I am very new to Cisco wireless.
The most important settings on Cisco WLCs 5508 were done by external engineer.
I have got an issue with wired guest network, my DHCP server (Cisco ASA Firewall) is not providing IP addresses to my guest clients connected over the cable,but wireless guests can get IP without any issue – wired and wireless guests are using the same scope on ASA.
Please note that when I assign a static IP to a wired guest client, everything is fine, I am prompted to authenticate and then sufr on the internet.
So I assume that tagging of the switch ports is alright.
On my switches there are two VLANS for guests (vlan 94 for wired guests ; vlan 98 for both of them guests)
On my WLC, I have got also two interfaces vlan 98 has got an IP address ; inteface with vlan identifier 94 does not have any IP, only "Guest Lan" option is checked.
In my WLAN section is profile for wired guests where ingress interface is vlan 94 and egress interface is vlan 98 – So I think that vlan 94 for wired guests is only for like layer 2 purpose and then its bridged to vlan 98 on the WLC – Am I right ?
In the attachment is debug log from Cisco WLC.
http://s000.tinyupload.com/?file_id=18306630635991333194
c8:5b:76:00:df:8d – is test client MAC.
Can somebody suggest me what I should do to make DHCP for wired guests working or what troubleshooting steps should I try ?
I can post some more detail if it will be necessary.
Best Answer
For starters, you need to split the scopes and other pertinent data at the ASA and at the organizational level. I was reading your description and it sounds like you are going to need to split the scopes, isolate the traffic and IP scope from wired or VLAN 94 to stay on 94, wireless guest traffic should be separated and placed on Vlan 98 along with making any necessary changes to switch configuration and ASA rules/configuration to reflect the separation of traffic.
As far as your statement regarding tagging at the switch ports, it will function properly however if you are tagging and running trunks make sure your Native Vlan settings along with allowed Vlans are configured properly on both sides of the link. In situations where I've taken possession of a network environment and the previous engineers weren't strong in certain areas I have seen something as simple as improperly configured trunk links cause an interface to not pass traffic properly.