Re: Guest network and multiple VLANs

mvann · ‎12-27-2011

Hello all,

I have installed a pair of 5508 controllers in our network. One controller sits inside the network and APs are configured to associate with that controller. The second controller sits on a DMZ interface off the ASA. I have a guest network configured and it works great. I would like to configure additional guest networks at remote locations. Each guest WLAN will have it's own SSID. Is it possible to map all of these to the same VLAN? Or do I need a seperate VLAN and subnet for each SSID.

Thanks

Scott Fella · ‎12-27-2011

If the SSIDs will be different and you still want to tunnel back the guest traffic, you will need to create a new SSID on your internal and dmz so you can anchor the SSID. You can still place guest users on the same subnet in the dmz also.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

mvann · ‎12-27-2011

Scott,

Thanks for the reply. I have created different SSIDs and mapped them to the same VLAN. Everything looks good but I'm getting some strange behaviors on the new SSIDs. It appears that users don't authenticate but I've verified the credentials quite a few times. I wanted to make sure that you could map multiple SSIDs to the same VLAN before I continued troubleshooting.

Scott Fella · ‎12-27-2011

Yes you can... Double check to make sure your SSIDs match exactly between the inside and dmz wlc. Only thing different should be the interface.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

mvann · ‎12-27-2011

Scott,

Thanks again for the help. I'll go back and double check everything and post an update.

Scott Fella · ‎12-27-2011

You should also see the clients Mac address on the gust anchor.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

George Stefanick · ‎12-27-2011

To add to Scotts comment. Insure the new WLAN is anchored to the new WLAN DMZ as well.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

mvann · ‎12-28-2011

Scott, George,

Thanks for your input and support. Everything matches and is anchored properly. I changed the password to the new guest WLAN to a unique value and everything works. When the passwords match between two WLANs the second , or newer WLAN, doesn't authenticate clients. I am using WPA2+PSK. I expect this is a known limitation.

Scott Fella · ‎12-28-2011

Mark,

Each WLAN is its own so it doesn't matter if you use the same authentication or not. Why not leave the new ssid to open and test, start with the basic setting and then start adding. Just to recap, the guest ssids are different correct, but using the same authentication method.

-Scott
*** Please rate helpful posts ***

mvann · ‎12-28-2011

Scott,

It would make sense that all of the WLANs are unique but for some reason if I use the same password , or PSK, it doesn't work. If I change it by 1 character it works fine. I've tried this for two new WLANs, both with unique SSIDs, and the story is the same. :-(

Scott Fella · ‎12-28-2011

Interesting.... Shouldn't but it seems like you did your testing. If you are using the same pre shared key, why not just keep the WLAN SSID identical?

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

mvann · ‎12-28-2011

Scott, I may end up using a single SSID. Unique SSIDs sounded nice but now that I have run into this they sound like they are more trouble then they are worth. Thanks for all of your help!