Re: Creating Multiple Vlan on Cisco 2504 Controller

okoroji80 · ‎12-25-2017

Dear Community Members.,

I have a requirement to setup multiple vlans and SSID on Cisco 2504 Controller as follows:

Vlan 10--- Staff

SSID---Staff

Vlan 20---- Management Staff

SSID--MGT

Vlan 30---- Guest/vendors

SSID---GUEST

For security reasons the Guest SSID is expected to go to the internet without being able to reach any of the server inside the internal network. whilst the MGT and Staff SSID can also visit the internet as well as the internal servers on the LAN.

how best can i archive this segmentation.

thanks

Scott Fella · ‎12-25-2017

I don’t know your experience with Cisco wireless but here is the simple way.
You trunk the vlans to your network, create an acl for your guest vlan on the L3 Interface to block traffic to internal subnet. That is pretty much it.
As far as the controller goes. Here is a doc to reference. You can find more by searching:
WLC multiple SSID
WLC multiple VLANs
https://www.cisco.com/c/en/us/td/docs/wireless/access_point/1300/12-3_7_JA/configuration/guide/brsc1237/b37ssid.pdf

-Scott
*** Please rate helpful posts ***

okoroji80 · ‎01-15-2018

Hello Scoott,

i have setup my config as stated in the topology however the Dynamic interfaces associated to the vlans are showing as disabled.

Moreso the Radios are not broacasting their SSID

okoroji80 · ‎12-25-2017

The document is focusing on Autonomous AP instead of the controller.

Scott Fella · ‎12-25-2017

Search google for the following:
Cisco WLC multiple SSID
Cisco WLC multiple vlans
Cisco WLC multiple dynamic interface
Cisco WLC 2504 getting started

You can also search the forum for answers. There are documents and videos on how to do this.

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎12-25-2017

Here is one to look at
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-vlan/70937-guest-internal-wlan.html

-Scott
*** Please rate helpful posts ***

okoroji80 · ‎01-15-2018

i have setup my config as stated in the topology however the Dynamic interfaces associated to the vlans are showing as disabled.

Moreso the Radios are not broacasting their SSID

Scott Fella · ‎01-15-2018

Post some screenshots so we can actually see what you are referring to.

-Scott
*** Please rate helpful posts ***

okoroji80 · ‎01-16-2018

Attached is the Pix with the WLAN Config

NelsonGuedes · ‎12-28-2017

Hello,

You have two solutions:

1 - You can create a L3 VLAN Guest, on your switch and pass on the trunk to the WLC.

Dont forget to pass this vlan in the AP´s switch ports.

2 - You can use one of the WLC ports only for guest and plug in the router(if your ISP router is a professional one and not home based), and request your ISP to use the same WAN link for Guest and configure internal DHCP on the ISP router.

You have to create a dummy or private Vlan for this.

Hope it helps.