ASA5505 Configuration for WAP4410 with multiple VLans
Hi, I am trying to determine the best way to configure a WAP4410N, with our ASA5505, so that the WAP will have 3 SSIDs. 1, "Wireless-Inside" will allow internal users to connect to the internal network, 2 "Guest-DMZ" will allow guests access to the internet and not the internal network, and 3 "TimeClock-DMZ", which will only allow our timeclock to connect over the internet to its web instance.
interface Ethernet0/7
switchport access vlan 30
switchport trunk allowed vlan 1,15,30
switchport mode trunk
!
*Inside: This network has Static IP Addresses
interface Vlan1
nameif inside
security-level 100
ip address 192.168.50.140 255.255.255.0
!
access-list Inside-to-any extended permit ip 192.168.50.0 255.255.255.0 any
nat (inside) 2 192.168.50.0 255.255.255.0
interface Vlan15
description Internal Wireless
nameif Wireless-Inside
security-level 100
ip address 192.168.60.254 255.255.255.0
!
access-list Wireless-Inside_access_in extended permit ip 192.168.60.0 255.255.255.0 any
access-list Wireless-Inside_access_in extended permit icmp 192.168.60.0 255.255.255.0 any
nat (Wireless-Inside) 2 0.0.0.0 0.0.0.0
access-group Wireless-Inside_access_in in interface Wireless-Inside
dhcpd address 192.168.60.100-192.168.60.
dhcpd dns 192.168.50.50 interface Wireless-Inside
dhcpd enable Wireless-Inside
interface Vlan30
description Guest
no forward interface Vlan1
nameif Guest-DMZ
security-level 50
ip address 192.168.10.1 255.255.255.0
!
access-list Guest-DMZ_access_in extended permit ip 192.168.10.0 255.255.255.0 any
access-list Guest-DMZ_access_in extended permit icmp 192.168.10.0 255.255.255.0 any
nat (Guest-DMZ) 2 0.0.0.0 0.0.0.0
access-group Guest-DMZ_access_in in interface Guest-DMZ
dhcpd address 192.168.10.100-192.168.10.
dhcpd dns 8.8.8.8 8.8.4.4 interface Guest-DMZ
dhcpd enable Guest-DMZ
WAP4410 Network Setup
Local IP: 192.168.10.10
subnet mask: 255.255.255.0
Default Gateway: 192.168.10.1
Primary DNS: 8.8.8.8
Secondary DNS: 8.8.4.4
[VLAN SETUP]
Default VLAN ID: 1
AP Management VLAN: 1
VLAN Tag: Untagged
[SSID Names:]
Guest - VLAN: 30
WIFI - VLAN: 15
TimeClock - VLAN: 30
QUESTIONS:
1) Should the IP address for my WAP4410N be on the same subnet as my Internal network?
2) I am having trouble getting the inside Wifi to connect to the internal network and I cannot access internet
3) I just want to make sure the setup will not allow the Guest or Time clock SSID's access to the internal network . If there is a best practice for the setup I am try to setup, I would like to use it
Thanks, Ian
interface Ethernet0/7
switchport access vlan 30
switchport trunk allowed vlan 1,15,30
switchport mode trunk
!
*Inside: This network has Static IP Addresses
interface Vlan1
nameif inside
security-level 100
ip address 192.168.50.140 255.255.255.0
!
access-list Inside-to-any extended permit ip 192.168.50.0 255.255.255.0 any
nat (inside) 2 192.168.50.0 255.255.255.0
interface Vlan15
description Internal Wireless
nameif Wireless-Inside
security-level 100
ip address 192.168.60.254 255.255.255.0
!
access-list Wireless-Inside_access_in extended permit ip 192.168.60.0 255.255.255.0 any
access-list Wireless-Inside_access_in extended permit icmp 192.168.60.0 255.255.255.0 any
nat (Wireless-Inside) 2 0.0.0.0 0.0.0.0
access-group Wireless-Inside_access_in in interface Wireless-Inside
dhcpd address 192.168.60.100-192.168.60.
dhcpd dns 192.168.50.50 interface Wireless-Inside
dhcpd enable Wireless-Inside
interface Vlan30
description Guest
no forward interface Vlan1
nameif Guest-DMZ
security-level 50
ip address 192.168.10.1 255.255.255.0
!
access-list Guest-DMZ_access_in extended permit ip 192.168.10.0 255.255.255.0 any
access-list Guest-DMZ_access_in extended permit icmp 192.168.10.0 255.255.255.0 any
nat (Guest-DMZ) 2 0.0.0.0 0.0.0.0
access-group Guest-DMZ_access_in in interface Guest-DMZ
dhcpd address 192.168.10.100-192.168.10.
dhcpd dns 8.8.8.8 8.8.4.4 interface Guest-DMZ
dhcpd enable Guest-DMZ
WAP4410 Network Setup
Local IP: 192.168.10.10
subnet mask: 255.255.255.0
Default Gateway: 192.168.10.1
Primary DNS: 8.8.8.8
Secondary DNS: 8.8.4.4
[VLAN SETUP]
Default VLAN ID: 1
AP Management VLAN: 1
VLAN Tag: Untagged
[SSID Names:]
Guest - VLAN: 30
WIFI - VLAN: 15
TimeClock - VLAN: 30
QUESTIONS:
1) Should the IP address for my WAP4410N be on the same subnet as my Internal network?
2) I am having trouble getting the inside Wifi to connect to the internal network and I cannot access internet
3) I just want to make sure the setup will not allow the Guest or Time clock SSID's access to the internal network . If there is a best practice for the setup I am try to setup, I would like to use it
Thanks, Ian
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER