Wednesday, April 3, 2019

Wireless Guest Network, VLANs and ASA DHCP oh my.

Trying to set up a wireless guest network, Unifi APs, Cisco Switching, Cisco ASA, I cannot for the life of me get DHCP working in the properly layout,

Working Layout:

AP (Guest VLAN 940)

Switch A (MDF) AP Port Config:

interface FastEthernet3/0/48

description ===>AP Port

switchport trunk encapsulation dot1q

switchport trunk native vlan 110

switchport trunk allowed vlan 110,220,229,940

switchport autostate exclude

switchport mode trunk

srr-queue bandwidth share 1 75 25 5

srr-queue bandwidth shape 30 0 0 0

priority-queue out

mls qos trust dscp

spanning-tree portfast

spanning-tree bpduguard enable

ASA Port Config:

interface GigabitEthernet1/0/16

description => ASA Guest Wireless

switchport trunk encapsulation dot1q switchport trunk allowed vlan 940 switchport mode trunk spanning-tree portfast spanning-tree bpduguard enable

ASA Eth0/4-> Subinterface0/4.1 (VLAN940, DHCP Configured)

Non-working Layout:

AP (Guest VLAN 940)

Switch A (MDF) AP Port Config:

interface FastEthernet3/0/48

description ===>AP Port

switchport trunk encapsulation dot1q

switchport trunk native vlan 110

switchport trunk allowed vlan 110,220,229,940

switchport autostate exclude

switchport mode trunk

srr-queue bandwidth share 1 75 25 5

srr-queue bandwidth shape 30 0 0 0

priority-queue out

mls qos trust dscp

spanning-tree portfast

spanning-tree bpduguard enable

Switch B (Core):

description =>MDF to Core

no switchport

ip address 172.18.48.xxx 255.255.255.252

ip pim sparse-mode

srr-queue bandwidth share 1 70 25 5

srr-queue bandwidth shape 30 0 0 0

priority-queue out

mls qos trust dscp

description =>DS to Core

no switchport

ip address 172.18.48.xxx 255.255.255.252

ip pim sparse-mode

srr-queue bandwidth share 1 70 25 5

srr-queue bandwidth shape 30 0 0 0

priority-queue out

mls qos trust dscp

Switch C (DS):

Description => Core to DS

no switchport

ip address 172.18.48.202 255.255.255.252

ip pim sparse-mode

srr-queue bandwidth share 1 70 25 5

srr-queue bandwidth shape 30 0 0 0

priority-queue out

mls qos trust dscp

ASA Port Config:

description => ASA Guest Wireless

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 940

switchport mode trunk

spanning-tree portfast

spanning-tree bpduguard enable

ASA Eth0/4-> Subinterface0/4.1 (VLAN940, DHCP Configured)



No comments:

Post a Comment