How to segregate Guest WiFI from internal DHCP server

Hi,

Hope to get some suggestions.

Here is what we have:

Comcast Router with 13 static IPs. The SSID in the Comcast Router is Guest (10.1.xx/24).

I also have a Cisco ASA 5508 using another Public IP (with 'outside' interfce connected to one of the 4 ethernet ports of the comncast router).

The internal network is 172.16.x.1 (which is also the default gateway for internal domain network). It is connected to a switch where all the internal devices are.

Inside the internal network, I have W 2012 R2 DC,DNS,DHCP (172.16.x.x/16).

I also have a wireless Accespoint (Linksys LAPAC 2600) which is connected to this internal switch. It has 2 SSIDs called 24G and 5G - meant for company network access)

So all ethernet connected PCs/Laptops are fine (getting 172.16..IPs and are joined with domain).

All laptops wifi connecting to 24G and 5G are also good (getting internal 172.16 IPs and connected with DC).

The problem I have is if I connect a laptop with 'Guest' wifi (which is meant for just visitors/internet access only), I am still getting 172.16 IP, and not 10.1.IP).

What am I doing wrong?

Appreciate any thoughts.

Thanks,

Ashok

All