Cisco 5505 plugged into AP with multiple SSID'S

[cisco222]

I have a Cisco 5505 firewall and have a single Cisco access point plugged into the POE port 7.
On my wireless AP ( AP1142N ) I have 2 ssid's one for production vlan 1 and vlan 10 for my guest's.

I want vlan 10 only to have access to the internet and nothing else, so they cannot access vlan 1.

vlan 1 - 192.168.70.0 /24
vlan 10 - 172.16.0.0 /24

I do not have a DHCP server so the ASA will have to act the the DHCP server for both vlans.

I have done this setup before on a 5520 but this has subinterfaces and work well. Confused to how this will work on the 5505 or even if it can be done?

 

[burtsbees]

ACL on the VLAN interfaces...

ip access-list extended IP-Options-and-Powerball
deny ip any any winning-powerball-ticket
permit ip any any option any-options
!
class-map ACL-Options-and-Powerball
match access-group name IP-Options-and-Powerball
!
policy-map CoPP-POLICY
class ACL-Options-and-Powerball
drop
!
control-plane
service-policy input CoPP-POLICY

 

[wabob]

You can create interface VLAN 10 with a nameif of 50 (leave interface VLAN 1 with the default nameif of 100) so any devices on VLAN 10 cannot initiate a connection with VLAN 1 BUT can nat and go out the Outside interface onto the Internet.

One question - does that 5505 have the Base license or the Security Plus license? If it has the Base license you have to enable the third VLAN by entering "no forward interface Vlan1" when configuring interface VLAN 10. Then, it does precisely what you want by not allowing any traffic between VLAN 10 and VLAN 1. Then you go on to configure dhcpd and nat for the new VLAN.

Hope this helps.



Ross Perot was right...