Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

AsA 5505 / 871W with multiple SSID

Hi all,

I'm pretty new to Cisco (I'm more of a server/storage guy) but I'm trying to learn. I've got a Cisco ASA 5505 with Security Plus licence connected to a cisco 871W ISR with Advanced IP Services.

What I'm trying to achieve with the config below is basically this...

Internet connected to ASA Ethernet0/0.
871W FastEthernet4 connected to ASA Ethernet0/1.

871W presenting multiple SSID's (871Home and 871Work) each on a different VLAN and trunked up to a different interface on the ASA. The ASA doing all the DHCP assignments, etc.

I think I'm getting a little confused with the whole IRB concept, and also having an "Infrastructure VLAN". I also don't think I needed to setup an SSID for the Infrastructure VLAN.

As you can see from the config below, the ASA inside interface is on 192.168.1.1 and the BVI on the 871W is 192.168.1.2 Now I can ping between these devices, but when I connect to 871Home I don't get a 192.168.10.10-20 IP address which is what I was expecting the ASA to lease to me.

This all in preparation for me setting up a site to site VPN on the 871Work interface (ironically, that bit I think I can do!)

So I guess I could use some help in understanding what the correct config is, and why that is the case. Hope someone can help. Thanks in advance!

Cheers,

networknewbie.

Abbreviated ASA config:

!
interface Vlan1
description Inside Interface
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
description Outside Interface
nameif outside
security-level 0
ip address dhcp setroute
!
interface Vlan10
nameif 871Home
security-level 99
ip address 192.168.10.1 255.255.255.0
!
interface Vlan11
nameif 871Work
security-level 70
ip address 192.168.11.1 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
switchport trunk allowed vlan 1,10-11
switchport trunk native vlan 1
switchport mode trunk
!
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
!
dhcpd auto_config outside
!
dhcpd address 192.168.1.10-192.168.1.20 inside
dhcpd enable inside
!
dhcpd address 192.168.10.10-192.168.10.20 871Home
dhcpd enable 871Home
!
dhcpd address 192.168.11.10-192.168.11.20 871Work
dhcpd auto_config outside interface 871Work
dhcpd enable 871Work
!

Abbreviated 871W running-config:

dot11 syslog
!
dot11 ssid 871Home
   vlan 10
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 0 <password removed>
!
dot11 ssid 871Inf
   vlan 1
   authentication open
   authentication key-management wpa
   infrastructure-ssid
   wpa-psk ascii 0 <password removed>
!
dot11 ssid 871Work
   vlan 11
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 0 <password removed>
!
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
bridge irb
!
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface FastEthernet4.1
encapsulation dot1Q 1 native
bridge-group 1
!
interface FastEthernet4.10
encapsulation dot1Q 10
bridge-group 10
bridge-group 10 spanning-disabled
!
interface FastEthernet4.11
encapsulation dot1Q 11
bridge-group 11
bridge-group 11 spanning-disabled
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 10 mode ciphers aes-ccm
!
encryption vlan 11 mode ciphers aes-ccm
!
ssid 871Home
!
ssid 871Inf
!
ssid 871Work
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.10
encapsulation dot1Q 10
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!
interface Dot11Radio0.11
encapsulation dot1Q 11
bridge-group 11
bridge-group 11 subscriber-loop-control
bridge-group 11 spanning-disabled
bridge-group 11 block-unknown-source
no bridge-group 11 source-learning
no bridge-group 11 unicast-flooding
!
!
interface BVI1
ip address 192.168.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
!
bridge 1 protocol ieee
!

1305
Views
0
Helpful
0
Replies
CreatePlease to create content