wireless- Guest and user vlan

Platform: - Cisco 1100 and 1200 wireless access point, Cisco IOS, Cisco 6509
Keywords: - configuring wireless and guest vlans for wireless networks
Author: - Dinesh Aggarwal

Switch setup

Guest vlan: -600
User vlan: 129
Guest vlan will be with no DHCP configured. We will use manual IP addresses (For testing only)

Configuration on core switches 6500 MSFC: -


6509_sw3#conf t
interface Vlan600
 ip address
 ip access-group wlan in
conf t
interface Vlan129
 ip address
 ip broadcast-address
 ip helper-address ( This is ip address of DHCP server)

ip access-list extended wlan
 permit tcp any any eq www
 permit tcp any any eq 443
 permit tcp any any eq domain
 permit udp any any eq domain

 logging trap notifications

(Above is just a sample ACL, we need to modify it as per actual requirements, here we have allowed only http access from guest vlan)

Make 600 vlan on layer 2 and see if it is allowed on all the trunks and create these vlan in all the intermediate switches.

Configuration on switch connected to AP.

hostname Switch
enable secret 5 $1$HMVx$24CqVWoHJ80/W2DwPdQuM0
ip subnet-zero
vtp domain eng
vtp mode transparent
vlan 129!
vlan 600
spanning-tree extend system-id
no spanning-tree vlan 129
interface FastEthernet0/1
 description TO testSW003 GI6/8
 switchport trunk native vlan 129
 switchport mode dynamic auto
 no ip address
 duplex full
 speed 100
interface FastEthernet0/2
 description AP
switchport trunk native vlan 129
 switchport mode trunk
 no ip address

(The port connected to AP need to be a trunk port with 129 as native vlan so that we can use 129-vlan addresses as management address on AP and user vlan, to travel multi vlan info we need trunk on the switch)
interface Vlan129
 ip address
 no ip route-cache
ip default-gateway
ip http server’

Configuration on AP

Guest and user vlan


Make this vlan 129 as native vlan

Guest and user vlan


Configure the settings for that vlan like LEAP etc

Guest and user vlan


Associate the SSID with vlan

Guest and user vlan


To see that all the settings are Fine.

Similarly add vlan 600 and associate it with guest SSID

Guest and user vlan


Don’t make 600 as native vlan. You can have only one vlan as native

Guest and user vlan


Guest and user vlan


If you have any suggestions or want to add more to this article do write us an email articles@knowurtech.com

What Next?

If you liked this article, you can share it with others using the following link:

Related Content :