Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

guest setup

I read the following link http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml#C4 and I need some help. ISP owns the router but I own the a firewall (watchguard 1250e) and is set to drop-in mode. Currently I have one VLAN configured. My network consists of Cisco 3750 switches and Cisco WLAN 1252's. Wireless is working with no problems. I want to configure wireless guest account for my IPAD's. I have public IP address assigned to my trusted network interface and I created a secondary network for my internal users. 10.100.0.1\21. All my switches, WLAN's, computers, etc or configured with this secondary IP address. I have an internal DHCP server for distributing IP address's to my computers.

Can I configure the firewall eg. add another secondary IP address range of 10.100.8.0 and configure the VLAN on the switches to for this range?

7 REPLIES
Hall of Fame Super Silver

guest setup

Hugh,

Never tried using a secondary address for the wireless, but I don't see why it wouldn't work.  IS this an autonomous setup or do you have a WLC?  From the link you posted, it looks like it s a WLC, but just making sure.

-Scott
*** Please rate helpful posts ***
Community Member

guest setup

I have a WLC

Hall of Fame Super Silver

guest setup

Well if you can get the secondary address to route to your FW or have your FW do the routing, then you should be able to get that to work.  The only think I can see is when you create teh dynamic interface on the WLC and you have to specify the vlan id.  That might be where this might not work.  Its easier if you don't have a secondary address and just create a whole new subnet/vlan and either have the L3 switch do the routing.

-Scott
*** Please rate helpful posts ***
Community Member

guest setup

Here is watchguards response.

option 1 - have the 2nd VLAN connect to an unused firewall interface as an untagged port, using a

different subnet than is on trusted

option 2 - have the 2nd VLAN also be enabled on the switch port which connects to your firewall

Hall of Fame Super Silver

guest setup

Well the thing with secondary address is that you use the same vlan id. I don't think the FW will accept that.

-Scott
*** Please rate helpful posts ***
Community Member

guest setup

You are most likely right..... After researching my switches (3750's). If I engage EMI which acts as routing between the VLANs, shouldn't that work.

Hall of Fame Super Silver

Re: guest setup

That will work.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
432
Views
0
Helpful
7
Replies
CreatePlease to create content