Two SSIDs to 2 different VLANs

  • 1
  • Question
  • Updated 5 months ago
  • Answered

Hi guys,

This is my requirement:

-Corporate users to use corporate SSID to connect to internet

-Guests to use "guest" ssid to directly access the internet

The setup (image attached):

-Ruckus unleashed r510 has a cable attached to an internal POE switch and another cable attached to a 5505 firewall (base license)

-The switch port where the AP connects is configured as access in VLAN1

-Internal network has DHCP enabled. This part seems to be working (internal users can obtain an IP from DHCP server and connect to the internet)

-asa has dmz interface in vlan 12 -this is where the AP connects for the guest network

-ASA firewall has dhcp server and pool configured, but when guest clients connect, they do not receive an IP

-NAT and ACLs from the dmz network to the internet already applied on the asa

Observations:

-Checking the mac addresses learned on the asa on the DMZ port reveals mac addresses from VLAN 1 (The asa has its inside interface on vlan 1). This is what surprises me, since the asa dmz port is assigned to vlan 12!!

I am requesting some help in finding out the minimum number of changes I need to make to ensure that the guests can safely access the internet.

Please help

Photo of Alan Ng'ethe

Alan Ng'ethe

  • 2 Posts
  • 0 Reply Likes

Posted 5 months ago

  • 1
Photo of Alan Ng'ethe

Alan Ng'ethe

  • 2 Posts
  • 0 Reply Likes

Some additional information out of the asa:


ASA# show switch vlan
VLAN Name                             Status    Ports
---- -------------------------------- --------- -----------------------------
1    inside                           up        Et0/1, Et0/2, Et0/3, Et0/4
                                                Et0/6, Et0/7
2    outside                          up        Et0/0
12   dmz                              up        Et0/5


Et0/5 connects to the AP

Photo of Michael Brado

Michael Brado, Official Rep

  • 2570 Posts
  • 351 Reply Likes
Sorry Alan, Unleashed is designed for single LAN use, no VLAN setting under WLANs.
You would need ZoneDirector or SmartZone I'm afraid.