Hi guys,
This is my requirement:
-Corporate users to use corporate SSID to connect to internet
-Guests to use "guest" ssid to directly access the internet
The setup (image attached):
-Ruckus unleashed r510 has a cable attached to an internal POE switch and another cable attached to a 5505 firewall (base license)
-The switch port where the AP connects is configured as access in VLAN1
-Internal network has DHCP enabled. This part seems to be working (internal users can obtain an IP from DHCP server and connect to the internet)
-asa has dmz interface in vlan 12 -this is where the AP connects for the guest network
-ASA firewall has dhcp server and pool configured, but when guest clients connect, they do not receive an IP
-NAT and ACLs from the dmz network to the internet already applied on the asa
Observations:
-Checking the mac addresses learned on the asa on the DMZ port reveals mac addresses from VLAN 1 (The asa has its inside interface on vlan 1). This is what surprises me, since the asa dmz port is assigned to vlan 12!!
I am requesting some help in finding out the minimum number of changes I need to make to ensure that the guests can safely access the internet.
Please help
