02-11-2012 09:31 AM - edited 03-04-2019 03:13 PM
I am running a /24 network in Active Directory with my ASA acting as gateway and firewall. Standard interfaces (Ethernet 0/0 as outside, Ethernet 0/1 as inside)
As of now I have no VLans set up, but I need to setup wireless Internet access for guests... I need directions on how to setup a Vlan with its on DHCP for these aguests... I can then make sure that my APs can be pointed to the same VLAN... I am not familiar with CLI, have generally used ASDM. I am currently running ASDM 6.3(1) on an ASA with version 8.3(1).
This is something I need to do quickly as we are expecting 20-40 "guests" shortly, and I don't want them to use our internal DHCP server addresses.
Thanks
Stephan
02-11-2012 11:12 AM
Hi Stephan,
You would have to create sub-interfaces on the ASA inside port to accomodate both the LAN as well as guest vlan but do keep in mind that it MIGHT involve a downtime and make sure you are CONSOLED into the ASA as you'd be making changes on the inside interface itself.
Check this document for Sub-interface creation on the ASA using CLI:
https://learningnetwork.cisco.com/thread/10502
After this follwoing tasks need to be completed:
- You'd have to enable NAT for the new VLAN
- Enable DHCP for this new vlan and both of this can be accomplished using ASDM
- Make the port on the switch connected to the ASA as Trunk
- Create this new vlan on the switch where the AP is connected
Hope it helps
Neeraj
02-12-2012 05:46 AM
Hi Stephan,
You may want to use one of the avilable ports on 5510 and create DMZ, unless you want to create a inside Vlan for guests.
AP can point to DMZ and AP also should be able to act as DHCP (if not ASA/DMZ can be your DHCP server for clients). Configure ASA to 'nat (DMZ,Outside)' and use public DNS servers for the guests.
hth
MS
02-12-2012 07:55 PM
Google "cisco smart business architecture"
Design/Configuration guides for everything you need.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: