I have two sites that I manage. The first has WLC-5508s connected to a 6500 via a dot1q trunk, and it behaves well. The second has a WLC-2504 connected directly to an ASA 5505.
The second site is limited by the ASA serving as the only layer 3 device. It serves as a firewall, IP/Sec endpoint, and DHCP server. Due to some limitations that evidentially occured before I got involved with the organization, things were done in a certain way, presumably on-the-cheap.
Site 1 has oodles of VLANs. Of particular importance are VLANs for Management, Internal Wireless, Guest Wireless, VoIP, and Printers/DHCP, and Desktop data. The initial approach with Site 2 was to mimic this organzation, but that came to a halt quickly. The non-Cisco phone solution did not support the phones trunking a data network, so all of the following types of traffic sere crammed into one network: Mgmt, Desktop, Printer/DHCP and VoIP.
I'm not attempting to get the 2504 configured to support wireless, and I'm attempting to isolate Internal Wireless and Guest Wireless on two separate VLANS,
The ASA has the Outside connection as E0/0, Inside as E0/1 VLAN 13 , Internal Wireless as E0/2- VLAN 15, and Guest Wireless as E0/3 - VLAN 16. The Inside interface containing traffic for all the following purposes on one VLAN: Management, VoIP, Print, & Desktop. All of the various equipment is attached to a series of L2 switches which is attached to the ASA's inside interface,
The WLC is connected to the ASA via ports 1 & 2, which are the management and Internal Wireless interfaces. Port 3 will eventually be used to home the Guest Wireless traffic,
I have DHCP Scopes set up on the ASA for VLANs 13, 15 and 16. As present, the Desktop users all get IPs for VLAN 13, which is in 172.20.147.0. Printers get static addresses in the same network, but not in this scope. Phones get dynamic IPs from a different scope on the same network.
At present, if I bring up the Internal Wireless up, I'm getting IPs for clients that are also in this scope, 172.20.147.0/24, but I'd prefer them to be in the 172.20.148.0/24 scope. This works, but isn't what I wanted. I've attempted to create scopes on the WLC as well, but I cannot seem to get the WLC to do anything other than to pass the DHCP Discover off to the ASA. In order to get this to work, I had to disable DHCP Proxy.
I've attempted to get the DHCP addresses locally from the WLC, but that doesn't seem to work at all. For this I've attempted to enable DHCP Proxy, and delete any references to the ASA. but that doesn't seem to work either.
I know that the DHCP server on the WLC is limited, but ideally, I'd be able to serve the two scopes for wireless users directly from the WLC instead of the ASA. Because the WLC 2504 and ASA 5505 are low end devices that may come into play as well.
My 5508s at the other site do hand out IPs via DHCP for wireless users, so I'd like to think I could get the 2504 to behave in the same way. The only difference is that the 5508 is connected via a single trunk, where the 2504 is connected to the ASA via physical interfaces, so that isn't really possible.
Any pointers would be appreciated. I can't experiment to much with the site's configuration but would ove to know what's going on.
