Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How To: Setting up two WLANs (Private and Guest) - two distinct IP schemes.

WLC 2504 running software version 7.4.100.0.

Goal:

  1. Private WLAN to allow access to internal network
  2. Guest WLAN to allow access to web (in the DMZ)


We currently have the wifi-network running and is servicing web access only.

Any ideas on how best to go about this? There will be need to assign two different IPs to wireless clients depending on which WLAN they access.

Thanks.

Everyone's tags (4)
8 REPLIES
Cisco Employee

How To: Setting up two WLANs (Private and Guest) - two distinct

Hello Daniel,

So in order to segregate traffic based on the WLAN they are connecting to, you will first need to establish/create dynamic interfaces on your controller which will be 'mapped' to a specific SSID(ie. Private or Guest):

http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/consolidated/b_cg74_CONSOLIDATED_chapter_011111.html#ID594

If you already have the dynamic interfaces in place, you simply just create the WLAN under WLANs > Create New > Go.  Once you apply, you will be sent to the 'General' section where you can apply the 'Interface' to the dynamic interface you created in which to put the client on. 

Cheers,
Erwin

______________________________________

How helpful was I? Don't forget to rate me when you have the chance!

Cheers, Erwin ______________________________________ How helpful was I? Don't forget to rate me when you have the chance!

How To: Setting up two WLANs (Private and Guest) - two distinct

If you want to drive guest to a DMZ and I dont know the size of your network most folks use an anchor to do this. Or you can truck this to a DMZ.

Here is an example without an anchor

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________

How To: Setting up two WLANs (Private and Guest) - two distinct

Here is an anchor example

http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob30dg/GstSvc1.html

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

How To: Setting up two WLANs (Private and Guest) - two distinct

Thanks George for your feedback as well.  Allow me to review.  I appreciate it.

New Member

How To: Setting up two WLANs (Private and Guest) - two distinct

Thanks Erwin for the speedy response. Let me take a closer look at what you're suggesting and will feedback shortly.

Hall of Fame Super Silver

Re: How To: Setting up two WLANs (Private and Guest) - two disti

Let me add my 2 cents.

You can purchase another 2504 since they support guest anchoring as the example George posted. You need v7.4 or later which you already have. Or you can specify ports on the 2504 and connect one port to your inside network and one in your dmz like the Erwin mentioned, but you specify the dynamic interface to a certain port in the wlc.

Sent from Cisco Technical Support iPhone App

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

How To: Setting up two WLANs (Private and Guest) - two distinct

Scott, thank you also for the response.  Allow me to all digest the recommendations.  Again, I appreciate each response.

How To: Setting up two WLANs (Private and Guest) - two distinct

If you can afford a second controller, I would do this and make it a Guest Anchor as mentioned above. This way the traffic is encrypted all the way to the Guest anchor controller (which sits in your DMZ) and is then switched onto the Internet.

If not, the 2504 has seperate physical interfaces so you could have one which goes into your LAN and another which goes into your DMZ switch. Setup seperate virtual interfaces on the controller and ensure the traffic goes seperately across the physical links, once onto the LAN and the other into the DMZ and onto the web.

448
Views
0
Helpful
8
Replies
CreatePlease login to create content