Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
671
Views
0
Helpful
7
Replies

guest setup

hugh.lancaster
Level 1
Level 1

‎12-28-2011 07:04 AM - edited ‎07-03-2021 09:18 PM

I read the following link http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml#C4 and I need some help. ISP owns the router but I own the a firewall (watchguard 1250e) and is set to drop-in mode. Currently I have one VLAN configured. My network consists of Cisco 3750 switches and Cisco WLAN 1252's. Wireless is working with no problems. I want to configure wireless guest account for my IPAD's. I have public IP address assigned to my trusted network interface and I created a secondary network for my internal users. 10.100.0.1\21. All my switches, WLAN's, computers, etc or configured with this secondary IP address. I have an internal DHCP server for distributing IP address's to my computers.

Can I configure the firewall eg. add another secondary IP address range of 10.100.8.0 and configure the VLAN on the switches to for this range?

Labels:
0 Helpful
7 Replies 7

Scott Fella
Hall of Fame
Hall of Fame

‎12-28-2011 09:59 AM

Hugh,

Never tried using a secondary address for the wireless, but I don't see why it wouldn't work.  IS this an autonomous setup or do you have a WLC?  From the link you posted, it looks like it s a WLC, but just making sure.

-Scott
*** Please rate helpful posts ***
0 Helpful

hugh.lancaster
Level 1
Level 1
In response to Scott Fella

‎12-28-2011 10:27 AM

I have a WLC

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to hugh.lancaster

‎12-28-2011 10:32 AM

Well if you can get the secondary address to route to your FW or have your FW do the routing, then you should be able to get that to work.  The only think I can see is when you create teh dynamic interface on the WLC and you have to specify the vlan id.  That might be where this might not work.  Its easier if you don't have a secondary address and just create a whole new subnet/vlan and either have the L3 switch do the routing.

-Scott
*** Please rate helpful posts ***
0 Helpful

hugh.lancaster
Level 1
Level 1
In response to Scott Fella

‎12-28-2011 10:45 AM

Here is watchguards response.

option 1 - have the 2nd VLAN connect to an unused firewall interface as an untagged port, using a

different subnet than is on trusted

option 2 - have the 2nd VLAN also be enabled on the switch port which connects to your firewall

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to hugh.lancaster

‎12-28-2011 11:17 AM

Well the thing with secondary address is that you use the same vlan id. I don't think the FW will accept that.

-Scott
*** Please rate helpful posts ***
0 Helpful

hugh.lancaster
Level 1
Level 1
In response to Scott Fella

‎12-28-2011 11:41 AM

You are most likely right..... After researching my switches (3750's). If I engage EMI which acts as routing between the VLANs, shouldn't that work.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to hugh.lancaster

‎12-28-2011 11:57 AM

That will work.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card