Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
672
Views
0
Helpful
2
Replies

Guest Network redesign - Anchor WLC removal

grochowskir
Level 1
Level 1

‎11-05-2015 01:09 PM - edited ‎07-05-2021 04:11 AM

Hi,

Due to various reasons, I've been asked to limit the number of wireless controllers in our infrastructure from 4 (2 on the  LAN side and 2 in the DMZ) to 2. I am considering removing the DMZ controllers which are currently serving Open Guest Wifi traffic. To the best of my understanding, this involves the following:

-creation of the guest VLAN intended for guest traffic on our LAN access layer switches and collapsed core switches and its addition on the trunks

-creation of an interface on the WLC for the guest VLAN

-addition of the guest VLAN to the trunk leading to the WLC

-creation of the wifi guest WLAN utilizing the newly created guest network interface on the WLC

-creation of an interface on our Sonicwall appliance to which the guest VLAN would be connected to. This interface would belong to the DMZ zone, thus isolating LAN traffic from the guest wifi traffic. This interface would also serve as a gateway for this guest VLAN.

-creation of the DHCP scope for the guest VLAN traffic. This could be done on the WLC or the Sonicwall. I've tried both methods.

Here are the two scenarios and issues that i am facing:

1. DHCP on the Sonicwall

A. via physical wire

A host is connected to a port in the guest vlan via physical wire on the L2 switch. It is able to obtain an IP address via DHCP, ping the gateway (sonicwall interface), ping other wired hosts on the same subnet and browse the web. I can't however, ping the WLCs interface assigned to this guest VLAN.

B. via Wifi

The wireless client is able to connect to the guest Wifi network but is unable obtain an IP address from the Sonicwall. Ultimately, the wireless client ends up with a self assigned IP address 169.x.x.x. Tried adding an address manually to the wireless interface just to eliminate a possible DHCP issue, however, the client still couldn't ping the gateway interface on the Sonicwall nor any other client within the guest VLAN as well as the WLCs interface in the guest VLAN.

2. DHCP on the WLC

A. via physical wire

A host is connected to a port in the guest vlan via physical wire on the L2 switch. It is unable to obtain an IP address via DHCP and ends up with a self-assigned IP address. Tried adding an IP address manually just to eliminate a possible DHCP issue and the client was able to ping the gateway interface on the Sonicwall and any other wired host within this same VLAN as well as access the Internet. Still unable to ping the WLCs interface in the guest VLAN.

B. via Wifi

The wireless client is able to connect to the guest Wifi network and it obtains an IP address from the WLC. It can't, however, access the Internet, nor ping any other wired host on the guest vlan. It can ping the WLC interface that is assigned to the guest VLAN and other wifi hosts within this same guest network.

The WLC can't ping the Sonicwall gateway nor any other host on the guest vlan in either scenario. The LAN WLC is connected directly to the core switch.

Can someone please point me towards the right direction here? I am attaching diagrams with current and proposed network layouts. Thank you in advance.

Labels:
Preview file
866 KB
Preview file
1021 KB
0 Helpful
2 Replies 2

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎11-06-2015 11:47 AM

if you want to use the SonicWall as the DHCP server, you need to disable DHCP proxy on the WLC.

HTH,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

grochowskir
Level 1
Level 1
In response to Stephen Rodriguez

‎11-06-2015 12:12 PM

Thanks Stephen. However, i still can't ping the WLC's interface in the guest vlan and vice versa. I can ping any other host in this vlan. The vlan has been added to the trunk connecting the WLC with the Core switch. Somehow this interface is being isolated as it were on the LAN side. DHCP isn't the issue here. I have the guest vlan added on all access layer switches as well as core switches. I have added it to all required trunks as well. I can ping the sonciwall interface and other hosts in this vlan except the interface on WLC. Thanks.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card