Cisco :: 4400 - Guest Wlan Access To Wlc Management
May 11, 2011
I have my wlc 4400 configured with a secure wlan and a guest wlan. The guest wlan is switching traffic at the wlc to a separate guest-wlan interface. When a guest is associated and authenticated, they can access the management console of the wlc which is in a different subnet. As I understand, the wlc does not route traffic. So how could this be happening? the guest subnet and the subnet the wlc management interface is in are different and separated by a firewall. I have also tried applying access lists in the wlc to each interface without luck. How can i stop the wlc from providing access to guest wlan users?
View 3 Replies
ADVERTISEMENT
Dec 31, 2012
on WLC 4400 Guest vlan is configured with local authentication, the users get disconnected after 10mins were should i disable the option of 10mins restriction
View 3 Replies
View Related
May 20, 2012
I recently upgraded our controllers to the latest version 7 software, as I read this was one of the requirements to get them to connect. But I am not having any luck getting into a controller. Normally I plug them in to the network, they pop into the controller listed as something like AP5057.a844.xxxx and then I can finish configuring them, but a static IP on them, etc. This is the first of this model AP I have tried to deploy, so I am wondering what is different with these. or what I might be missing in the default config in the WLAN controllers. Niether of which are set to "Master" either.
View 10 Replies
View Related
Feb 7, 2012
We have a strange problem. We have a WCS v.7.0.172 that controls our two WLC v.7.0.116 and we have also two "Anchor Controller" WLC
v.7.0.116 for Guest Access.
We use the LAP1142N and every AP has two SSID's. One for internal data traffic and the other one for the guests.
Now the problem is, that even if we have internal and external user on the same AP, the guest users gets disconnected after a few time. Sometimes after 20 minutes, sometimes after 90 minutes...but the user is still working. It's really irregular.
View 2 Replies
View Related
Jun 10, 2013
I would like to setup a 2504 to have one Guest WLAN and one Staff WLAN with a controller port for each WLAN connected to different devices.
I would prefer to connect the WLC Guest port to an ASA 5510 and the WLC Staff port to an internal 2960S switch. Will this work? I haven't setup a 2500 series controller previously.
View 4 Replies
View Related
Apr 7, 2011
We recently reset a 4400 controller in a school. Although all access points associated, clients could not get the Internet. On investigating we suddenly lost connection to the web interface. We tried hyperterminal connections to reset, but found that the managament interface had the ports "unconfigured". We finally reset the configuration, and when we tried to start from scratch it now does not allow a port designation. It asks for 1 or 0 but says both are invalid when entered.
View 2 Replies
View Related
Apr 8, 2013
Managed to guest LWA working with ISE for wireless guest portal access? I have Cisco 4400 WLCs running latest 7.0 code and ISE 1.1.2.All guest portal examples seem to be CWA which only works on 7.2 code.Am I without hope getting this working on 7.0 code?
View 3 Replies
View Related
Aug 23, 2012
I have 2 WLAN controllers, a 4400 series and 5500 series controller. The 4400 series has 100 seat limit on it, with 74 Access Points currently connected. The 5500 series has a 250 max, but we bought it with only 50 licenses, and it is max'd out at 50.The 5500 controller is the controller that has a DNS entry so that the Access Points will know to find that controller as they're being added. BUT, because we've reached our limit of 50 licenses, I'd like to be able to set the 4400 series controller to be the controller that new Access Points try to connect to. By going back to the 4400 as the controller that new Access Points connect to buys me time to plan for more licenses on next years budget for the 5500 controller.
View 29 Replies
View Related
Sep 18, 2011
My company has chosen to allow our employees to bring in and use their own personal electronic devices such as i Pads, i Phones, tablet PC's, etc... We intend to allow them to access our network with these devices. My question is if an employee decides to enable a WiFi hotspot on an iPhone, i Pad or other device and then share out that network connection we have provided to them to allow other devices to tether to it, how do we prevent or mitigate this issue with our W LAN environment?
Our current environment consists of 4400 series WLC's and 1131, 1231 and 1242 series AP's using version 7.098.218 code. We plan on migrating to 5500 series WLC's and 3500 series AP's but this will not happen overnight.
View 2 Replies
View Related
Jul 25, 2010
I've got a client with a WLC 4400 series and WCS that wants to setup a public guest wireless access network. They want to have the users put in their email address to authenticate and they want to capture the email addresses to use for marketing campaigns. I know you can setup the login page to have them put in their email address, but i can't remember if you have to use an external web server to actually capture and record the email addresses.
View 7 Replies
View Related
Sep 27, 2012
I have 3 4400 WLC's that implemented at 1 main site within a mobility group. I am looking at implementing wired guest authentication with a splash page for username and password access. I have followed the documents and suggestions about how to configure it. I created a layer 2 vlan (700) and then created a VLAN (151) that wired guests will get an IP address from. I then configured a WLAN with the ingress interface being VLAN 700 and the egress interface being VLAN 151.
All of my controllers are running code 7.0.116.0. When I go to do a test scenario with a wired client, I have the switchport setup for VLAN 151, which they get an IP address from, but when they try to go to the Internet, they don't get the splash page. Why I am not getting a splash page or even if this scenario is possible?
View 4 Replies
View Related
Jun 13, 2011
(WLC 4400) which enables employees to browse to a custom made webpage, where they can create an account for company vistors to access the internet. It's important for the employees not use any login credentials, they arrive on a webpage where they specify the login & password which the vistor will enter to browse the internet. Is there any good link to documention about this topic?
View 3 Replies
View Related
Jun 2, 2011
We’d like to extend our current Guest LAN from a 4400 WLC in our data center to a 2100 WLC located at a remote facility. However, we cannot get the foreign controller to pass traffic to the anchor controller – or so it seems. The catch is that we’re not actually trying to extend the SSID itself to provide wireless access, but instead flub it so that we can provide local wired access tunneled to the Guest LAN on the anchor WLC. I’m not entirely sure if this is possible, because I’ve read that before the EoIP tunnel will come up a guest client must associate to the foreign WLC.
We’ve followed the instructions we could find that go over setting up this type of scenario, but unfortunately they only cover setting up back-to-back 4400 controllers and as such, some functions described (notably being able to create a Guest LAN) are not possible on the 2100. We haven’t been able to find a clear and concise guide on the scenario we want to set up.
Here’s some detail:
Mobility group is up/up between both WLCs. Both WLCs are running 6.0.x code.
Anchor WLC – 3750G-24WS-S25 (a 4400 WLC w/ integrated 3750G-24)
Guest LAN WLAN “wired-guest” created; Ingress is “none” and Egress is our existing “dirtnet” – i.e. outside access. The “dirtnet” interface is *not* a Guest LAN interface. Mobility anchor is set as local.
Remote WLC – WLC2106
WLAN “wired-guest” created; Interface is “wired” w/ an IP address on the same subnet as the anchor “dirtnet” and associated with port 2. Mobility anchor is set to the anchor WLC and is up/up. I have a laptop connected to port 2 with a statically assigned IP address on the same subnet as “dirtnet.” I am able to ping the local port 2 address, but I can’t ping across the tunnel to the anchor WLC. I also cannot ping the anchor WLC "dirtnet" interface from the foreign WLC’s Ping tool.
View 1 Replies
View Related
Aug 16, 2012
We have a Cisco 4400 series wireless controller deployed as a Guest Anchor in a private DMZ. We have 13 foreign controllers anchored to this for Guest Wireless. We recently anchored 17 additional controllers to this Anchor controller. Since we have done that, periodically on just 3 of the foreign controllers, the control path shows down on the mobility peer, then comes back up. We have had this issue in the past, but it resolved itself. However, now we are seeing this issue again. Are we reaching a limit on EoIP tunnels? I have read that there is a max of 71, and that is per controller, not SSID. We do have a firewall in the middle but all necessary ports are open.
We have had this issue for quite sometime, it just does not happen frequently. Since we have added the additional controllers, it is now happpening very often, but only with 3 controllers. There is not much in common with these 3 controllers. 2 are 4400 series, and 1 is a 5508. All 3 are local on a campus LAN, different networks. Could it have anything to do with memory or utilization?
View 15 Replies
View Related
Aug 18, 2011
Is it possible to allow certain websites to bypass the web authentication pages, so that they do not need to authenticate to get to our own website, but do have to if they wish to go anywhere else?Looking at a 5508 model at the moment
View 4 Replies
View Related
Feb 14, 2012
Strange issue that our support staff is seeing on our guest WLAN. I have 2 wlans, 1 is production and authenticates our Domain controllers, this is working fine. The other is a wlan that has restricted access internally, I allow http, https and VPN access out only.
It appears that on the guest wlan, after random amount of time an established VPN connection using Cisco VPN client disconnects. Wireless connectivity doesnt appear to go down, just the vpn connection.
On this guest wlan, I have configured QOS bronze and I read a link where this may be affecting the UDP conversation between VPN client and end point.
View 10 Replies
View Related
Jul 18, 2012
I have 2 5508s (foreign and anchor both running 7.2.110.0) with an open WLAN configured via mobility anchors. This configuration works and has no problems. My next task is to incorporate a webauth page (accept/reject) to present the clients with AUP information, etc. On the foreign controller I created a test WLAN (open) and setup webauth Passthrough using the Cisco webauthbundle (wap.html), this works as intended, no issues. However I am at a loss as to how to incorporate the webauth Passthrough functionality on the WLAN that is configured for the mobility anchor.
View 2 Replies
View Related
Mar 30, 2013
1 router 881w with a site-to-site VPN connected to a switch and a wireless which allows internal users to access the VPN via wireless (this is like a backup, if the switch fails, then they can use the wireless). Everything's working fine so far. Now I want to configure a second WLAN for guest but I'm not really sure if this configuration will work:
ROUTER:
ip dhcp excluded-address 192.168.100.1 192.168.100.200
!
ip dhcp pool GuestNetwork
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
dns-server 8.8.8.8
[code]....
If it's not clear I want that everyone that is connected to the guest WIFI receives an IP address from the range I wrote before and then goes directly to the internet.
View 11 Replies
View Related
Sep 5, 2012
We are implementing a new corporate headquarters and have bought a Cisco 5508. I have two connections plugged into the 5508 in ports 1 and port 2. Port 1 is for all internally wireless networks and connects to our core 6500 and use an external DHCP server scopes. Port 2 is for our guest WLAN and connects directly to a public network switch in front of (outside) the firewall. For the guest network, I have setup a vlan on the controller for dhcp and the interface setup to that vlan and dhcp scope built on the controller. how or can I NAT the internally addressing for the guest network to the public IP address on the controller. Essentially I want to drop of guest network traffic outside the firewall and not have to deal with setting up the firewall for any aspect of guest network traffic.
View 1 Replies
View Related
Nov 3, 2011
Can I limit bandwith for guest in a wlan network with out Wlan controller? and of course, how can I do it?P.S.: I heard something about bronze profile in a wlan controller envoiroment, I need something like that but in an independent AP.
View 3 Replies
View Related
Aug 1, 2012
I've been asked to create 2 wireless networks for guest access. They are to be used by clients of 2 different companies and they have asked for the website of each company to automatically open as a landing page. e.g.
-WLAN1 - password is companyname1 - landing page = www.companyname1.com
-WLAN2 - password is companyname2 - landing page = www.companyname2.com
Is this possible with our 5508 WLC? I have googled it and can see that you can set a web auth page but I need different landing pages depending on which WLAN is connected to.
View 11 Replies
View Related
Feb 23, 2013
I recently setup a 2504 WLC that has two primary WLANs (internal and guest) which get their IP addresses from a central DHCP server using the local router's broadcast forwarding. Things seem to be working well for the internal wlan, but clients on the guest wlan don't seem to be getting IP addresses. If I give the client a static IP they are able to communicate across the wlan okay.
It is worth noting that I am using LAG between the controller and router and this guest wlan is really just a regular wlan (with PSK) that has an access-list applied to force it to the internet only. The access-list should be allowing dhcp requests through, but in any case, I removed the access-list and it made no difference.
Here is a debug client for a machine connected to the guest vlan (vlan 33). The internal wlan is on the 10.10.10.0/24 network (same as wired and same that the AP's are connected to) and the guest wlan is 10.33.0.0/16. I don't understand why I am seeing the dhcp request come from the internal vlan/ wlan first and it gets an IP address on this network. I then see a request on the guest wlan/vlan at which point it appears to get a valid IP address on the guest network (10.33.0.0), but the client never sees this. [code]
View 4 Replies
View Related
Aug 28, 2011
We're looking at deploying both office extend and also a guest wlan. Both would require a WLC in the DMZ.My question is can one 5508 WLC be both a guest anchor and have office extend APs on it at the same time?
View 2 Replies
View Related
Oct 2, 2011
Looking to add time of day restrictions to our Guest WLAN that is currently in its pilot phase.
Is there a way to config time of day access to a WLAN ?
View 7 Replies
View Related
Jul 18, 2012
I have a strange situation on my guest wireless LAN.The guest WLAN is configured as an SSID "GUEST" on Cisco 1142 lightweight APs, with WiSM controller and WLC software version 7.0.230.0.
For simple Internet access using this SSID, we have a web policy, which causes a web page to be displayed when the user opens his/her browser, and on this web page, the user must click on an "Accept" button in order to accept the terms and conditions of use. Once the user accepts, the browser will then go to the web site which the user wishes to open. When using this mode of access, everything is fine.
However, there is also a pre-authentication ACL, which allows certain types of VPN traffic to reach the Internet without the user being required to accept terms and conditions. The ACL allows ESP, IKE (UDP/500), IKE over UDP (UDP/4500), DNS, HTTPS/SSL (TCP/443), DHCP client and server (UDP/67,68).The pre-auth ACL actually works as intended; and the ACL traffic is NOT allowed when the ACL is removed. This is exactly as it should be.
However, when using, for example, a VPN client such as the Cisco VPN client, or the Cisco AnyConnect client, via this guest SSID without user acceptance, the WLAN regularly and predictably stops passing traffic. This is 100% repeatable and predictable; it happens every 300 seconds, or possibly slightly longer. I have only used my PC clock to time it so the timing isn't all that accurate but I'm sure it's within a few seconds.
Given that the problem happens at the same time interval and is constant, I guessed there must be some configuration item which needs to be altered, but I've looked extensively at the controller GUI (we actually use WCS here) and I can't see anything that looks even remotely related to this.
View 5 Replies
View Related
Dec 6, 2012
We are planning a WLAN upgrade and the security policy is to forward wireless Guest user traffic to the DMZ controllers. We are now considering the Virtual WLAN Controller and all AP's will register with the virtual controllers and we will use Flexconnect for Staff and internal traffic that will switch their traffic onto the local switch.
We wish to forward the guest traffic to the DMZ Guest Anchor controller which will be a 5508 controller. This will also offer Office Extend AP service.I have looked at teh virtual controller docs and not very clear if this deployment model is supported. Below is a diagram of what we wish to deploy and is this a supported deployment model.
View 2 Replies
View Related
Sep 19, 2012
My customer has multiple sites, each with a 2504 WLC.A data center with a 5508 in the DMZ acting as Anchor for the remote sites.ACS 5.x and NCS Prime.All guest users will egress to the internet via a Vlan in the DMZ.Authentication is currently web-auth on the Anchor, but will move to NCS once that is fully deployed.
Is it possible to put a printer in each site for Guest WLAN users to use?
View 3 Replies
View Related
Feb 10, 2013
I want to setup a webpage for my guest network (no authentication) users. When the client connects to the open guest network and upon opening a browser they would be directed to a survey that I would like them to take, if they don't want to take it they can begin browsing to other sites without issue. How do I do this on a my 5508 WLC?
View 12 Replies
View Related
Jul 16, 2011
I tried to extend the Range of the Guest WLAN of the E2000 with several different Access Points vom TP-Link. (Last try: TL-WA901D) The Access Point recognises the WLAN and sometimes it has a connection for a short time. But then the whole WLAN is breaking down, sometimes the Router E200 hangs up, also with the LAN connections. The E200 is connected to a sky-DSL Router and works fine when no additional access point is connected. In the web-Interface of the E2000 I cant setup any specific Guest-WLAN settings.
View 1 Replies
View Related
Feb 8, 2012
I have a wrt54g router and would like to separate the WLAN clients from accessing computers and servers on the LAN... in other words I would like to make it a "guest" network. I've put the router in "router" mode instead of "gateway". I just want to be sure if that is the best thing I can do in terms of turning the wireless network into an isolated one.
View 4 Replies
View Related
Jul 24, 2012
When a guest user first trys to access the "guest" WLAN, they are presented with a "certificate page" before the web athentication page / login is presented. The WLC forces an internal redirect to https://1.1.1.1 causing the certificate page to appear. Can this be bypassed? I am runiing 5508 with 7.0.220.0.
View 12 Replies
View Related
Jul 23, 2012
I have a Cisco Series 4400 WLAN controller and I'm trying to connect a lightweight AP to the controller. I have already assigned the switch port to use my wi-fi VLAN, and have connected the AP to the switch. After a few minutes, the light on the AP goes from green to light blue (indicating it's serving clients). When I log into he wi-fi controller to look for the Ethernet mac address of the new AP, I do not see its Mac Address. I want to be able to rename the AP to reflect where it will be used, but need to select the AP via its Ethernet mac address before I can make any edits like changing its name etc. I've gone through the "monitoring" menu, selected "All" and still do not see it in their via its MAC address. I also will select the "wireless menu" which lists all the AP's on my network, listing in order from on the longest running, to just powered on.Is there something I'm missing like a "re-scan" that scan's all devices?
View 5 Replies
View Related
Jun 25, 2011
We have two 4400 controllers which support 50 Access points each and wcs with 100 base license.Now we added 5508 controller supports 50 access points.wcs is upgraded with another 50 ap license.The 5508 controller is joined to wcs and the licence showing permanent.WCS showing all aps and showing both 100 and 50 licence as permanent.But the issue is while loging into the wcs it showing the error message as"The system is in violation of license.The number of APs registered is greater then licensed."
View 5 Replies
View Related
