cancel
Showing results for 
Search instead for 
Did you mean: 

Two SSIDs to 2 different VLANs

alan_ng_ethe
New Contributor

Hi guys,

This is my requirement:

-Corporate users to use corporate SSID to connect to internet

-Guests to use "guest" ssid to directly access the internet

The setup (image attached):

-Ruckus unleashed r510 has a cable attached to an internal POE switch and another cable attached to a 5505 firewall (base license)

-The switch port where the AP connects is configured as access in VLAN1

-Internal network has DHCP enabled. This part seems to be working (internal users can obtain an IP from DHCP server and connect to the internet)

-asa has dmz interface in vlan 12 -this is where the AP connects for the guest network

-ASA firewall has dhcp server and pool configured, but when guest clients connect, they do not receive an IP

-NAT and ACLs from the dmz network to the internet already applied on the asa

Observations:

-Checking the mac addresses learned on the asa on the DMZ port reveals mac addresses from VLAN 1 (The asa has its inside interface on vlan 1). This is what surprises me, since the asa dmz port is assigned to vlan 12!!

I am requesting some help in finding out the minimum number of changes I need to make to ensure that the guests can safely access the internet.

Please help

Image_ images_messages_5f91c3e0135b77e2478c2202_22a7164c9cd3bb737c19e5693cfa318f_RackMultipart201806184300913ch-729fd2d8-e1fc-44bf-8548-ce22748be769-466230084.jpg1529353714
2 REPLIES 2

alan_ng_ethe
New Contributor

Some additional information out of the asa:


ASA# show switch vlan
VLAN Name                             Status    Ports
---- -------------------------------- --------- -----------------------------
1    inside                           up        Et0/1, Et0/2, Et0/3, Et0/4
                                                Et0/6, Et0/7
2    outside                          up        Et0/0
12   dmz                              up        Et0/5


Et0/5 connects to the AP

michael_brado
Esteemed Contributor II
Sorry Alan, Unleashed is designed for single LAN use, no VLAN setting under WLANs.
You would need ZoneDirector or SmartZone I'm afraid.