I have a huge issue getting my wireless guest network working. I have seen a lot of suggestions using an extra wlc as an anchor, but at the moment that's not possible.
My equipment is as follows:
- Cisco ASA 5505
- Cisco WS-3850 PoE
- Cisco WS-2960-X PoE
- Cisco WLC 5500
At the moment we don't use any VLAN's except the management vlan 1 on our Cisco Switches. This will be changed, but just not yet.
The connection right now looks like this (if it makes sense):
Fiber / Internet ------> Cisco ASA 5505 -----> WS-3850 PoE (our gateway) -------> Cisco 2690-X PoE
-------------------> Connected to AP
-------------------> Connected to Clients
-------------------> Connected to WLC
Right now we have an SSID named "Internal" that is for employee's only, which works fine - it authenticates with our Radius server and gets a DHCP from our DHCP server.
I wan't another SSID using the built in Guest network feature on the WLC, but isolate the network on a vlan (vlan 50 as an example) and route the traffic directly from a guests machine and through the switches and then out of the ASA to the internet - without being able to access any of the internal resources.
Is this possible and how the heck do I set it up. I've tried various of things, but it just wont work out for me. Could someone be so kind to take me through it step by step, by writing the configuration on each device (ASA, 3850, 2960-X and the WLC controller). I think I would place the DHCP server for the Guest lan on the ASA - unless you have better ideas.