wireless- Guest and user vlan

Platform: - Cisco 1100 and 1200 wireless access point, Cisco IOS, Cisco 6509
Keywords: - configuring wireless and guest vlans for wireless networks
Author: - Dinesh Aggarwal

Switch setup

Guest vlan: -600
User vlan: 129
Guest vlan will be 10.203.152.1 with no DHCP configured. We will use manual IP addresses (For testing only)

Configuration on core switches 6500 MSFC: -

6509_sw3#conf t
interface Vlan600
ip address 10.203.152.1 255.255.255.0
ip access-group wlan in
end
conf t
interface Vlan129
ip address 10.203.129.1 255.255.255.192
ip broadcast-address 10.203.129.63
ip helper-address 172.16.32.36 ( This is ip address of DHCP server)
end

ip access-list extended wlan
permit tcp any any eq www
permit tcp any any eq 443
permit tcp any any eq domain
permit udp any any eq domain

logging trap notifications

(Above is just a sample ACL, we need to modify it as per actual requirements, here we have allowed only http access from guest vlan)

Make 600 vlan on layer 2 and see if it is allowed on all the trunks and create these vlan in all the intermediate switches.

Configuration on switch connected to AP.

hostname Switch
!
enable secret 5 $1$HMVx$24CqVWoHJ80/W2DwPdQuM0
!
ip subnet-zero
vtp domain eng
vtp mode transparent
!
vlan 129!
vlan 600
!
!
spanning-tree extend system-id
no spanning-tree vlan 129
!
interface FastEthernet0/1
description TO testSW003 GI6/8
switchport trunk native vlan 129
switchport mode dynamic auto
no ip address
duplex full
speed 100
!
interface FastEthernet0/2
description AP
switchport trunk native vlan 129
switchport mode trunk
no ip address

(The port connected to AP need to be a trunk port with 129 as native vlan so that we can use 129-vlan addresses as management address on AP and user vlan, to travel multi vlan info we need trunk on the switch)
interface Vlan129
ip address 10.203.129.57 255.255.255.192
no ip route-cache
!
ip default-gateway 10.203.129.1
ip http server’