wireless- Guest and user vlan

Platform: - Cisco 1100 and 1200 wireless access point, Cisco IOS, Cisco 6509
Keywords: - configuring wireless and guest vlans for wireless networks
Author: - Dinesh Aggarwal

Switch setup

Guest vlan: -600
User vlan: 129
Guest vlan will be 10.203.152.1 with no DHCP configured. We will use manual IP addresses (For testing only)

Configuration on core switches 6500 MSFC: -

 

6509_sw3#conf t
interface Vlan600
 ip address 10.203.152.1 255.255.255.0
 ip access-group wlan in
end
conf t
interface Vlan129
 ip address 10.203.129.1 255.255.255.192
 ip broadcast-address 10.203.129.63
 ip helper-address 172.16.32.36 ( This is ip address of DHCP server)
end

ip access-list extended wlan
 permit tcp any any eq www
 permit tcp any any eq 443
 permit tcp any any eq domain
 permit udp any any eq domain

 logging trap notifications

(Above is just a sample ACL, we need to modify it as per actual requirements, here we have allowed only http access from guest vlan)

Make 600 vlan on layer 2 and see if it is allowed on all the trunks and create these vlan in all the intermediate switches.

Configuration on switch connected to AP.

hostname Switch
!
enable secret 5 $1$HMVx$24CqVWoHJ80/W2DwPdQuM0
!
ip subnet-zero
vtp domain eng
vtp mode transparent
!
vlan 129!
vlan 600
!
!
spanning-tree extend system-id
no spanning-tree vlan 129
!
interface FastEthernet0/1
 description TO testSW003 GI6/8
 switchport trunk native vlan 129
 switchport mode dynamic auto
 no ip address
 duplex full
 speed 100
!
interface FastEthernet0/2
 description AP
switchport trunk native vlan 129
 switchport mode trunk
 no ip address

(The port connected to AP need to be a trunk port with 129 as native vlan so that we can use 129-vlan addresses as management address on AP and user vlan, to travel multi vlan info we need trunk on the switch)
interface Vlan129
 ip address 10.203.129.57 255.255.255.192
 no ip route-cache
!
ip default-gateway 10.203.129.1
ip http server’

Configuration on AP

Guest and user vlan

Fig-1

Make this vlan 129 as native vlan

Guest and user vlan

Fig-2


Configure the settings for that vlan like LEAP etc

Guest and user vlan

Fig-3


Associate the SSID with vlan

Guest and user vlan

Fig-4

To see that all the settings are Fine.

Similarly add vlan 600 and associate it with guest SSID

Guest and user vlan

Fig-5

Don’t make 600 as native vlan. You can have only one vlan as native

Guest and user vlan

Fig-6

Guest and user vlan

Fig-7

If you have any suggestions or want to add more to this article do write us an email articles@knowurtech.com

What Next?


If you liked this article, you can share it with others using the following link:


Related Content :