How to correctly configure a separate VLAN for an SSID

  • 1
  • Question
  • Updated 3 years ago
I am completely stumped as to what I am doing wrong.

So what I'm trying to do is configure a separate VLAN, VLAN18, for my Guest SSID. My setup is:

Zone Director:
- ZD is configured with  2 SSIDs, 1 for Employees and 1 for Guests. WLAN for employees has Access VLAN set to 1, and WLAN for Guest has Access VLAN set to 18.
- My management vlan is VLAN16, although the IPv4 configuration in my ZD has Access VLAN set to 1. Somehow when I configure this to 16, I lose my connection to it, so I leave it at 1.
- Although the WLAN for Employees has Access VLAN set to 1, it gets DHCP from my VLAN 16 DHCP server and users can connect successfully to the VLAN16 network. 
- I set the switchport (Cisco) where my ZD is connected as a trunk port, with 802.1Q and native VLAN set to Vlan16.

AP:
- AP port is set to trunk, with Access VLAN set to 1.
- Switchport (HP Procurve) where AP is connected has VLAN16 as untagged port. VLAN18 and the other VLANs in my network are set as tagged.
- Connection flow is ZD < == > Cisco Core Switch < === > HP Procurve < === > AP

I created an Interface VLAN18 in my Core Switch, which directs DHCP requests to my firewall.

With this setup, I test a PC connecting to the Guest WLAN. It successfully gets an IP address from my VLAN18 DHCP server, together with the other network details. However, the PC is not able to ping the gateway.

I've already allowed the whole subnet in the Guest Access restricted subnets.

Sorry for the long read, but I'm just wondering why I can't ping my gateway even if I successfully retrieved an IP address.

Appreciate any help. :)

Thanks.
Photo of Paulo Dayon

Paulo Dayon

  • 3 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Gerard

Gerard

  • 20 Posts
  • 1 Reply Like
Hi Emilio : Are you using a Cisco router to determine the VLAN's. What IP address range are you using, and subnets ?
(Edited)
Photo of Paulo Dayon

Paulo Dayon

  • 3 Posts
  • 0 Reply Likes
Hi Gerard,

Yes, we are using a Cisco L3 switch.

VLAN16 (Management and Employees WLAN) - 172.17.16.0/24
VLAN18 (Guest WLAN) - 172.17.18.0/24

In the L3 switch, I have the following configuration.

interface Vlan16 ip address 172.17.16.251 255.255.255.0
 ip helper-address 172.17.9.2
 ip helper-address 172.17.9.6
 no ip redirects
 standby 16 ip 172.17.16.254
 standby 16 priority 110
 standby 16 preempt
!
interface Vlan18
 ip address 192.168.20.2 255.255.255.0
 ip helper-address 192.168.20.1
 no ip redirects
 standby 18 ip 192.168.20.4
 standby 18 priority 110
 standby 18 preempt

VLAN16 is using a Windows DHCP server, while VLAN18 uses my firewall. I've membered one of my firewall ports to VLAN18 and configured a DHCP server there, with the IP 192.168.20.1.

ZD - 172.17.16.201
AP - 172.17.16.203