Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

New wireless setup

I have a project to setup wireless internet for guests and employees and i am new to this i have the following questions

Hardware we Have

  • Wireless lan controller AIR-CT2504-25-K9 (Cisco 2500 series)
  • Cisco Aironet 1600 series wireless access points (Antenna type 1600e)

1) Do we need to setup two interfaces (one is for internal and another external(internet VLAN) on wireless controller to provide internet connectivity

2) If i want to restrict users to access only specific ports(80,443,25 etc) through wireless how do i do this?

Can some one help me understanding the proper solution for this

Thanks for your help

 

  • Security and Network Management
6 REPLIES

Refer the configuration guide

Refer the configuration guide and go through scenario 1 , where WLC- SW--AP , for Internet access you have to have a live internet wire from modem termination on switch. Inorder to restrict users based on ports, you can use ACL in WLC. refer config guide

 

http://www.cisco.com/c/en/us/support/docs/wireless/2500-series-wireless-controllers/113034-2500-deploy-guide-00.html

New Member

Thans for your reply and we

Thans for your reply and we have already internet connection coming to switch with different vlan so i have to configure same internet vlan to AP connection to switch is it correct.Sorry i am new to this so trying to understand

VIP Purple

You can create a vlan for WLC

You can create a vlan for WLC management and AP.(try to keep on same subnet).

in my example 50 is the vlan for management.

WLC connected swicth port config:

interface GigabitEthernet0/1
description *** Cisco WLC ***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 50,60
switchport mode trunk
no shutdown

AP connected switch port config:

interface GigabitEthernet1/0/22
description *** Access Port ***
switchport access vlan 50
switchport mode access
no shutdown

 

Check more thing here:

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/69719-wlc-lwap-config.html

 

Regards

Dont forget to rate helpful posts

Hall of Fame Super Gold

Just want to let you know

Just want to let you know that the AP model you've chosen, 1600E, does NOT include an antenna.  
"E" stands for external.  

 

Make sure you order the AP with the correct regulatory domain.  Go here and refer to Table 1.  Make sure your WLC is loaded with 7.4.100.X to be able to support the specific model of AP.

Hall of Fame Super Gold

1) Do we need to setup two

1) Do we need to setup two interfaces (one is for internal and another external(internet VLAN) on wireless controller to provide internet connectivity

Yes, you can do this.  You need to create to Dynamic VLANs.  Each Dynamic VLANs are mapped to the specific port.  For instance, Guest Dynamic Interface is mapped to port 2.  Corp Dynamic Interface is mapped to port 1.  

 

Then you create two SSID:  The Guest SSID is mapped to the Guest Dynamic VLAN and the Corp SSID is mapped to the Corp Dynamic Interface.  

 

Make sure you specify the DHCP server IP address.  

Hall of Fame Super Gold

2) If i want to restrict

2) If i want to restrict users to access only specific ports(80,443,25 etc) through wireless how do i do this?

I wouldn't recommend you any ACL on the WLC.  Wherever you host the Default Gateway of the subnet, that's where you stick the ACL.  

 

Because you've got guest, you may also want to consider putting a time-based ACL in the same place.  This way, for instance, the SSID is inoperative outside business hours (like weekends).

87
Views
0
Helpful
6
Replies
This widget could not be displayed.