41841450
Yes, very simple to set up 2 SSID, match the VLAN with the existing network for the internal users, create a new VLAN for the guest users.
Set your switch ports for the AP as trunk ports for the 2 VLANs and connect the ASA interfaces to the same VLANs
0
 

Author Comment

by:totallypatrick
ID: 41841491
Thanks Gareth. How does DHCP work in this case? I do not have any Windows Server in my Network. I'm thinking of using the ASA to assign the IP Address. Say VLAN 1 is 192.168.30.0 for internal network and VLAN 2 is 192.168.40.0 for guest network. Can ASA assign the IP address for both VLANs? Do I create sub-interface on the ASA to do that?

Can I setup the trunk on my AP using the GUI interface? I am not really familiar with CLI.
0
 
LVL 5

Expert Comment

by:Gareth Tomlinson CISSP
ID: 41841505
Hi
DHCP is set up on the SSID setup on the AP, just tell it the IP address of the DHCP server; in this case the ASA
ASA can assign DHCP for both networks, just set up 2 scopes on the DHCP server section.
Remember DNS for the internet , use your local ISP DNS or google 8.8.8.8 and 8.8.4.4
Don't create subinterfaces if you don't need to, use 2 separate interfaces on the aSA and assign a scope to each, it is simpler. The switch needs a port in each VLAN for the ASA of course.
The AP will set up a trunk, the gui will do everything you need. I haven't used a cli on an AP for years!
0
 
LVL 5

Expert Comment

by:Gareth Tomlinson CISSP
ID: 41841512
0
 

Author Comment

by:totallypatrick
ID: 41841695
Hi Gareth, to be sure I got you right. Since this is a small office, I only have a 2960-X layer 2 switch only. No layer 3 switch.

i) I will assign 2 physical interface (internal and guest network) on the ASA to be connected to the switch. No trunking is needed between ASA and Switch.
ii) Create 2 separate VLANS on the switch. Vlan 100 for internal network (wired and wireless) and Vlan 200 for guest network (wireless)
iii) Assign 1 port on the switch to be setup as trunk to be connected to the AP. The trunk will carry Vlan 100 and Vlan 200.
iv) Create Vlan 100 and Vlan 200 in the AP. Do I create 2 different SSID on the AP and map each SSID to the corresponding Vlan?
v) Activate DHCP server feature on the 2 interfaces.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 5

Expert Comment

by:Gareth Tomlinson CISSP
ID: 41841704
Exactly right, Patrick. part iv, yes you map the VLAN to the SSID
Layer 3 is not needed on the switch, the ASA will route for both vLANs
0
 

Author Comment

by:totallypatrick
ID: 41841727
Thanks Gareth.  Do i just configure vlan on the switch as follows?

Switch# configure terminal
Switch(config)# vlan 100
Switch(config-vlan)# name internal
Switch(config-vlan)# end

Switch(config)# vlan 200
Switch(config-vlan)# name wireless
Switch(config-vlan)# end

Switch(config)# int gi0/2
Switch(config)# switchport trunk encapsulation dot1q
Switch(config)# exit

ip route 0.0.0.0 0.0.0.0 192.168.100.1

In the AP,

I will create VLAN ID 100 and 200 then under SSID Manager I will create 2 separate SSID and map to corresponding VLAN. Is this all to it for the AP? Is there a place in the AP's GUI that let us specify that the link is a trunk?
0
 
LVL 5

Expert Comment

by:Gareth Tomlinson CISSP
ID: 41841742
All looks good. When you create the VLANs on the AP, it automatically makes the network link a trunk, don't worry.
0
 

Author Comment

by:totallypatrick
ID: 41841795
Hi Gareth, 1 last question. Is it necessary to configure a native vlan on the AP or VLAN 100 can be the native vlan for management?
0
 
LVL 5

Accepted Solution

by:
Gareth Tomlinson CISSP earned 500 total points
ID: 41841802
yes, VLAN 100 can be native.
0
 

Author Closing Comment

by:totallypatrick
ID: 41841875
Many thanks for your help
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Working settings for French ISP Orange "Prêt à Surfer" SIM cards for data connections only. Can't be found anywhere else !
In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now