Cisco :: 4402 - Sluggish DHCP For Guest Users
Feb 3, 2011
Our Guest access system seems to be having problems with DHCP. It seems to take a while to deliver an IP address making the client device show the "limited or no connectivity" message, which of course makes the users complain. On one occassion I have seen my own client eventually picking up an address even after the limited connectivity message appeared. On another I saw the debug showing "Dhcp request for autoconfig address", which I suspect is a symptom of the problem.
Our Anchor Controller is the DHCP server and is a 4402 running 7.0.98.0 - I've attached some DHCP packet debug.
View 6 Replies
ADVERTISEMENT
Aug 26, 2012
I have this guest wlan working with web authentication, as you may know in order to get authenticated you must have an IP address first then have a valid username and password. The problem is that if you don't have valid credentials you keep the IP address anyways.I'd like to know if there is a way to release the IPs that are not being used? The WLC is the DHCP server for this network.
-WLC4402
-6.0.202.0
View 6 Replies
View Related
May 19, 2011
I have a guest network and lately I have been experiencing troubles with some users.The symptom, as I create a username and password and type'em in a laptop the authentication fields in the web authentication page don't keep the data as if I didn't type anything
WLC 4402-50
Version 7.0.98.210
View 7 Replies
View Related
Jul 24, 2012
I am trying to setup a Wireless Network on my WLC that is totaly independent of our internal LAN. Port1 is designated at the .14.0 network and Port2 is the .18.0 network. The 14 network (Port1) will be the guest and 18 network (Port2) the internal wireless.
The issue i am having is nothing is routing to Port1. I have the Guest Wireless set to get DHCP from the WLC and i can get an address but i cant get internet access. I tried configuring a Network Route but it will only let me set the service port as the Gateway and not the IP for Port1.
I am running software version 5.1.151.0 and using this guide as it is the only one i can find. [URL]
Here is a screen shot of my Interface config.
View 7 Replies
View Related
Mar 23, 2011
We have a 4402 wlc setup for guest network access. We are using the local net users to provide access to our guests. We have an issue where if a user signs in through the web, sometimes but not always, they are then forced to keep signing back in almost every 30-60 seconds.
View 8 Replies
View Related
Jul 21, 2011
In our network two wlc's are connected,both are 4402 with 25 and 12 capability.Total aps connected are 33.The users are frequently disconnecting and showing limited connectivity.while manully connecting they are able to connect again.This is happening frequently with many users.While happening all this the aps state is up and no logs found about user disassosiation.
View 2 Replies
View Related
Feb 9, 2012
4402 Software Version - 4.2.130.0
1242 IOS Version - 12.4(10b)JA4
First off let me start by saying I am quite green when it comes to this equipment, I managed to get this project up and running with the equipment manuals, tech notes, forums and a lot of google work.
This setup has been up and running now for around 4 years with little to no maintenance or monitoring, I have been getting a few reports of users not being able to move from one area to the next without getting disconnected from our wireless, all of our users (about 400 or so) are running on newer Lenovo laptops on Windows XP SP3.
I know this is extremely light in substance with regards to troubleshooting, but where would be a good starting point to begin with this issue?
We use one RADIUS server with Layer 2 WPA WPA2 AES security.
View 1 Replies
View Related
Aug 10, 2011
There is one guest interface, one guest WLAN. The WLAN is set with a DHCP override address of the guest interface. But it no longer allows this as I found out. Anyway, I can get the client to now receive an address from the internal pool on the WLC, but it will not route to the authentication page. I noticed that the WLC excludes the clients attempting to connect on the guest WLAN due to failed 802.1x authentication! the WLC never even gave me the chance to authenticate using an account created either through the lobby ambassador or creating one directly on the controller.
View 3 Replies
View Related
Nov 6, 2012
We currently have all of our foreign AP controllers on software version 7.0.116. This consists of a mixture of 4400 and 5508 WLC's. Our guest anchor is a 4402 on version 7.0.116. We are replacing the guest anchor with a 5508. We are also upgrading our 5508 wireless controllers to version 7.2 to support the 3600 series AP's. My question is what is the recommeded code that the anchor controller should be on? Should it also be upgraded to 7.2? If we upgrade the anchor controller to version 7.2, will this affect anchoring to 4400 series foreign controllers still on7.0.116?
View 9 Replies
View Related
Nov 29, 2011
I have been trying to create a Guest WLan on my 4402 WLC system and have found several confilcting documents explaining the procedure. During this process I have notices that although the current corp wireless works, there was never a virtual interface created for it. Instead it uses the same Wlan/Vlan as the ap manager and managemnt interfaces. Could this by why I cant seem to get the Guest access working? or is this not a problem after all since the wireless does work.
View 1 Replies
View Related
Dec 7, 2010
We have a customer with ACS 4.2 Appliances who currently uses the Layer 3 web-redirect guest function to authenticate users against AD via ACS and LDAP to the AD, its a mixture of un-managed Windows, Mac & linux clients.
They want to move to an 802.1x solution.
Now MS-CHAPv2 is proably the obvoius choice (maybe it isnt considering Linux and MAC clients ... comments???). However the only option to integrate with AD is LDAP i.e remote agents or an upgrade to 5.x is out of the question.
View 9 Replies
View Related
Feb 16, 2013
I am a restaurant owner and have a wireless network set-up via DLink DSL 2730U router. Now some times I get customers who demand to use the network and they use it for free which I find irritating. I have found one solution of 'Guests/Virtual Point' but I need to limit the time (say 15 minutes) for which they can use the network.
View 1 Replies
View Related
Sep 29, 2011
When on the management interface the clients can't get dhcp but the AP's can on the same vlan. I've tried enabling and disabling dhcp proxy, and using a remote dhcp server as well as the internal server. This same config works on the 4402 we're replacing with version 5.2.193 on it.
View 13 Replies
View Related
Nov 27, 2012
We currently have a cisco 4402 with firmware version 6.0.182.0 and 4 WLANs currently running on it, we found the need to add an additional WLAN and after the configuration was completed and I tried to connect to it I found that we are not getting an address. If i connect a laptop to the VLAN I can get an IP and am able to browse. If i hard code an IP into a device and connect to the wireless i am able to connect and browse.
View 7 Replies
View Related
Aug 20, 2012
I run a business and have customers who would like to use my wireless internet. I previously had a completely open network that I would allow them to use, until someone illegally downloaded a movie and got us in trouble. I would like to allow use of the network again, but limit activities like this. Basically, so they could only do basic web browsing, etc.
View 1 Replies
View Related
Mar 21, 2013
We recently implement WLC 5500 Series, I found out guest user once period of that user expired it will not appear at lobbyadmin page where you can see list of users.
Is there any way to see expired guest users and also IP address which assign to guest user?
View 2 Replies
View Related
May 7, 2013
I have a cisco wlc 2504 is deploying authentication services to guest users toward a portal web customized and configured. I need to install my certificate verisign (certificate.cer) in to cisco wlc because my users don't like the page no trusted (The wlc is showing me ''There is a problem with this website's security certificate'') when they are trying to access to ssid to users guests.
View 2 Replies
View Related
Mar 22, 2010
Have a WLC 5508 running 6.x code with LAP's providing wireless for our internal laptops (WPA2 and EAP-TLS). I want to provide guest wireless which goes out a different port on the WLC to a guest firewall/cable modem. However, we want to prevent our internal laptops from being able to use the guest wireless. I have RADIUS (IAS) and LDAP for my AD available. We would prefer not to have use Lobby Ambassador and just have the guests use a simple password or web passthru. Guests may be laptops or smartphones. What options are available? I have tried a test setup using dynamic vlan assignments from RADIUS using the IETF flags, but can't seem to get it to work. Is there a way to identify the SSID is being used at the RADIUS server?
View 13 Replies
View Related
Apr 17, 2012
I have successfully implemented wireless guest access using 4402 WLC as the Anchor and 5508 as Foreign. The Anchor controller also provides dhcp services to guest clients. The 5508 is LAGged and there is no issue with the guests traffic separated from corporate. At a remote site, there is a 4402 WLC using LAG and also acting as a Foreign controller. But when a client connects to the guest WLAN, it obtains a corporate dhcp address instead of the dhcp address assigned from the Anchor controller. The guest WLAN setting is the same as with the 5508 controller i.e. DHCP server override is ticked and the management IP address of the Anchor controller is specfied. Also DHCP Addr required is ticked. Why the 4400 controller is not forwarding dhcp requests to the anchor controller and instead sending to the corporate dhcp server.
View 36 Replies
View Related
Feb 6, 2013
i am using wlc 4402 with a mgt ip 172.26.150.x/24 and ap manager ip 172.26.150.x/24, my all ap get the ip address from dhcp . currently in dhcp server 172.26.150.3 to 254 dhcp scope is configured. at mysite some devices are configured like ipad,iphone or galaxy tab with mac binding in dhcp server. now this pool is almost full. i have a policy configured for these devices for mac binding is done in DHCP. to increase pool what are the changes i need to do in wlc. what are the changes i need to do in dhcp server . is policy made for mac binding in dhcp server will get affected by this ?
View 2 Replies
View Related
Feb 27, 2012
I would like to integrate our intranet web page with Cisco WLC 2500. Is it possible to integrate custom web page with WLC. I know, that I can create custom authentication page, but what about creation of the user?
View 5 Replies
View Related
Sep 19, 2012
My customer has multiple sites, each with a 2504 WLC.A data center with a 5508 in the DMZ acting as Anchor for the remote sites.ACS 5.x and NCS Prime.All guest users will egress to the internet via a Vlan in the DMZ.Authentication is currently web-auth on the Anchor, but will move to NCS once that is fully deployed.
Is it possible to put a printer in each site for Guest WLAN users to use?
View 3 Replies
View Related
Jan 16, 2013
I have a 4402 (version 7.0.235) working with 10 units of 1121 APs connected to it. The WLC is not configured to work in LAG mode. Physical portt #1 is connected to the Main Switch (trunk). I have 3 WLAN mapped to 3 Different VLAN and Everything (security and internal, external DHCP) is working swell...Now- I have connected Physical port #2 directly to an ADSL Router (giga port), Configured Port 2 as untaggedwith the proper IP details.I have configured this interface to receive DHCP from the ADSL Router and for some reason, Clients are not getting addresses.When I assign a Static address to my laptop I get internet access and all is nice. I tried configuring The WLC internal DHCP server (instead of the ADSL router) and that didn't work. It seems like a DHCP problem but I dont understand the source of the problem of think of the solution.When turning off the proxy settings I noticed that it worked. Is there anything to do with that? The problem was that after a while the other WLANs starting causing DHCP issues as well.
View 7 Replies
View Related
Apr 8, 2008
I am trying to setup a guest vlan. I set up an interface for the guest vlan on my 4402 controller. I assigned the guest vlan interface an IP of 192.168.2.10 with a 24 bit subnet mask.
This vlan will go to my DMZ where there is no DHCP server so I need to setup the internal DHCP server. I created a new scope but I'm having trouble with what to put in the Network field for the DHCP scope. The pool addresses are 192.168.2.100-200. with a 24 bit subnet mask.
Every time I try to apply the configuration I get an "error in setting DHCP scope network and netmask".
I've tried using:
192.168.2.10
192.168.2.255
192.168.2.254
as entries for the Network setting but no go. The docs say to enter the IP address used by the management interface with subnet mask applied.
I was assuming they meant the interface for the guest vlan.
View 3 Replies
View Related
Aug 6, 2012
This is rattling my brain. I have configured 2 SSIDs, one for internal, one for guests. They are on seperate VLANs (50 and 51) and bridge groups (1 and 2). I can get IPs via DHCP for the internal network, but not for the guest. I can't get DHCP for any VLAN 51 sub-interface, nor clients that connect to it. The overall goal is to keep all traffic on the guest network seperate from the internal traffic, however, DHCP requests will be from an internal server. I have removed all the access-lists for troubleshooting purposes. AP and Switchport configs are below!
AP Config
Current configuration : 4011 bytes
!
version 12.4
[Code].....
View 6 Replies
View Related
Nov 19, 2011
We assign (reserve by MAC actually) static IPs to all of our devices. Over time we have gotten rid of some devices but haven't begun (or finished really) re-using the old IPs. On our WRVS4400N v2 routers we are able to set the max number of DHCP users per Vlan. This prevents unauthorized devices trying to connect to our LAN.For example. I set the range from 192.168.1.100 - 192.168.1.103. IPs 100, 101, and 103 are in use (reserved via MAC address). We set max number of DHCP users to 3. This prevents someone from gaining access to 192.168.1.102. Does this make sense? Or at least this was the initial goal and it tested out successfully back when we implemented it.
How can I do the same for with the RV220W? I can set the range, assign static IPs (reserve IPs by MAC address), but can't keep others from gaining accessing to our LAN via the unused IPs (not assigned a static IP).My initial thought was to create static IPs (for the unused IPs) using dummy MAC addresses. I'm sure there is a much better way of accomplishing what I am trying to do.
View 3 Replies
View Related
Mar 7, 2011
I have an ASA 5540 cluster that is configured as my remote access VPN point. Users connect using IPSEC Profiles with Cert based authentication, the profile is configured to query two DHCP servers (infoblox appliance servers).
The problem I am encountering, is that I need to make reservations on the DHCP server for some users for specific business needs. What happens is that the ASA passes the request to the DHCP server with it's own MAC address and not the MAC of the remote host.
Is there any way I can configure the ASA to pass the request using the hosts actual MAC address?
View 1 Replies
View Related
Jan 18, 2011
I have disabled the internal DHCP/DNS server in the routers firmware. I have enabled the wireless guest access SSID. A client associating with the Guest Wireless Access will obtain a DHCP address from the server in the LAN zone, but cannot resolve DNS as the firewall prevents traffic to flow from the Guest zone to the LAN zone, as it should.Is there a way to enable the DHCP server and DNS server in the routers firmware, but only on the Guest Zone? Is it possible to get the Guest Zone to have a different subnet?Tech support has hung up on me twice now.
View 5 Replies
View Related
Mar 6, 2012
So have a wireless guest network on an N600 router. Here is my setup:
pf sense -> untangle -> switch <- N600
the N600 is just an access point and does no DHCP. The primary wireless network gets IP no problem but the guests are not getting an IP. I'm assuming the N600 has no way of issuing an IP on the guest network. how to set a DHCP server on the guest network and have a static route to the pfsense firewall from that network.
View 10 Replies
View Related
Oct 6, 2012
I have an existing setup consisting of:
Windows Server - doing DHCP for private wired/wireless
Cisco 1141 Autonomous WAP with only private wireless access.
ASA 5505 (with very basic licensing)
HP switch
The customer wants to have guest WiFi.
The guest WiFi is going out to the internet via a seperate VLAN/interface on the ASA. Can the 1141 do DHCP for the guest WiFi? Or do I need to do it via the ASA?
View 1 Replies
View Related
Sep 16, 2012
This is the first time I am trying my hands on wireless gears. I have 2500 WLC and 1142 AP (which I converted from Standalone to LAP).I have a layer 3 POE switch where i am using port 1 for the WLC which is a trunk port.
Port 2 is for the AP using access vlan 111
Port 3 is trunk port going to a router where i am running dhcp server for the VLANs which are as follow:
VLAN 110 -Corp Wireless (10.1.110.0/24)
VLAN 111 - AP-Mgmt (10.1.111.0/24)
VLAN 999 - Guest (10.1.101.0/24)
I wanted to block the traffic from the Guest VLAN 999 but when i apply the ACL on the Guest Interface created on the WLC, I dont see any pings going across and neither I see any hit counts on the deny statement as if the ACL is never applied.
View 4 Replies
View Related
Feb 24, 2013
I have a cisco wlan controller (2100) running software 7.0.235.0. I have the internal private wlan running off of port 1 and that is working fine with an internal dhcp server.Is it possible to setup another ssid (guest) and have the interface directly linked to a static ip on the WAN and also use the built in cisco internal dhcp server?
View 4 Replies
View Related
Feb 28, 2013
i have two 5508 ver 7.3.0, one is the primary and one is the guest controller. mobility is up and running. i have an exising guest ssid working with wpa2-psk and web authentication and its working fine but i require a second guest ssid that only uses a wpa2-psk for ipod/ipads as i cant use passive client on primary controller. i presently have the one vlan range and dhcp setup on the guest controller to give addressing to either ssid. i know you can have multiple ssid setup on the guest controller but in other sites i have only had one guest connection comming from the primary controller, just a primary controller on each sites was only creating one link to the same guest controler.
View 3 Replies
View Related
