We have a running WCL 2106 with 6 LAPs, and since now we have been using just 1 WLAN which worked ok. We want to split into more WLAN, each one with a different network segment, but only using the internal DHCP server. While defining a new dhcp scope in the internal server is possible, we assume it's necessary to create virtual interfaces to route the traffic out of the controller, but the same physical port cannot be use and it requires a VLAN tag. Is it possible to use VLAN tagging per WLAN only on the controller (meaning that the management interface will route all traffic out)? Thanks
... View more
Hi, We want to use an ASA as a pure routing device. Our network has several internal subnets (10.1.x.0/24), and we want to be able to reach them from outside and to allow access between them. We have a defined a VLAN for each subnet range with the same security-level, added it to an Ethernet port and made the Ethernet that acts as outside as a trunk, and defined it as the global routing. We cannot ping any of the subnet IPs defined in the ASA from outside nor we can ping it from the internal IP addresses. Any hint? Thanks! Configuration: : Saved : ASA Version 8.2(1) ! hostname ciscoasa enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address 192.168.254.100 255.255.255.0 ! interface Vlan3 nameif fujairah security-level 0 ip address 10.1.12.254 255.255.255.0 ! interface Vlan4 nameif uaq security-level 0 ip address 10.1.13.254 255.255.255.0 ! interface Vlan10 no nameif no security-level no ip address ! interface Ethernet0/0 switchport access vlan 2 switchport mode trunk ! interface Ethernet0/1 switchport access vlan 3 ! interface Ethernet0/2 switchport access vlan 4 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! ftp mode passive same-security-traffic permit inter-interface pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 mtu fujairah 1500 mtu uaq 1500 no failover icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 global (outside) 1 interface timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 telnet timeout 5 ssh timeout 5 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ! ! prompt hostname context Cryptochecksum:eddbd834c3fc53652e4d56706b1d0915 : end Thanks!
... View more