I am trying to implement a Cisco Wireless solution. I have some Cisco knowledge, but it is limited. I did successfully configure the WLC 4402 with 1200 series APs. Created two WLANs, each with its own SSID. SSID ?guest? uses WEP, and gets addresses via the internal DHCP server. The DCHP range I chose exists within out current network, something I need to change according to the documentation I have read. This network should not see our network, but can browse the internet. SSID ?secure? uses WPA with MAC authentication. I can connect to either SSID and access all network resources. However this only works with two caveats.
1) I have to use the management interface
2) The DHCP range for the guest network needs to fall within our network
Trying to implement any kind of security for the ?guest? network has not gone so well. I have problems just about at every point. After reading some documents, I decided I needed to add 2 interfaces for the 2 WLANs. My interface info is below.
Interface Name Mgr Port Vlan Id IP Address Type Ap
-------------------------------- ---- -------- --------------- ------- ----
ap-manager LAG untagged 10.1.104.154 Static Yes
guest LAG 10 192.168.10.10 Dynamic No
management LAG untagged 10.1.104.153 Static No
production LAG 20 192.168.20.20 Dynamic No
service-port N/A N/A 192.168.1.1 Static No
virtual N/A N/A 126.96.36.199 Static No
My intention was to apply an access list the guest VLAN so as to limit its traffic. If I apply the guest interface ?VLAN 10 (instead of the management-VLAN 0) it doesn?t work. I found a doc that addresses this so I added trunking to the interface the WLC is attached to on our 6509 (CatOS)switch.
MySwitch (enable) set trunk 2/6 on dot1q
Trunking is enabled, but no dice. I thought this might be a routing issue between my switch and my gateway. So I changed the VLAN on the management interface. I thought this would at the very least allow me to ping the switch, but I was wrong. I changed that back and added this entry into our gateway
ip address 192.168.20.1 255.255.255.0
I thought that way the wireless controller would be able to see the IP address, on the router, but it didn?t work.
Also I cannot use the new DHCP range I chose (192.168.10.x), I assume because it is not 10.1.x.x, so it can?t find it.
I would really appreciate some help from someone who has done this. I am very confused.