The map is connected to a unmanaged switch at the moment. That is its intended setup as i have a couple of wired devices on that end that I would like to communicate back to my network at the house (Which is about 20ft away) over wireless if possible. When I have kept it at the default which I believe is vlan 0, it will still show a disconnected status and none of the wired traffic is accessible from the opposite end. All of the devices on the map side are statically assigned IPs in the 251 network. If I leave both ends set to the default of vlan 0, the rap ethernet port always shows as online, and the map is always offline (Unless I physically bring it back to the house and plug it into my layer 2 switch).
... View more
I am trying to create a wireless mesh between my house & my garage. The good news is the MAP (Garage AP), can see the RAP (Basement AP) & I have devices connecting wirelessly in the garage.
The new issue is I have some wired devices that I would like to plug into the map to go over the bridge via an unmanaged 5port switch. I enabled Ethernet bridging on both APs and assumed that would be all. It appears not. I went and added vlan 251 on both interfaces, as that is the network I want these devices to connect to in the garage. The RAP does have a trunk interface configured on the layer 3 switch for vlan 251(SSID #3), and vlan 3 (SSID #1) & vlan 250 (SSID #2).
I attached screen a screen shot of my MAP (DnelGarage) & my RAP (DnelBasement) as well as the mesh section. If anyone could provide suggestions that would be great.
... View more
I am experiencing a slight issue that for whatever reason I can't seem to figure out. I have 5 Vlans Vlan 1 192.168.1.0 Network Management network Vlan 2 192.168.2.0 PC Network Vlan 3 192.168.3.0 Wireless Network Vlan 4 192.168.4.0 Network 2 Vlan 250 192.168.250.0 Guest Wifi 192.168.1.2 is my management IP, 192.1681.1 is assigned to my asa5505 for all vlans to access to get out to the Internet. All but my uplink port (10) are set as access ports going to my layer 2 switch and assigned with 1 untagged vlan for that specific port ( Port 3 is on Vlan 3 for my wireless controller). When I am on the wireless network I am able to ping users on any of the vlans. I would like to be able to do the following: Deny 192.168.250.0 from seeing all of the vlans (Except 1 for Internet) Deny 192.168.4.0 from seeing all of the vlans (Except 1 for Internet) Allow 192.168.3.0 & 192.168 2.0 access to each other but not see Vlan 4 or Vlan 250. I tried to do a ACL called Deny Guest Vlan, and created a ACE to deny Source IP 192.168.250.0 wildcard 0.0.0.0 Destination 192.168.3.0 0.0.0.0 but on the 192.168.250.0 I lost my internet access and was unable to ping 192.168.250.1 Im not sure if I am in the right area or not for denying this access. I am currently running firmware 220.127.116.11 Thank you, Don
... View more
Hi, So here is my current setup & I am going to type this out as best as I can. I have a modem from my ISP (1 ethernet port) that is running on DHCP & a Cisco Asa5505 that is currently doing DHCP for my devices hooked up to my layer 2 switch on the 192.168.1.x subnet & a cheap WAP just doing internal wifi. I recently purchased a SG300-10P as certain circumstances were going to require me to hook up a 2nd ASA and was going to need a 2nd port to the outside world for work (They were going to give me a WAP & IP Phone). Things have changed & I currently not sure where to go from here as far as hooking everything up & Im fairly new to networking. I converted the switch to Layer3 and the latest firmware. I have setup multiple Vlans on the switch & DHCP for each Vlan. 192.168.2.0 PC Network 192.168.3.0 Server Network 192.168.4.0 Wireless Network 192.168.5.0 Guest Wifi Network I setup Port 10 as an uplink for the Layer 2 switch to allow Vlans 2,3,4. I still have to configure the layer 2 switch with the Vlan information so I can tag ports to get the right IP Addresses. I have Port 3 setup as a trunk for Vlan 4 & 5 (I have to configure the WAP later on which is fairly easy). Here is where I am stuck: Currently my SG300-10P is setup with an IP of 192.168.1.x Would it make more sense to have the ASA as my router connecting between the Modem and the SG300-10P on the 192.168.1.x network, or would I be better off having the modem plugged into the SG300-10P then have the ASA on one of the ports? Someday I would like to be able to use my 5505 so I can VPN into my network (A whole different ball of wax for another weekend). I would like to have all of the networks have Internet Access. I want to restrict the the guest wifi network from seeing the other networks other than Internet. I think that pretty much covers it and just want to make sure I get the routes configured right and everything hooked up properly. Any help or suggestions are appreciated. I'd like to make it as easy as possible with the best solution for expandability if work decides to give me another Asa again. Thank you, Don
... View more