I have an Aironet 1130AG a Catalyst 500 Switch, and an ISP-managed Cisco router in my network. Currently everything works great, but I want to add a special wireless VLAN for restricted access to the internet only.
The router in place has FE 0/0, which was our original internal gateway (192.168.1.1), and FE 0/1, which has been repurposed as our new guest gateway (192.168.200.1). It's also configured to provide DHCP leases to the 192.168.200.x network.
The 1130 is all configured, with an internal SSID linked to VLAN1 (Native) and a guest SSID linked to VLAN2. I've also gone in and created a VLAN with an ID of 2 on the Catalyst, but I have some questions about how this setup should work on the switch end.
The 1130AG is plugged into Port 3 of the Catalyst which has the Smartport role "AP" with a native VLAN of 1. It's my understanding that the AP role allows access to all configured VLANs which sounds like what I want. The router's FE0/0 is plugged into port 23 with the Smartport role "Other" and an access VLAN of 1. I intend to plug FE0/1 into port 24 with the Smartport role "Other" and an access VLAN of 2. The reasoning here is that the "Router" role supposedly allows access to all VLANs, which is not what I want since these two networks should not be talking to each other.
Here are my questions:
- Will this work as intended? What I don't understand is how access VLAN ports work on the Catalyst. Do they tag frames with 802.1Q VLAN IDs or just isolate those ports from the rest of the switch?
- Will my DHCP server be able to send leases to the clients on the guest wireless network? I would think so, but again I'm not 100% sure. Should I specify a VLAN ID in the advanced DHCP options?
- Will I need to specify a VLAN ID for my router's FE0/1? Again, I have no clue here.
Any help would be greatly appreciated. Thanks!