You must change the management vlan to something other than vlan 1 if you want to turn on vlan 1 routing.
-To change mng vlan get in config mode then,
(config)# ip add 192.168.254.1 255.255.255.0
ip address vlan 254
-After that you can give vlan 1 ip address and add the routing command to it.
Tuesday, June 21, 2011
Cisco ASA , 2nd vlan can't get to internet
This is a reminder to those who have multiple vlans and an ASA. You have to add the command "route LAN 10.10.10.0 255.255.255.0 10.10.20.254" to route traffic form vlan 2 10.10.10.0 to vlan 1 10.10.20.254.
- Until this command was entered vlan2 could access things on vlan 1 but coudn't get to the internet.
- Until this command was entered vlan2 could access things on vlan 1 but coudn't get to the internet.
Tuesday, June 14, 2011
Setting up guest access on WAP4410N
- Configure both SSIDs in the wap admin page.
- Turn on vlans , configure guest access for vlan 2 (or whatever you what).
- On ssg5(firewall) configure a SubInterface bgroup0.2 and assign vlan 2.
- Put bgroup0.2 in the DMZ.
- Configure dhcp on the DMZ.
- Add policy from DMZ to Untrust (any to any) , make sure to go to advanced under policy and check source NAT or you won't be able to get online from vlan 2.
- At this point you can connect to the guest SSID and you should get ip in DMZ (vlan 2). Also, test to make sure you can only get on internet not the main network.
- Turn on vlans , configure guest access for vlan 2 (or whatever you what).
- On ssg5(firewall) configure a SubInterface bgroup0.2 and assign vlan 2.
- Put bgroup0.2 in the DMZ.
- Configure dhcp on the DMZ.
- Add policy from DMZ to Untrust (any to any) , make sure to go to advanced under policy and check source NAT or you won't be able to get online from vlan 2.
- At this point you can connect to the guest SSID and you should get ip in DMZ (vlan 2). Also, test to make sure you can only get on internet not the main network.
Subscribe to:
Comments (Atom)
