I'm connecting a 1240AG access point to a Cisco 2960 via 802.1Q trunking. The AP (access point) has a BVI1 interface address of 10.19.28.20/24, and it's default-gate is 10.19.28.1 and DHCP requests are handled by the private network's DHCP server. I have 2 SSIDs on the AP, 1 private SSID and 1 guest SSID. The private SSID is WEP encrypted, associated to native VLAN 1 (10.19.28.0/24), it isn't broadcasted, and works well. The second SSID is for guests/customers, unencrypted, broadcasted, associated to VLAN 192 (192.168.80.0/24), and its DHCP requests go to a PIX 515 for assignment. I assigned int fa0.192 on the AP with a 192.168.80.0/24 address and I can ping through the PIX and out to the internet. The problem:
Users that connect to the "guest" SSID receive a 192.168.80.0/24 DHCP address from the PIX, but they can't get anywhere after that. No Internet, can't ping their default gate (192.168.80.1/PIX), and they can't even ping the 192.168.80.0/24 address I assigned to the fa0/192 interface on the AP. I think the problem may be with my gateways (the access-point and private SSID gate is 10.19.28.1, but the "guest" SSID users see a gateway of 192.168.80.1). I attached my AP config for review. Anyone have any ideas? Any assistance would be appreciated.
The Guest Mode SSID is an option available in Access Point in order to allows client devices with no SSID to associate to the AP but if you need to have two different SSID in the Access Point with two different types of security enable then you are going to need to configure VLANs in the Swtich and as well in the Access Point.