03-29-2023 01:13 AM
I have a question about the configuration of the WLC and DHCP server to distribute 2 WLANs. Once it
should be the internal WLAN and once a separate guest WLAN.
The internal WLAN is already working, but when I connect to the external guest WLAN, I don't get a
DHCP address. So I think I have to change something in the configuration so that guests who go to
the guest WLAN can also access the Internet from there without having access to the internal network.
So currently I have the following configuration:
- Sophos Fw (DHCP server internal LAN/WLAN, 2nd DHCP range for guest WLAN)
- WLC 2504 connected to the Sophos Fw
- Cisco 3560 switch (without configuration) connected to the Sophos Fw
- AP 3802I connected to the Cisco 3560 switch.
On the WLC, I have the management interface which is set with VLAN 0 for the first WLAN (internal)
and then another interface guest-wlan (VAN 10) which is assigned to the guest WLAN.
I can connect to the internal WLAN and then also get an IP and have access to the Internet.
I can also connect to the guest WLAN, but then I only get an IPIPA address.
Can someone help me how I can set the configuration so that not only internal users, but also the
guest WLAN can access the Internet.
Hope you can help me. If you need any more information, please just ask
Oh yeah, I'm not CCNA Wireless and I'm trying to read it there, but I'm a native German speaker.
03-29-2023 01:41 AM
but when I connect to the external guest WLAN, I don't get a DHCP address. So I think I have to change something in the configuration so that guests who go to the guest WLAN can also access the Internet from there without having access to the internal network.
Depends on where the DHCP Server hosted, ( you need to run debug and see where in the path Lost ?)
Look at the guest flows for DHCP :
***** Rate All Helpful Responses *****
03-29-2023 01:52 AM
the DHCP server is on the Sophos, there is a pool for the internal LAN/internal WLAN
and a second pool that is supposed to be for the guest WLAN.
03-29-2023 02:12 AM
I'm not CCNA Wireless, so I don't have much experience there. However, I
would have open questions about understanding the structure of the WLANs.
If I create 2 WLANs on the WLC and set both without VLAN, does the switch
port into which the AP is plugged in have to be configured as a trunk port or
03-29-2023 08:29 AM
If you want to have multiple vlans and the ap is in FlexConnect local switching, then yes you need a trunk. If the ap is in local mode, in which traffic is tunnel back to the controller, then the controller has to be on a trunk port.
I think maybe you are better off connecting the controller to the switch and not the FW. That might be a problem especially if you have DHCP proxy enabled on the controller.
Trunk the switch to the FW and make sure that all the vlans work fine by testing with a wired laptop. Connect the controller and ap to the switch. The controller will be in local mode so that should be on a trunk port with the naive vlan that of the controller management port. The ap is on a access port since it will send all the traffic to the controller.
Take a look at some deployment guides for the 2504 or AireOS controllers. You will see various ways to deploy that appliance in your network.
03-29-2023 11:10 PM
Hi Scott Fella,
Thank you for your quick response. So currently the WLC is connected to the
firewall. And the configuration is currently so that a WLAN is provided internally
without a VLAN ID (VLAN 0). I now wanted to provide the guest WLAN with a
VLAN ID (VLAN 10) in order to separate the guests from the internal network.
Now my question for you and the others:
1. If I connect another interface of the WLC (interface 2) to the firewall and then
give this interface an IP (192.168.202.10) from the 2nd network on the WLC
(e.g. 192.168.200.0/23 = internal network, 192.168.202.0 /23 = guest network).
Would it then work if the firewall gave the guests an IP from the guest network?
Oh yes, I don't have the DHCP proxy active, do I have to activate it and where
can I read something understandable about how to activate and use it.
Looking forward to your answers.
03-29-2023 03:33 PM
As Scott said and "Cisco 3560 switch (without configuration)" - you will almost definitely need to configure vlans and trunk ports on your switch!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: