Wireless VLANS for Guest Access

[spie34]

I am trying to setup my Aironet 1100 A/G with Wireless Vlans. We want to provide guests that come into our building access to the Internet but not access to our network.

We have a 3560 switch as well as a asa 5110 series firewall.

What I would like to do is setup a wireless vlan for guests and a wireless vlan for our employees.

I've tried to configure the Aironet via the command line using the commmands that are similiar to what is on this page

http://cisco.com/en/US/products/hw/...figuration_guide_chapter09186a0080184ace.html

The switch I have tried to use the CNA thing. I know not the right way to do it but so far I have not found the right documentation for it. Am I am not sure if I need to be using trunking on the port for the access point, the port that goes to the firewall, and the port that goes to the dhcp server.

Also on the firewall I am wanting to have DHCP setup for the wireless guest so that it would somewhat be on a different network than what the rest of the company is on. I setup a virtual interface on the firewall that was part of the internal interface. Assigned it to be a DHCP server and assigned a pool of addresses to serve out.

I am unable to connect and get an address when doing this.

So basically now I am at a loss as what to do on this. Is there someone here who could possibly help me out and get me started in the right direction?

 

[vipergg]

You will have to trunk to the AP if you need more than 1 vlan on the AP .

 

[spie34]

So do I need trunking enabled on the port that the switch is connected to the firewall at?

This is how my firewall interface is configured.
interface Ethernet0/0
description Inside Private Interface
nameif inside
security-level 100
ip address 172.22.1.1 255.255.255.0
!
interface Ethernet0/0.2
vlan 2
nameif wireless
security-level 100
ip address 172.24.1.1 255.255.255.0

Along with this.

!
dhcpd address 172.24.1.50-172.24.1.75 wireless
dhcpd dns 209.x.x.x 209.x.x.x interface wireless
dhcpd lease 28800 interface wireless
dhcpd enable wireless
!

At my firewall I have Ethernet 0/0 as being part of the native vlan than Ethernet 0/0.2 as being part of vlan2.

My firewall connects to my switch on port Gi0/1 and my access point is connected to the switch at port Gi0/11.

On my access point I have configured it as following this:

ap# configure terminal
ap(config)# interface dot11radio 0
ap(config-if)# ssid boss
ap(config-ssid)# vlan 1
ap(config-ssid)# end
ap configure terminal
ap(config) interface FastEthernet0.1
ap(config-subif) encapsulation dot1Q 1 native
ap(config-subif) exit
ap(config)# interface Dot11Radio0.1
ap(config-subif)# encapsulation dot1Q 1 native
ap(config-subif)# exit
ap# configure terminal
ap(config)# interface dot11radio 0
ap(config-if)# ssid teach
ap(config-ssid)# vlan2
ap(config-ssid)# end
ap(config) interface FastEthernet0.2
ap(config-subif) encapsulation dot1Q 2
ap(config-subif) bridge-group 2
ap(config-subif) exit
ap(config) interface Dot11Radio0.2
ap(config-subif) encapsulation dot1Q 2
ap(config-subif) bridge-group 2
ap(config-subif) exit

The problem I am having is how to configure the switch itself. I've tried setting the port connecting to the firewall as a trunk and the port that connects to the access point as a trunk. Can someone help me with the correct commands with this?

 

[ttmk101]

Not sure if this will help. Do you have the port on the firewall trunked? Both ends should be.
switch: "on Port"
switchport mode trunk
switchport trunk allowed vlan #,#,#
switchport trunk encap dot1q