I have a fairly simple setup, but still I have run into a problem I can't quite figure out.
A customer have bought 4 IAP's to replace an old WLAN solution. It's a small office and not many users, but 3 subnets
Mgmt
Employee
Guest
In the current installation they have the Employee SSID tied to vlan 2, and the AP hands out IP adresses, but the gateway is on a firewall. It is the same for the Guest SSID. The AP hands out DHCP adresses, but the gateway is on the firewall.
The customer wants to keep the same setup with the gateway residing on the firewall.
How can I solve this if I want to hand out DHCP from the IAP, but want the gateway to be firewall?
If I use the Local,L3 mode. Then I can do DHCP for the VLAN on the IAP, but the trafficc will be NAT'ed behind the IAP IP, and not forwarded as L2 to the firewall. The IAP would do the firewalling between the clients, and not the firewall as they want.
It would be an easy fix to run DHCP on the firewall, but that is not an option in this case.
I tried deny local routing, but that just stoped the traffic from being routed from the SSID vlan to the uplink for for NAT.
With a mobility controller it is very easy.
interface vlan 2
IP address 10.1.1.2 255.255.255.0
no ip routing
IP dhcp pool employee
network 10.1.1.0 255.255.255.0
default-gateway 10.1.1.1
Is this even possible on a IAP?
I am running software 6.2.1.0-3.4.0.3