12-27-2011 11:20 AM - edited 07-03-2021 09:18 PM
Hello all,
I have installed a pair of 5508 controllers in our network. One controller sits inside the network and APs are configured to associate with that controller. The second controller sits on a DMZ interface off the ASA. I have a guest network configured and it works great. I would like to configure additional guest networks at remote locations. Each guest WLAN will have it's own SSID. Is it possible to map all of these to the same VLAN? Or do I need a seperate VLAN and subnet for each SSID.
Thanks
12-27-2011 11:39 AM
If the SSIDs will be different and you still want to tunnel back the guest traffic, you will need to create a new SSID on your internal and dmz so you can anchor the SSID. You can still place guest users on the same subnet in the dmz also.
Thanks,
Scott Fella
Sent from my iPhone
12-27-2011 11:45 AM
Scott,
Thanks for the reply. I have created different SSIDs and mapped them to the same VLAN. Everything looks good but I'm getting some strange behaviors on the new SSIDs. It appears that users don't authenticate but I've verified the credentials quite a few times. I wanted to make sure that you could map multiple SSIDs to the same VLAN before I continued troubleshooting.
12-27-2011 11:47 AM
Yes you can... Double check to make sure your SSIDs match exactly between the inside and dmz wlc. Only thing different should be the interface.
Thanks,
Scott Fella
Sent from my iPhone
12-27-2011 11:48 AM
Scott,
Thanks again for the help. I'll go back and double check everything and post an update.
12-27-2011 11:54 AM
You should also see the clients Mac address on the gust anchor.
Thanks,
Scott Fella
Sent from my iPhone
12-27-2011 11:49 AM
To add to Scotts comment. Insure the new WLAN is anchored to the new WLAN DMZ as well.
12-28-2011 09:32 AM
Scott, George,
Thanks for your input and support. Everything matches and is anchored properly. I changed the password to the new guest WLAN to a unique value and everything works. When the passwords match between two WLANs the second , or newer WLAN, doesn't authenticate clients. I am using WPA2+PSK. I expect this is a known limitation.
12-28-2011 09:55 AM
Mark,
Each WLAN is its own so it doesn't matter if you use the same authentication or not. Why not leave the new ssid to open and test, start with the basic setting and then start adding. Just to recap, the guest ssids are different correct, but using the same authentication method.
12-28-2011 10:03 AM
Scott,
It would make sense that all of the WLANs are unique but for some reason if I use the same password , or PSK, it doesn't work. If I change it by 1 character it works fine. I've tried this for two new WLANs, both with unique SSIDs, and the story is the same. :-(
12-28-2011 10:07 AM
Interesting.... Shouldn't but it seems like you did your testing. If you are using the same pre shared key, why not just keep the WLAN SSID identical?
Thanks,
Scott Fella
Sent from my iPhone
12-28-2011 10:12 AM
Scott, I may end up using a single SSID. Unique SSIDs sounded nice but now that I have run into this they sound like they are more trouble then they are worth. Thanks for all of your help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide