Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
475
Views
0
Helpful
2
Replies

2 subnets on one VLAN

estein9077
Level 1
Level 1

‎05-24-2013 06:17 AM - edited ‎03-07-2019 01:32 PM

Every time I try this our wireless AP controller goes down and our wireless bridge goes down.

Here is what I have;

  Cisco 2100 Series Wireless Lan Manager with 6 access points for our two wireless networks.

  Cisco Aironet 1300 Wireless bridge for our bridge to our second building.

  Cisco ASA 5515 for our firewall

  Cisco 3560's for most of our switches

  Cisco 2960's for a couple of switches

Here is exactly what I am trying;

I have configured 2 ports with different IP's on our ASA and connected them to our main switch (one for employees and one for customers).  I have configured the VLAN on our main switch with two IP addresses.

I configured a laptop with an IP address that uses the second ASA connection as its default gateway.

Within minutes of connecting the laptop, the wireless connections start dropping off.

My question is; What can be causing this?

This is the situation I am trying to solve.  We wan't to separate customer computers and personal employee devices from our corporate network.  There is no way to physically separate them as customers and employees move around too much in the building and will plug into the same jack at different times. 

A few things I have looked at and discarded as solutions.

  Statically configuring a port for a specific VLAN - As referenced above, this is not administratively possible.

  Dynamically assigning a VLAN - From what I understand this has an upper limit of 20 devices per port and we can easily exceed this.  I am also unsure of how this handles 2 devices on the same port that need to be on different VLANs.

  802.1x with a radius server - the problem with this is that, on a daily basis, we don't know what kind of device is be connected and whether or not it will work on our network.  (we are a testing company and have devices connect that are not fully configured and may not like 802.1x very much).

What I have decided to do;

  I want to have two subnets using the same VLAN that do not need to talk to each other.  I understand that anyone with a packet sniffer could figure out the IP scheme of the other subnet and change their IP to get to the other network but this is a risk we can deal with.

Sorry for the long post but I want to make sure all information is being presented up front.

Eric

Labels:
0 Helpful
2 Replies 2

estein9077
Level 1
Level 1

‎05-25-2013 07:06 AM

Does anyone need more info before having any response?

0 Helpful

Jeff Van Houten
Level 5
Level 5

‎05-25-2013 07:39 AM

Customers and employees move around and plug into the same jack at different times....

That's a job for 802.1x, acs, and/or ise.

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents