04-16-2013 08:22 AM - edited 03-07-2019 12:51 PM
Hi, I am trying to set up a network that has 1 internet connection, requires a local LAN for the business, and another LAN for public wireless access. Here is what I have and details on what we want to do.
1- Cisco ISA570 Router no WIFI
1- SG500-52P switch
6 - WAP321 Access Points
We have the main LAN set up and all is working well, internet access, 6 WAP's connecting and all is working like a charm. Internal IP range is 192.168.0.0/24.
We have all 6 WAPs on the internal network, with 2 SSID's on each WAP and each SSID is assigned to a VLAN. One SSID is internal for staff, the other is for guest access for members. The internal staff wireless access is working fine.
We want the guests to be able to access the internet, but not the internal network, but we need to access them for administration from the internal network.
We created a second VLAN on the switch and added the 6 WAP ports to it as tagged for VLAN2. These 6 ports are also on VLAN1 (default). We have a second VLAN on the router, have it handing out DHCP addresses for the 192.168.25.0/24 range with DNS servers.
Where we are having trouble is with getting the guests wireless access to work. Guests can see the wireless, log onto the access point but that's it. They don't appear to get a 192.168.25.0/24 IP, or any IP actually, and thus cannot do anything.
Any ideas on what we are missing, what we have done wrong, or what we need to do to get this working?
Any assistance appreciated.
Wayne
04-21-2013 01:21 PM
Hello Wayne,
We created a second VLAN on the switch and added the 6 WAP ports to it as tagged for VLAN2. These 6 ports are also on VLAN1 (default). We have a second VLAN on the router, have it handing out DHCP addresses for the 192.168.25.0/24 range with DNS servers.
What do you mean that ports are in VLAN 2 and also VLAN 1. Are these ports configured as access or trunks?
Can you provide more details regarding configuration?
Best Regards
Please rate all helpful posts and close solved questions
04-30-2013 11:41 AM
Although not exactly the same issue, it's regarding the configuration of a SG500 and WAP321 along with an ISA550W.
The problem is that the WAP guest wireless won't connect to the Internet. I can't even ping that networks gateway. However, I can ping the other devices attached to that vlan.
Here is the basic configuration
ISA550W, Providing DHCP for VLAN 2
VLAN 1 192.168.1.1/24, Wireless SSID PRIVATE, LAN Zone on Firewall
VLAN 2 192.168.25.1/24, Wireless SSID GUEST, Guest Zone on Firewall
VLAN 100 10.10.1.1/24
SG500
VLAN 1 192.168.1.3/24
VLAN 2
VLAN 100
WAP321
VLAN 1 192.168.1.5/24 Wireless SSID PRIVATE
VLAN 2 Wireless SSID GUEST
VLAN 100
Wireless on VLAN 1 works as expected.
I can set an interface on the SG500 to vlan 2 and plug in my laptop to that port, get the appropriate DCHP assigned address and ping VLAN 2 gateway and out to the internet.
I can connect to the SSID GUEST on the WAP321, get the appropriate DCHP assigned address, but am unable to ping the VLAN 2 gateway or anything on the Internet.
I basically went through the startup wizard on the WAP321 to setup the VLAN 1 and VLAN 2 SSID's.
My guess is that it's not getting tagged with VLAN 2 for some reason.
Any help will be appreciated.
Bob
04-30-2013 12:38 PM
Hello Wayne!
Guests can see the wireless, log onto the access point but that's it. They don't appear to get a 192.168.25.0/24 IP, or any IP actually, and thus cannot do anything. -- This does suggest the AP and the switch are not connected
Also as Blau so rightly stated, can you post some configuration so we can obtain a better understanding as to this setup.
cheers
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
04-30-2013 01:28 PM
I called support and ended up being an issue with using the clustering. Although I had disabled clustering and the other APs were off, there was something in the configuration that caused it to not work. I used the reset button on numerous occassions but that didn't fix anything. It appeared to set it back to factory default.I had to use the Reboot to Factory defaults from the GUI twice to get it to the point that it could reconfigure and get it to work.
Thanks
05-01-2013 07:33 AM
Here's what we did to get it sorted, blau grana's post mentioning the trunk tagged versus access ports helped us sort it out.
:
- second vlan on router assigned to a port, has its own DHCP range assignment using DHCP on router
- Used trunked tagged vlan on router (not the other Vlan option)
- created 2nd vlan on switch
- tagged all ports on the switch, not just the ones the WAP's connected to
- virtual WAPs assigned to separate vlans in cluster.
We added other stuff like QoS but that was after we got it working using the above. We just used the default second vlan's that were on the devices.
What we had missed was the tagging all vlan ports on the switch and the trunked tagged vlan type.
Wayne
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide