Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1490
Views
0
Helpful
8
Replies

How To: Setting up two WLANs (Private and Guest) - two distinct IP schemes.

daniel.acosta
Level 1
Level 1

‎08-14-2013 12:04 PM - edited ‎07-04-2021 12:39 AM

WLC 2504 running software version 7.4.100.0.

Goal:

  1. Private WLAN to allow access to internal network
  2. Guest WLAN to allow access to web (in the DMZ)


We currently have the wifi-network running and is servicing web access only.

Any ideas on how best to go about this? There will be need to assign two different IPs to wireless clients depending on which WLAN they access.

Thanks.

Labels:
0 Helpful
8 Replies 8

Erwin Salazar
Cisco Employee
Cisco Employee

‎08-14-2013 12:46 PM

Hello Daniel,

So in order to segregate traffic based on the WLAN they are connecting to, you will first need to establish/create dynamic interfaces on your controller which will be 'mapped' to a specific SSID(ie. Private or Guest):

http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/consolidated/b_cg74_CONSOLIDATED_chapter_011111.html#ID594

If you already have the dynamic interfaces in place, you simply just create the WLAN under WLANs > Create New > Go.  Once you apply, you will be sent to the 'General' section where you can apply the 'Interface' to the dynamic interface you created in which to put the client on. 

Cheers,
Erwin

______________________________________

How helpful was I? Don't forget to rate me when you have the chance!

Cheers, Erwin ______________________________________ How helpful was I? Don't forget to rate me when you have the chance!
0 Helpful

George Stefanick
VIP Alumni
VIP Alumni
In response to Erwin Salazar

‎08-14-2013 12:51 PM

If you want to drive guest to a DMZ and I dont know the size of your network most folks use an anchor to do this. Or you can truck this to a DMZ.

Here is an example without an anchor

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

George Stefanick
VIP Alumni
VIP Alumni
In response to George Stefanick

‎08-14-2013 12:53 PM

Here is an anchor example

http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob30dg/GstSvc1.html

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

daniel.acosta
Level 1
Level 1
In response to George Stefanick

‎08-14-2013 12:55 PM

Thanks George for your feedback as well.  Allow me to review.  I appreciate it.

0 Helpful

daniel.acosta
Level 1
Level 1
In response to Erwin Salazar

‎08-14-2013 12:53 PM

Thanks Erwin for the speedy response. Let me take a closer look at what you're suggesting and will feedback shortly.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎08-14-2013 02:40 PM

Let me add my 2 cents.

You can purchase another 2504 since they support guest anchoring as the example George posted. You need v7.4 or later which you already have. Or you can specify ports on the 2504 and connect one port to your inside network and one in your dmz like the Erwin mentioned, but you specify the dynamic interface to a certain port in the wlc.

Sent from Cisco Technical Support iPhone App

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

daniel.acosta
Level 1
Level 1
In response to Scott Fella

‎08-15-2013 06:41 AM

Scott, thank you also for the response.  Allow me to all digest the recommendations.  Again, I appreciate each response.

0 Helpful

devils_advocate
Level 7
Level 7

‎08-15-2013 08:26 AM

If you can afford a second controller, I would do this and make it a Guest Anchor as mentioned above. This way the traffic is encrypted all the way to the Guest anchor controller (which sits in your DMZ) and is then switched onto the Internet.

If not, the 2504 has seperate physical interfaces so you could have one which goes into your LAN and another which goes into your DMZ switch. Setup seperate virtual interfaces on the controller and ensure the traffic goes seperately across the physical links, once onto the LAN and the other into the DMZ and onto the web.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card