Hi Guys

Wonder if you could help?

We've got a setup where we have a WLC 4402 with two ports connected to the LAN. One port is connected on VLAN 10 and is the management/ap manager interface and one port is connected on VLAN 99 and is the guest interface. We have two WLANs one is Corporate and one is Guest. The Corporate WLAN uses the management interface and clients receive IP addresses from a configured Windows DHCP Server. The Guest users should receive their IP addresses from the ASA firewall (configured under the DHCP section of the Guest Dynamic Interface).

When clients connect to the corporate WLAN they receive an IP address from the DHCP server without any problem. When clients connect to the Guest WLAN they are unable to receive an IP address. If I untick "Enable DHCP Proxy" under the DHCP settings for the Wireless Controller, the clients connecting to the guest WLAN receive IP addresses from the ASA DHCP Pool.

My first question is if there is anyway to keep the added protection of the DHCP Proxy feature of the WLC and have the clients receive IP addresses from the DHCP pool configured on the ASA? It seems that the only way just now is to turn off the DHCP Proxy feature altogether which seems to be something which I should avoid doing.

My second question is about the configuration of the interfaces. The only two VLANs that will be presented on the ports of my contoller are going to be the management VLAN 10 and the guest VLAN 99 (no money for fancy anchor controllers). Can I leave both dynamic interfaces untagged? They are on separate VLANs on the switchports so it would make sense to me for both dynamic interfaces to be left untagged.

Many thanks in advance.

Stephen