Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
737
Views
4
Helpful
5
Replies

Setting up VLan questions

wayne-freeman
Level 1
Level 1

‎04-16-2013 08:22 AM - edited ‎03-07-2019 12:51 PM

Hi, I am trying to set up a network that has 1 internet connection, requires a local LAN for the business, and another LAN for public wireless access. Here is what I have and details on what we want to do.

1- Cisco ISA570 Router no WIFI

1- SG500-52P switch

6 - WAP321 Access Points

We have the main LAN set up and all is working well, internet access, 6 WAP's connecting and all is working like a charm. Internal IP range is 192.168.0.0/24.

We have all 6 WAPs on the internal network, with 2 SSID's on each WAP and each SSID is assigned to a VLAN. One SSID is internal for staff, the other is for guest access for members. The internal staff wireless access is working fine.

We want the guests to be able to access the internet, but not the internal network, but we need to access them for administration from the internal network.

We created a second VLAN on the switch and added the 6 WAP ports to it as tagged for VLAN2. These 6 ports are also on VLAN1 (default). We have a second VLAN on the router, have it handing out DHCP addresses for the 192.168.25.0/24 range with DNS servers.

Where we are having trouble is with getting the guests wireless access to work. Guests can see the wireless, log onto the access point but that's it. They don't appear to get a 192.168.25.0/24 IP, or any IP actually, and thus cannot do anything.

Any ideas on what we are missing, what we have done wrong, or what we need to do to get this working?

Any assistance appreciated.

Wayne

Labels:
0 Helpful
5 Replies 5

blau grana
Level 7
Level 7

‎04-21-2013 01:21 PM

Hello Wayne,

We created a second VLAN on the switch and added the 6 WAP ports to it as tagged for VLAN2. These 6 ports are also on VLAN1 (default). We have a second VLAN on the router, have it handing out DHCP addresses for the 192.168.25.0/24 range with DNS servers.

What do you mean that ports are in VLAN 2 and also VLAN 1. Are these ports configured as access or trunks?

Can you provide more details regarding configuration?

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

Robert Mueller
Level 1
Level 1
In response to blau grana

‎04-30-2013 11:41 AM

Although not exactly the same issue, it's regarding the configuration of a SG500 and WAP321 along with an ISA550W.

The problem is that the WAP guest wireless won't connect to the Internet. I can't even ping that networks gateway. However, I can ping the other devices attached to that vlan.

Here is the basic configuration

ISA550W, Providing DHCP for VLAN 2

VLAN 1 192.168.1.1/24,   Wireless SSID PRIVATE, LAN Zone on Firewall

VLAN 2 192.168.25.1/24,  Wireless SSID GUEST, Guest Zone on Firewall

VLAN 100 10.10.1.1/24

SG500

VLAN 1 192.168.1.3/24

VLAN 2

VLAN 100

WAP321

VLAN 1 192.168.1.5/24  Wireless SSID PRIVATE

VLAN 2  Wireless SSID GUEST

VLAN 100

Wireless on VLAN 1 works as expected.

I can set an interface on the SG500 to vlan 2 and plug in my laptop to that port, get the appropriate DCHP assigned address and ping VLAN 2 gateway and out to the internet.

I can connect to the SSID GUEST on the WAP321, get the appropriate DCHP assigned address, but am unable to ping the VLAN 2 gateway or anything on the Internet.

I basically went through the startup wizard on the WAP321 to setup the VLAN 1 and VLAN 2 SSID's.

My guess is that it's not getting tagged with VLAN 2 for some reason.

Any help will be appreciated.

Bob

0 Helpful

paul driver
VIP
VIP

‎04-30-2013 12:38 PM

Hello Wayne!

Guests can see the wireless, log onto the access point but that's it. They don't appear to get a 192.168.25.0/24 IP, or any IP actually, and thus cannot do anything. -- This does suggest the AP and the switch are not connected

Also as Blau so rightly stated, can you post some configuration so we can obtain a better understanding as to this setup.

cheers

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Robert Mueller
Level 1
Level 1
In response to paul driver

‎04-30-2013 01:28 PM

I called support and ended up being an issue with using the clustering.  Although I had disabled clustering and the other APs were off, there was  something in the configuration that caused it to not work. I used the  reset button on numerous occassions but that didn't fix anything. It  appeared to set it back to factory default.I had to use the Reboot to  Factory defaults from the GUI twice to get it to the point that it could  reconfigure and get it to work.

Thanks

0 Helpful

wayne-freeman
Level 1
Level 1

‎05-01-2013 07:33 AM

Here's what we did to get it sorted, blau grana's post mentioning the trunk tagged versus access ports helped us sort it out.
:

- second vlan on router assigned to a port, has its own DHCP range assignment using DHCP on router

- Used trunked tagged vlan on router (not the other Vlan option)

- created 2nd vlan on switch

- tagged all ports on the switch, not just the ones the WAP's connected to

- virtual WAPs assigned to separate vlans in cluster.

We added other stuff like QoS but that was after we got it working using the above. We just used the default second vlan's that were on the devices.

What we had missed was the tagging all vlan ports on the switch and the trunked tagged vlan type.

Wayne

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card