Cisco :: 3750 / Autonomous Wireless Access Point / Dot1x And Guest VLAN?
Jul 11, 2012
Hardware: Cisco 3750 switch and Cisco autonomous access point (AIR-AP1142N-E-K9).Requirement: A single broadcast SSID; use dot1x to assign vlan 98 to authenticated clients (computer certificate); assign vlan 3 (guest) if the authentication fails.I can achieve assigning a guest vlan on authentication failure when using a wired connection by using the following command on the interface:authentication event fail action authorize vlan 3 I'm after a way to achieve the above using the wireless access point. The main point is that internal users cannot access vlan 3 as they have a valid certificate and that guests do not have to authenticate.
View 2 Replies
ADVERTISEMENT
May 9, 2012
I have two SSIDs on an Autonomous Access Point, that goes to a 2960 switch, that connects to a L3 3560. I have a vlan for admin/private internal access that uses the native vlan (1) and guest vlan (50). I have configured both and I am trying to get both to go out the same Internet connection.
I cannot get the guest access to access the Internet. It looks like my computer will go, but it just comes up saying no Internet access.All interfaces are trunking this vlan properly. I can communicate from the laptop to the 3560 but I just can't get to the Internet.
View 10 Replies
View Related
Apr 9, 2012
I have a 2960 sw configured for dot1x authentication, the problem is the Guest VLAN and Restricted VLAN didnot work. The switch port was stuck in authenticating status. The server is Juniper IC4500.
View 2 Replies
View Related
Jan 10, 2013
we have a couple of AP1262N-E-K9 access point with firmware version 12.4(25d)JA1 operating in autonmous mode.
I attempted to measure the signal quality between the APs by setting one device to repeater mode while all others are in root mode. Then, I execute the following command: dot11 Dot11Radio 0 antenna-alignment
1. The output of "show dot11 antenna-alignment" is incorrect, the % value represents the signal strength in dBm without the - (minus). E.g. "-25 dBm" is displayed as "Signal 25% 0 dBm".Now, I know that is only a display error but still this is not clean. Is this a known issue?
2. Why are the measured signal strength values not displayed on the SSH console during the antenna-alignment test? Is it obligatory to use the console to see these values? Or is it also a known bug which might be fixed in later firmware versions?
View 2 Replies
View Related
Sep 13, 2011
download an autonomous image for Cisco Access point 1242 ?
View 1 Replies
View Related
Feb 10, 2012
I am running a /24 network in Active Directory with my ASA acting as gateway and firewall. Standard interfaces (Ethernet 0/0 as outside, Ethernet 0/1 as inside)
As of now I have no VLans set up, but I need to setup wireless Internet access for guests... I need directions on how to setup a Vlan with its on DHCP for these aguests... I can then make sure that my APs can be pointed to the same VLAN... I am not familiar with CLI, have generally used ASDM. I am currently running ASDM 6.3(1) on an ASA with version 8.3(1).
This is something I need to do quickly as we are expecting 20-40 "guests" shortly, and I don't want them to use our internal DHCP server addresses.
View 3 Replies
View Related
Feb 14, 2012
We have an Cisco Aironet 1130AG access point which is deployed as Stand Alone Access point, connected to Cisco 2960 Switch.Now we want to configure an Guest Wifi Access for guest users , for accessing internet ,Is it possible to configure Guest wifi for stand alone access point,( Bcoz i created in WCS, i am not sure about stand alone), i read in articles like create new vlan for Guest account & assign it like that , but not clear.
View 7 Replies
View Related
Apr 8, 2013
Any issue creating a guest vlan to use the WIFI on an 891W router? The IOS is version 15.1. I have created discreet Vlan's and setup subinterfaces on both the WLAN_AP0 and GigaEthernet 0 interfaces with dot1q encapsulation. The client will receive an IP from the pool but cannot ping or connect beyond the default gateway.
The external interface is using Nat overload and all wired clients are successful in connecting to outside addresses. I have insert a permit any statement in the acl which affects the external port but still no success.
View 7 Replies
View Related
Jan 14, 2013
I've been experimenting with the 'vlan dot1q tag native' command on a switch and it seems as though tagging the native vlan breaks vty access to my access point.With the 'vlan dot1q tag native' commnand applied, I lose management connectivity to the AP with 'no vlan dot1q tag native' applied, connectivity is restored. Why is this? Is it safe to say that one can access the AP via vty lines using ONLY untagged packets?
SWITCH
Model: WS-C3560G-24PS
Code: c3560-advipservicesk9-mz.122-46.SE
--Abbreviated CONF
vlan dot1q tag native
[code]....
View 14 Replies
View Related
Jan 18, 2010
I have 3750 switch (WS-C3750G-24TS-S1U) with IP Services version
Switch Ports Model SW Version SW Image------ ----- ----- ---------- ----------* 1 28 WS-C3750G-24TS-1U 12.2(46)SE C3750-IPSERVICESK9-M
on the switch, I have configured aaa new-modelaaa authentication dot1x default group radius dot1x system-auth-control but i am not able to implement the command under interface
Switch(config)#int gigabitEthernet 1/0/20Switch(config-if)#do?down-when-looped
dot1x commands are not available under the interface config. Is the IOS version is compatible with dot1x?
View 5 Replies
View Related
Oct 6, 2012
I have an existing setup consisting of:
Windows Server - doing DHCP for private wired/wireless
Cisco 1141 Autonomous WAP with only private wireless access.
ASA 5505 (with very basic licensing)
HP switch
The customer wants to have guest WiFi.
The guest WiFi is going out to the internet via a seperate VLAN/interface on the ASA. Can the 1141 do DHCP for the guest WiFi? Or do I need to do it via the ASA?
View 1 Replies
View Related
Oct 6, 2009
I configured dot1x port-authentication on a 3750. The switch sends out a request to the radius server. The radius server sends a answer-packet to the switch udp port 21645 but it seems the switch discards the packet or something like that. The radius server gets the answer "Destination unreachable, Port Unreachable"
View 8 Replies
View Related
Jan 9, 2013
Does the N750 (F9K1103V1) support Guest Access while in Access Point mode? It will not provide an IP address when a guest attempts to connect.
View 20 Replies
View Related
Jan 17, 2013
I have an n600 ( F9K1102 v1 , firmware 1.00.09 ). My ISP provides my main router for my network, but I want to use the N600 as an access point, I have activated the "Use as Access Point" feature.Is it possible to still utilize the Guest Access feature in this case?
View 1 Replies
View Related
Jun 9, 2011
My network is such that I want to extend the signal of the GUEST account. I have a WAP54G set up for that purpose and am getting a very strong signal. I can access the main network, but not the Guest, I cannot even see the GUEST access. Any setting change that needs to be made that will allow me to access the GUEST account from the Access Point?
View 2 Replies
View Related
Mar 23, 2010
I recently picked up a 655 with hardware version A2 and flashed to the latest firmware. I have a HotBrick router. I only want to use the 655 as an access point AND especially to use the Guest Access or Guest Zone feature to allow visitors to bring their laptops and not virus up my network. My home network is open among a few computers for things like SageTV, file serving, etc.I can get the 655 to function just fine as a standard access point by following the instructions to turn off UPNP, DHCP, etc. as outlined in the manual. I then enable the Guest Access/Zone feature, and of course give it a different SSID name, make sure it's on 24 hours a day, that it is enabled, etc.
But, none of my computers can access the internet via the Guest Account feature, just the regular wireless portion. They show connecting to the Guest Account name, etc. but no internet. I've disabled every security feature I know of to test this. Again, the "regular" WAP tests great, but no Guest Account, which is really important and one of the main reasons I bought the unit.I'm wondering - does the Guest Account feature only work if the 655 is the main router, has DHCP enabled, etc.? Does it have to be the one and only router? If so, I'm in trouble, because I can't really give up my HotBrick due to failover features, etc.
View 5 Replies
View Related
Mar 26, 2013
I have registered here to clarify some things about VLAN's. There are so many (different) names and mentions that i found tat my vision gets blurry looking through all the info.I have a setup at a client where the Guest WiFi access needs to be separated from the normal LAN where all the normal devices are attached to. The guests are not allowed to reach the IP camera's and printer etc. etc. . I am trying to visualize how the traffic should flow but the Tagged, Untagged, PVID, Trunks and other names that i found make it difficult for me to see how it works together.
View 8 Replies
View Related
Jun 23, 2012
I have some Cisco 1240 Access Points which are not centrally managed. I want to add 802.1Q trunking so as to be able to provision a guest VLAN. But a trick is that these APs are in some very high ceilings. I would like to provision the new trunking and guest VLAN without having to remove them from the ceiling. Someone suggested I just make the native VLAN save as existing and make the port to which attaches a trunked port. But when I did this I lost connectivity to the Access Point. Access came back as soon as I made the switch port an access port. how I can add the trunking and guest VLAN without having to get into the ceilings to remove them and configure them via console or other?
View 2 Replies
View Related
Aug 18, 2011
Is it possible to allow certain websites to bypass the web authentication pages, so that they do not need to authenticate to get to our own website, but do have to if they wish to go anywhere else?Looking at a 5508 model at the moment
View 4 Replies
View Related
Sep 17, 2012
I have a Cisco 6509 with IOS "s222-ipservicesk9_wan-mz.122-18.SXF16.bin"I need to enable dot1x on user's ports on the switch. each user is connected to the switch through the IP phone.
I just found out that I can not enabled dot1x on trunk port. I have tried to use "switchport voice vlan " but I got:
Switch(config-if)#switchport voice vlan 123
Command rejected: Gi7/20 is Dot1x enabled port.
let me know what should I do to get dot1x working?
Note: I have connected a laptop directly to the port and dot1x is working fine.
View 5 Replies
View Related
Jul 24, 2012
I have the Netgear wndr4500 router setup as an AP. The wndr4500 has a feature for guest wifi but will not connect to the internet. The main wifi will connect to the internet fine. I'm wondering if I use the WNDR4500 as an AP, the guest features do not work?
View 2 Replies
View Related
Dec 5, 2011
We have a 3750 which has a few vlans configured. One Vlan is for public access wifi and another for our security system (door access, cameras, etc.). I don't want the public wifi vlan to access the security system vlan. How can I accomplish this in the 3750?
View 4 Replies
View Related
Oct 18, 2012
How to configure internet access for different VLANs in cisco 3750 switc,ISP connection directly connecting to 3750 ,3750 have 18 VLANs
View 9 Replies
View Related
Oct 12, 2011
I'm wanting to setup a Virtual Office scenario. Everything is working fine except for 802.1x...I can get the 881 to authenticate things connected to it, but I don't have the options of guest-vlan or auth-fail vlan.Idea is if the users takes the router home and someone, either accidentally or on pupose, connects an unauthorized Laptop, they stay off the Corp network but can get to the internet still.I found this link on Cisco's site: [URL]That link shows them configuring a guest vlan right on the fa0-3 ports of an 881W. I dont have that option on mine. I can only configure 802.1x on the vlan interface. I have 802.1x working, for things that connect to vlan1, but I would like to have a "fallback" setup.
EZVPN_Remote(config-if)#int fa1
EZVPN_Remote(config-if)#dot
EZVPN_Remote(config-if)#dot1?
dot1q
EZVPN_Remote(config-if)#dot1
[code]....
View 1 Replies
View Related
Apr 16, 2013
I need to know if 3502p with outdoor antennas supports Point-to-Point Wireless Bridging?
View 6 Replies
View Related
Sep 10, 2012
We are currently designing a complete Layer 3 to the edge solution for our customers. The network design is a combination of a collapsed core (Core to access) as well as a three layer model (Core/Distro/Access) for connectivity to the Data Centre, Internet and Wireless Blocks.
The core of the network contains two 6509E switches interconnected on a Layer 3 Port channel (no VSS). Access Layer switches (3750 Stacks) connect to the core switches over p2p routed links (Collapsed core part of the design). Distribution layer switches provide connectivity to the Data centre, Internet and Wireless Blocks.(three layer model.
All IP addressing is being planned for assignment from the private RFC 1918 address block(10.0.0.0/8) for both Infrastructure and Access layer VLANs for users.
Clarifications required for the following:
[code]...
View 17 Replies
View Related
Dec 2, 2011
I have 3750g Wireless LAN Controller switch and some 1252 lightweight access points. Recently I heard about pico cell functionality in wireless lan controller. My controller version is 4.0. Is it configure pico cell in 3750 WLAN controller and What are the steps I have to do and what are the precautions I have to notify ? . How to enable picocell functionality in client and access point ? . Is it require any hardware or software for this activity.
View 12 Replies
View Related
Feb 27, 2013
How would I bridge a wireless connection with a distance of 400 feet? Would twoAP1262N-A-K9 be able to make this happen? Or is there another wireless bridge that you all can think of?I would be connecting one AP1262 of off a 3750g switch and at the far end (400 ft aproximately) another AP1262N-A-K9.
View 12 Replies
View Related
Apr 20, 2012
I had a new AIR-AP1042N-N-K9 access point and I tried to convert it into lightweight mode with the image c1140-rcvk9w8-tar.124-21a.JA2.tar . I used all the methods but the AP is getting hanged at one position after decompressing the new IOS. The capture of the process is below: [code] After this I am getting the junk characters and everytime AP hangs at this position.
View 4 Replies
View Related
Sep 6, 2012
My company has an RV180W Router, a SGE-2000 Managed Switch, and a WAP321 Wireless Access Point. I have about 12 users on a Windows 2003 Server Standard, completely updated. My Win box is my DHCP Server. Now I am running two VLANS, Vlan 1 (default) the main vlan is where the Win box is on. Vlan 5 (guest Vlan) uses the RV180W as the DHCP server.
-Vlan1 is 192.168.1.1-254 - Issued by Win box
-Vlan5 is 192.168.2.100-254 - Issued by RV180W
View 3 Replies
View Related
May 20, 2012
I all we are going to terminate point to point link between 3750 and 6506.
on 6506
int gi1/45
no switchport access
ip address 192.X.0.x 255.255.255.0
no shut
[code]....
Does this config correct as i am configuring between stack switch and 6506
View 1 Replies
View Related
Sep 11, 2012
recently i just connected a non cisco ip phone(from panasonic) to Cisco 2960 POE switch at site A. The PABX system is located at site B,Site A and site B are connected using MetroE Point to point.I would like to apply QoS for voice vlan. I want to assign 2MB to the point to point connection for voice vlan.
View 3 Replies
View Related
Jan 27, 2011
I have a AP541N connected to a UC560. We are currently configured for Wireless Voice and Data. We have added a Guest VLAN, but don't see where in CCA to secure the VLAN from accessing the other other two default VLANs.
Additional Info: AP541N-K9-1.7(2)UC560 15.0(1)XA2, RELEASE SOFTWARE (fc2)CCA 3.0
View 1 Replies
View Related