I am attempting to setup a test environment for a guest WiFi network. My aim is to use a separate SSID on a completely different subnet and keep it totally isolated from the management subnet.
So far, I have a Cisco Aironet 1602 broadcasting two different SSID's as follows:
management-wifi - 192.168.0.x guest-wifi - 172.16.0.x
The Aironet is controlled by a Cisco 2505 Wireless Controller which has the following interfaces:
management - 192.168.0.240 guest - 172.16.0.240
Between the wireless clients and the internet sits a Cisco Catalyst WS-C2960 switch, a Cisco ASA 5505 and a Cisco 887VA router.
I have both 192.168.0.x and 172.16.0.x interfaces configured on the ASA but so far I am only able to reach out to the internet if I am connected to the 192.168.0.x network. When I have an IP address on the 172.16.0.x network I cannot see any devices locally or the internet. Can anyone assist me configuring this as I suspect I need to do something with the VLAN's at the switch level?
This is my switch config:
Current configuration : 5782 bytes
!
! Last configuration change at 01:39:12 gmt Sun Apr 11 1993 by administrator
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ms-testswitch
!
boot-start-marker
boot-end-marker
!
no logging console
!
username administrator privilege 15 secret 5 $1$GyJu$uqo9yOnAb4vy8Tg2RoJrf.
username ccpuser privilege 15 secret 5 $1$Zmgi$TDnFyiE5YpS8KV46KvThW/
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
aaa authorization exec default local
!
!
!
!
!
!
aaa session-id common
clock timezone gmt 0 0
clock summer-time gmt recurring
system mtu routing 1500
vtp mode transparent
!
!
ip domain-name test.local
!
!
crypto pki trustpoint TP-self-signed-1865058432
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1865058432
revocation-check none
rsakeypair TP-self-signed-1865058432
!
!
crypto pki certificate chain TP-self-signed-1865058432
certificate self-signed 01
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 172,192
!
!
!
!
!
interface FastEthernet0/1
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/5
switchport trunk allowed vlan 172,192
switchport mode trunk
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/7
switchport mode trunk
!
interface FastEthernet0/8
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/10
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/11
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/12
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/13
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/14
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/15
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/21
switchport access vlan 192
!
interface FastEthernet0/22
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/23
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/24
switchport access vlan 192
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1
switchport access vlan 192
switchport mode access
!
interface GigabitEthernet0/2
switchport access vlan 172
switchport mode access
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan172
ip address 172.16.0.252 255.255.255.0
no ip route-cache
!
interface Vlan192
ip address 192.168.0.252 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.0.250
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
snmp-server community switches RO
snmp-server location Project Room
snmp-server contact IT
snmp-server chassis-id ms
!
!
!
!
line con 0
privilege level 15
line vty 0 4
exec-timeout 0 0
privilege level 15
line vty 5 15
exec-timeout 0 0
privilege level 15
!
end
If anyone could help me I would really appreciate any suggestions. Merry Christmas!