Switch setup

Guest vlan: -600
User vlan: 129
Guest vlan will be with no DHCP configured. We will use manual IP addresses (For testing only)

Configuration on core switches 6500 MSFC: -


6509_sw3#conf t
interface Vlan600
 ip address
 ip access-group wlan in
conf t
interface Vlan129
 ip address
 ip broadcast-address
 ip helper-address ( This is ip address of DHCP server)

ip access-list extended wlan
 permit tcp any any eq www
 permit tcp any any eq 443
 permit tcp any any eq domain
 permit udp any any eq domain

 logging trap notifications

(Above is just a sample ACL, we need to modify it as per actual requirements, here we have allowed only http access from guest vlan)

Make 600 vlan on layer 2 and see if it is allowed on all the trunks and create these vlan in all the intermediate switches.

Configuration on switch connected to AP.

hostname Switch
enable secret 5 $1$HMVx$24CqVWoHJ80/W2DwPdQuM0
ip subnet-zero
vtp domain eng
vtp mode transparent
vlan 129!
vlan 600
spanning-tree extend system-id
no spanning-tree vlan 129
interface FastEthernet0/1
 description TO testSW003 GI6/8
 switchport trunk native vlan 129
 switchport mode dynamic auto
 no ip address
 duplex full
 speed 100
interface FastEthernet0/2
 description AP
switchport trunk native vlan 129
 switchport mode trunk
 no ip address

(The port connected to AP need to be a trunk port with 129 as native vlan so that we can use 129-vlan addresses as management address on AP and user vlan, to travel multi vlan info we need trunk on the switch)
interface Vlan129
 ip address
 no ip route-cache
ip default-gateway
ip http server’

Configuration on AP

Make this vlan 129 as native vlan

Configure the settings for that vlan like LEAP etc

Associate the SSID with vlan

To see that all the settings are Fine.

Similarly add vlan 600 and associate it with guest SSID

Don’t make 600 as native vlan. You can have only one vlan as native

