Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1023
Views
0
Helpful
4
Replies

WAP4410N on a 3750G

netguyz08
Level 1
Level 1

‎10-19-2010 03:45 PM - edited ‎07-03-2021 07:18 PM

Just setup a WAP4410N with two SSID's - one for guest and one for corporate side. Both are segregated by VLANs, however, I don't already have a guest VLAN defined, so I created one (VLAN 20).

However, this little WAP is hanging off a higher end Cisco 3750G switch, and it looks like I need to do a bit of config to actually ensure it provides proper Guest WiFi.

I was going to setup in the 3750G - DHCP Server for VLAN 20, DNS uses the ISP, point the gateway at the internal IP of the firewall.

But since the WAP4410N has one ethernet port, I am fitting the corporate and guest VLAN over the single switch port. Bad idea? I have found some config. to let both pass through, but then getting DHCP assigned to VLAN 20 on that port and passed properly to the firewall, I am not 100% sure of which direction is best to go (... looked at creating Private VLANs but seemed like a lot of work, thought it might be simpler).

Thoughts?

Labels:
0 Helpful
4 Replies 4

Serge Yasmine
Cisco Employee
Cisco Employee

‎10-27-2010 01:10 PM

Hi Edward, since you have two ssids and two vlans, you need to allow encapsulation dot1q trunk on the switchport and allow the two vlans on that interface.

Cheers

Serge

0 Helpful

netguyz08
Level 1
Level 1
In response to Serge Yasmine

‎10-28-2010 04:06 PM

Ok this is what I have for it, along with the DHCP Server in the switch, specifically for this guest VLAN:

ip dhcp excluded-address 192.168.20.1 192.168.20.10

ip dhcp excluded-address 192.168.20.240 192.168.20.254

interface GigabitEthernet1/8

description Cisco WAP4410N

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 20,100

switchport mode trunk

switchport nonegotiate

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

queue-set 2

mls qos trust cos

macro description cisco-wireless

auto qos voip trust

spanning-tree bpduguard enable

ip dhcp pool vlan20

   network 192.168.20.0 255.255.255.0

   default-router 192.168.20.247

interface Vlan20

description Guest Wi-Fi

ip address 192.168.20.247 255.255.255.0

(and VLAN 100 is 192.168.1.x)

0 Helpful

netguyz08
Level 1
Level 1
In response to Serge Yasmine

‎11-30-2010 04:10 PM

Serge,

I did end up fixing DHCP assignments, however since the guest Wi-Fi is on VLAN 20, and only VLAN 100 and 200 are recognized by the edge router (which is managed by my ISP), the traffic would never go out to the internet.

Don't suppose I can NAT the traffic in the switch in any way, huh? Or some other solution to keep Guest WiFi from a WAP4410N isolated through a Cisco switch?

0 Helpful

Serge Yasmine
Cisco Employee
Cisco Employee
In response to netguyz08

‎12-01-2010 04:35 PM

Hey Edward, as long as vlan 20 is allowed on that trunk port, why not to do just routing on the 3750 form that point and onwards?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card