Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WLC2504 setup on single subnet

We setup the mgmt interface of the WLC2504 on the subnet (10.1.1.0/24) with Cisco ASA 5505 to the internet. Can we create 2 WLANs on 2 different IP subnets (10.1.10.0/24) for internal users and (192.168.100.0/24) for guest without layer 3 routing?

5 REPLIES
Hall of Fame Super Silver

WLC2504 setup on single subnet

The WLC will not do any type of routing.  So without L3 routing, the WLC will place the traffic to the ports you specify on the WLC.  For example, if your managment is on port 1 and that has internet, then if you assign an ssid to map to the managment interface, thoses device will have internet access.  If you specify port 2 for internal user and port 3 for guest, they will be isolated subnets since you don't have L3.

-Scott
*** Please rate helpful posts ***
New Member

WLC2504 setup on single subnet

Thanks Scott. I think I can map the internal user wlan to port 1 for internet access?

What's your recommendation to give internet access to guest and isolate from internal user?

Create a guest VLAN on ASA5505 for guest? Replace L2 switch with L3 switch?

Hall of Fame Super Silver

Re: WLC2504 setup on single subnet

Your best bet is to use a L3 switch, create your vlans/subnets for your wireless and wired. Then you can create an acl preventing the guest subnet to access your internal subnet. You can use the wlc to provide dhcp for the guest wireless. And use an internal dhcp for your internal users.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

WLC2504 setup on single subnet

The guest subnet will route thru the internal to get to the internet because the inside interface of the ASA is on the internal network where WLC management interface resides. Maybe the acl can be setup to allow the guest to the ASA interface only.

Hall of Fame Super Silver

Re: WLC2504 setup on single subnet

Correct.... That will need to be created to prevent he guest from accessing the other internal networks.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
420
Views
0
Helpful
5
Replies
CreatePlease login to create content