Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2059
Views
0
Helpful
6
Replies

Saperate Vlan for Guest Internet

umar bhatti
Level 1
Level 1

‎07-16-2012 04:45 AM - edited ‎07-03-2021 10:24 PM

I am deploying wireless network at my work. I am using PEAP for my clients with radius server which is working fine now. I want to create another wireless network which is for guests with WPA+WPA2 authentication. I want to know if it’s best to use separate interface on WLC for new Network or should I use dynamic interface. I want guest network to have only internet access. This is what my current setup and I want VLAN200 for Guests wireless.

WLC Management is connected to Cisco 3560 switch with trunk and dot1q configured

Port 2 to 4 are configured as access port for VLAN 100

VLAN 100 is for clients.

I want to know how I create another vlan for guest.

If you require further details please let me know.

Thanks

Labels:
0 Helpful
6 Replies 6

umar bhatti
Level 1
Level 1

‎07-16-2012 04:57 AM

I have created new WLAN(Guest Access) and i have created new interface on wlc with port 2. I also allowed new vlan on switch port i can see the new wireless network but its not getting IP address. I already created internal DHCP scope for this but still no luck.

One thing which could be causing it when i create new WLan in the properties 'Interface/interface group' only management is coming. I think the second interface should appear in here.

0 Helpful

Marco Gonzalez
Level 1
Level 1
In response to umar bhatti

‎07-16-2012 03:51 PM

What you have to do in order to configure a second SSID on your wireless network using a wireless LAN controller is create a dynamic interface on your controller and link it to the VLAN that you want. You just have to make sure that you link the interface to the same physical port on your controller because you should not use the WLC to switch packets between ports, so you should only have one connection between the WLC and the network.

Then you have to make sure that the VLAN exist on the switchport where the WLC is connected because here is where the traffic is going to be placed with the VLAN ID (tag) that you configure on the interface.

Once the interface is properly configured, you will be able to configure your new WLAN and select the interface that you want and that’s it.

Here is a link that explains all of this with more details and let you know how to configure this on your controller:

http://www.cisco.com/en/US/partner/tech/tk722/tk809/technologies_configuration_example09186a00805e7a24.shtml

Regarding the IP assignment, you have to make sure that the DHCP server is properly configured on the interface configuration and that the WLC is able to reach that server (you can test this by pinging the DHCP server from the controller itself) this is because by default the WLC is a DHCP rely agent and it will be the one asking for an IP address to the DHCP server. If you don’t want this behavior, or if you have devices that will not allow this behavior like a Cisco ASA then you have to just uncheck the “DHCP Proxy” option that you can find on the Controller tab > Advanced > DHCP.

Note: You cannot uncheck this option if you are using your WLC’s internal DHCP server.

I hope this information helps you.

0 Helpful

umar bhatti
Level 1
Level 1
In response to Marco Gonzalez

‎07-17-2012 12:54 AM

Dear Marco,

Thanks for the explanation. I will go through what you have advise and get back to you.

Thanks for your help

0 Helpful

umar bhatti
Level 1
Level 1
In response to umar bhatti

‎07-17-2012 01:00 AM

Hi Marco,

Some how i can't access the link you posted. Could be because of my access rights. Could you please attach it as pdf or doc file.

Thanks

0 Helpful

umar bhatti
Level 1
Level 1
In response to umar bhatti

‎07-17-2012 01:59 AM

Hi Marco,

This what is I've done but I can't ping from WLC to the dynamic interface DG. I can ping the interface IP from WLC or the switch. Not sure what i am doing wronge. This is what i've done.

Created new interface in Controller>New and set VLAN as 200

Physical Info

Port number 1

Interface Address

192.168.1.2

255.255.255.0

192.168.1.1

DHCP

192.168.1.1

Under Controller Interfaces new interface is coming as dynamic

Than i created internal DHCP scope

192.168.1.11

192.168.1.254

255.255.255.0

DROUTE: 192.168.1.1

After this i have created WLAN and selected new interface which created for WPA+WPA2 with PSK.

On Cisco 3560 Switch link between WLC and switch is configured as trunk. I also allowed VLAN 100 and 200 on this port. I have set vlan 200 ip address as 192.168.1.10 255.255.255.0 on switch.

From switch i can ping the dynamic interface IP but not the dhcp or default gateway address same as from the WLC.

Not sure what i am doing wronge. Please help

I am sure it should be ok to use two different class IP address as i am using radius for clients with range 10.

Thanks

0 Helpful

umar bhatti
Level 1
Level 1
In response to umar bhatti

‎07-17-2012 02:49 AM

works i have to set WLC mangement IP as the DHCP and all working fine now. Thanks for your help hope its the right way of doing it.

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card