Cisco :: 4402 WLC Guest Wireless Setup
Jul 24, 2012
I am trying to setup a Wireless Network on my WLC that is totaly independent of our internal LAN. Port1 is designated at the .14.0 network and Port2 is the .18.0 network. The 14 network (Port1) will be the guest and 18 network (Port2) the internal wireless.
The issue i am having is nothing is routing to Port1. I have the Guest Wireless set to get DHCP from the WLC and i can get an address but i cant get internet access. I tried configuring a Network Route but it will only let me set the service port as the Gateway and not the IP for Port1.
I am running software version 5.1.151.0 and using this guide as it is the only one i can find. [URL]
Here is a screen shot of my Interface config.
View 7 Replies
ADVERTISEMENT
Aug 26, 2012
I have this guest wlan working with web authentication, as you may know in order to get authenticated you must have an IP address first then have a valid username and password. The problem is that if you don't have valid credentials you keep the IP address anyways.I'd like to know if there is a way to release the IPs that are not being used? The WLC is the DHCP server for this network.
-WLC4402
-6.0.202.0
View 6 Replies
View Related
Aug 10, 2011
There is one guest interface, one guest WLAN. The WLAN is set with a DHCP override address of the guest interface. But it no longer allows this as I found out. Anyway, I can get the client to now receive an address from the internal pool on the WLC, but it will not route to the authentication page. I noticed that the WLC excludes the clients attempting to connect on the guest WLAN due to failed 802.1x authentication! the WLC never even gave me the chance to authenticate using an account created either through the lobby ambassador or creating one directly on the controller.
View 3 Replies
View Related
Nov 6, 2012
We currently have all of our foreign AP controllers on software version 7.0.116. This consists of a mixture of 4400 and 5508 WLC's. Our guest anchor is a 4402 on version 7.0.116. We are replacing the guest anchor with a 5508. We are also upgrading our 5508 wireless controllers to version 7.2 to support the 3600 series AP's. My question is what is the recommeded code that the anchor controller should be on? Should it also be upgraded to 7.2? If we upgrade the anchor controller to version 7.2, will this affect anchoring to 4400 series foreign controllers still on7.0.116?
View 9 Replies
View Related
Nov 29, 2011
I have been trying to create a Guest WLan on my 4402 WLC system and have found several confilcting documents explaining the procedure. During this process I have notices that although the current corp wireless works, there was never a virtual interface created for it. Instead it uses the same Wlan/Vlan as the ap manager and managemnt interfaces. Could this by why I cant seem to get the Guest access working? or is this not a problem after all since the wireless does work.
View 1 Replies
View Related
Mar 23, 2011
We have a 4402 wlc setup for guest network access. We are using the local net users to provide access to our guests. We have an issue where if a user signs in through the web, sometimes but not always, they are then forced to keep signing back in almost every 30-60 seconds.
View 8 Replies
View Related
Feb 3, 2011
Our Guest access system seems to be having problems with DHCP. It seems to take a while to deliver an IP address making the client device show the "limited or no connectivity" message, which of course makes the users complain. On one occassion I have seen my own client eventually picking up an address even after the limited connectivity message appeared. On another I saw the debug showing "Dhcp request for autoconfig address", which I suspect is a symptom of the problem.
Our Anchor Controller is the DHCP server and is a 4402 running 7.0.98.0 - I've attached some DHCP packet debug.
View 6 Replies
View Related
Jun 4, 2012
I have setup guest access on the controller and this is not working at the moment.
DHCP server setup on the controller for the Guest users.
You are able to connect (get ip address from controller) and the browser gets redirected to 1.1.1.1 but then page can not be displayed instead of the login page.
View 2 Replies
View Related
Feb 10, 2012
I am running a /24 network in Active Directory with my ASA acting as gateway and firewall. Standard interfaces (Ethernet 0/0 as outside, Ethernet 0/1 as inside)
As of now I have no VLans set up, but I need to setup wireless Internet access for guests... I need directions on how to setup a Vlan with its on DHCP for these aguests... I can then make sure that my APs can be pointed to the same VLAN... I am not familiar with CLI, have generally used ASDM. I am currently running ASDM 6.3(1) on an ASA with version 8.3(1).
This is something I need to do quickly as we are expecting 20-40 "guests" shortly, and I don't want them to use our internal DHCP server addresses.
View 3 Replies
View Related
Dec 11, 2012
how to setup a separate SSID for guests (without a password).
Basically, we have one SSID now called Mnet which has a WPA2 password. For guests coming in i want Mnet Guests where people can connect without needing a password. They should be able to use internet but not connect to LAN devices, how to accomplish this with this WAP321?
View 7 Replies
View Related
Jan 2, 2012
We currently have a Guest wireless setup at my company, instead of using a anchor controller we have dual contorllers with each having one interface connecting out into our dmz and then going out. it's a pure L2 connection and exits out to the internet via a DMZ interface on our ASA. We recently purchased a PA-200 Palo Alto firewall to use for this Guest network, and configured everything exactly how it's all ready setup on our dmz switch and asa with the same ip addresses. When we connect the outside interfaces from the controller to a L2 switch that's connected to the Palo Alto firewall we can't get dhcp requests thru and have no connectivity, even if we set a static IP on our client we still have no connectivity and it won't redirect us. We use Web-Auth for our authenication with this network and I know once you get an IP address it will only allow dns to redirect to the virtual IP for authenication before it allows anything else but it is the exact same setup as we had before just with a different firewall so I'm stuck. Also if I plug directly into the switch via ethernet cable I can get an IP address and get out to the internet.
View 13 Replies
View Related
Jun 4, 2012
I have setup guest access on the controller and this is not working at the moment. DHCP server setup on the controller for the Guest users. You are able to connect (get ip address from controller) and the browser gets redirected to 1.1.1.1 but then page can not be displayed instead of the login page.
View 10 Replies
View Related
Apr 26, 2011
I'm trying to setup WLC for LDAP to authenticate the users. I have all the components required according to cisco's document. WLC4402, LAP1142N, 2008 AD serving as LDAP.
I'm configuring according to the document and also trying same settings from other users on this forum who (seems to) have got the WLC-LDAP up and working. My problem is that I'm receiving the below debug message on the controller and there is nothing on the internet on this error:
*LDAP DB Task 1: Apr 28 10:05:35.903: LDAP server 1 changed state to IDLE*emWeb: Apr 28 10:09:21.046: aaaLdapServerStateSet [1] changed state to 'DISABLED'.*emWeb: Apr 28 10:09:21.046: aaaLdapServerStateSet [1] changed state to 'ENABLED'.*LDAP DB Task 1: Apr 28 10:09:21.052: ldapTask [1] received msg 'CLOSE' (4) in state 'IDLE' (1)*LDAP DB Task 1: Apr 28 10:09:21.055: ldapClose [1] called lcapi_close (rc = 1008 - Invalid client handle)*LDAP DB Task 1: Apr 28 10:09:21.055: LDAP server 1 changed state to IDLE
I'm getting this error regardless of the authentication type, any username and attributes. So it makes me think WLC is not even trying to bind to LDAP. If the error was invalid credentials or something mismatch or something, it gives me some information to base my troubelshooting but I just can't find information on this (rc = 1008 - Invalid client handle) message.
View 3 Replies
View Related
Aug 28, 2011
We're looking at deploying both office extend and also a guest wlan. Both would require a WLC in the DMZ.My question is can one 5508 WLC be both a guest anchor and have office extend APs on it at the same time?
View 2 Replies
View Related
Apr 6, 2010
I just installed my new Cisco E3000 and configured it over the HTTP interface, as I have on previous routers. I am unable to find any setting for the "Guest" wireless network (outbound internet only), or the Parental controls. Both of these are features of interest, and they're simply not listed in any of the web-based settings.
Puzzled, I did a Factory Reset and configured it via the Cisco Connect instead.. this had the Guest feature and Parental controls, but none of the other features I need, like QOS, or Port Forwarding, or DHCP disable.
It seems like the Web interface only configures some settings, and the Cisco Connect configures other settings, but I can't use them both.
Where does one set up the additional password for Guest access? Other than this, the router works fine on 2.4 & 5 GHz, nice..
View 9 Replies
View Related
Jan 25, 2011
A query here with regards to Wireless isolation between SSID and wireless isolation within SSID.If we have 2 SSID, eg. InternalSSID, GuestSSID on AP1.Both SSID are set to Enabled for isolation between SSID, and within SSID, that would mean all machines connected thro' this AP1, would be isolated from one another.
1) If there's 1 laptop that connects to another AP, lets call it AP2, (doesn't have isolation function) on ssid01. Would this laptop still be isolated from those that connects to the first AP?
2) If there are wired PCs connected to the router. And the 2 APs are connected to the same router. Would the machines connected thro' the AP1 on either InternalSSID, GuestSSID be able to access those wired PCs? (My assumption is yes.)
3) Is there a quick and efficient way to setup on WRVS4400N to isolate GuestSSID totally from InternalSSID, and wired PCs. InternalSSID and wired PCs should be allowed to 'see' one another.
The challenge here is that, the network points are all installed already. Both AP are connecting thro' 2 separate unmanaged switch together with a couple of other PCs. 1 Port on the unmanaged switch, each,connects to the router.
View 1 Replies
View Related
Mar 20, 2012
I used Cisco connect to set up guest access with a secure password. Cisco Connect now indicates guess access is allowed and shows the password. However, when I actually try to connect to the guest network, it shows no security at all, and I can join the network without a password.
View 1 Replies
View Related
Apr 19, 2012
I got the task of setting up a Guest wireless network for one of our remote campuses. We already have some APs that are connecting to our WLC.
The Enviroment:WLC Cisco 5500 is at our Corporate office. Connects to our Core Switch then to our Router Router connects to our remote campuses over mpls.
We currently already have APs at this campus that are connecting back to our WLC.
We have a DSL line at the remote campus that we want this Guest wireless routed to.
I have already created the guest network on the WLC and a guest VLAN on the Core switch.
My main question is how to configure the two routers for this and have this go out the DSL modem?
View 9 Replies
View Related
Feb 26, 2013
Just got a new EA3500, and plan to use its guest network feature to allow Internet access but not access to my LAN. Wondering if I can set it up so that users on the guest network bring up a particular website when they open their browser.
View 3 Replies
View Related
Jun 10, 2013
I would like to setup a 2504 to have one Guest WLAN and one Staff WLAN with a controller port for each WLAN connected to different devices.
I would prefer to connect the WLC Guest port to an ASA 5510 and the WLC Staff port to an internal 2960S switch. Will this work? I haven't setup a 2500 series controller previously.
View 4 Replies
View Related
Dec 10, 2012
I am trying to set up a vrf for guest networks and am having issues on one of the switches.A quick overview (since I dont really know what i am doing ) we have two sites that are connected via lanex. each site has a 3750. The only internet connectivity is the remote site (so all the users at the local site route out through the remote site to get to the internet)I need to make a guest network at the local site using our current infrastructure but it cannot have any access to our network resources.
I have created a vlan here (vl166) and on the remote switch
ip vrf TRAINING
didnt do any route distribution
then added "ip vrf forwarding TRAINTING" and readded the ip to the vlan interface
gave it an ip address of 172.16.166.1
did the exact same thing on the remote switch but with interface address of .2
enabled ospf on both switches.... router ospf 3 vrf TRAINING
I cant ping from one interface to the other... when I try pinging from the remote switch I get :
CISCO3750MCI-1#ping vrf TRAINING 172.16.166.1
% VRF does not have a usable source address
CISCO3750MCI-1#show ip vrf interfaces TRAINING
Interface IP-Address VRF Protocol
Vl16 172.16.16.2 TRAINING down
I cant see why the interface is down. Nothing in the logs (even when I do no shut... it just accepts the command but doesnt come up)
View 8 Replies
View Related
Mar 26, 2013
I have registered here to clarify some things about VLAN's. There are so many (different) names and mentions that i found tat my vision gets blurry looking through all the info.I have a setup at a client where the Guest WiFi access needs to be separated from the normal LAN where all the normal devices are attached to. The guests are not allowed to reach the IP camera's and printer etc. etc. . I am trying to visualize how the traffic should flow but the Tagged, Untagged, PVID, Trunks and other names that i found make it difficult for me to see how it works together.
View 8 Replies
View Related
Oct 17, 2012
Any problems with the guest network on the ea4500 with the cloud firmware? I am losing guest clients after about 24 hours and the re-authentication fails. you enter the guest password and nothing happens until you reboot the router.
View 2 Replies
View Related
Jan 27, 2013
I have a Cisco Aironet 1240AG Access Point and I am trying to setup a guest network that is secure and limited in bandwidth utilization. I see an option under security > SSID Manager on the web interface to select an interface of Radio0-802.11G, Radio1-802.11A or both. Can I put the guest network on the Radio1-802.11A and make it more secure/bandwidth limited or does this option not matter?
View 3 Replies
View Related
Aug 18, 2011
Is it possible to allow certain websites to bypass the web authentication pages, so that they do not need to authenticate to get to our own website, but do have to if they wish to go anywhere else?Looking at a 5508 model at the moment
View 4 Replies
View Related
Nov 20, 2011
I have 2 4402 WLC's and am in the process of deploying 1042 APs out to sites. But The AP's wont recognize the WLC. I have configured the DNS for CAPWAP but still no dice. I have had to serial into each unit and give it a static IP and then I can see it on the WLC. Shoulsnt this be automatic?
View 21 Replies
View Related
Jul 29, 2010
Any explanation about this warning from the WLC4402 after the software upgrade to 7.0.96. version? this is the message: Warning: WLC has detected its IP add xx.xx.xx.xx being used by a machine with MAC add xx:xx:xx:xx.and the MAC add found is the the mac add of the dynamic interface of the WLC.
View 7 Replies
View Related
Jun 29, 2011
My WLC running 6.0.182.0 suddenly could not accept more than 47 APs! Ihave a 1240 trying to join but failed with no obvious reason (no special errors in debugging).
I unplugged one of the joined and the first one joined!! I replugged the second one but could not join!! I unplugged the first one and replugged the second one: the second joined the controller but the first could not associate again!
View 4 Replies
View Related
Jun 25, 2012
Can 3600 series model AP work with WLC 4402 with existing license, we purchased 25 LIC pack and still using only 15. Any recommended Part no on 3600 series with external Antenna
View 5 Replies
View Related
Jan 24, 2013
I want to prevent guest from doing peer - peer communication on my Guest (5508) controllers. Is this a feature on the WLC or only by applying an ACL on the router interface?
View 2 Replies
View Related
Jun 7, 2012
We have two cisco 1262 AP and a 4402 WLC, the AP cannot join the WLC. The AP gets the address from dchp
I cannot ping the AP address from the WLC, but i can ping the default gateway and other VLAN addresses.
I already read the info on the this link : [URL] Still our AP cannot join the WLC no matter what i have tried.
Setup
- VLAN setup on a Cisco 3560 48 port poe Switch
- tunk configured btwn the Gi Interface and the Management physical port
- WLC mode is configured for Layer 3
- AP Manager and Management are in the same Subnet
- Option 43 is configured for the with the AP Manager's IP address
- Opotion 60 is also configured with AP Manager's IP address
- the port connected to the APs are in the AP Manager VLAN
View 12 Replies
View Related
Jun 13, 2012
Error: AAA Authentication Failure for UserName:radiususername User Type: WLAN USER
I am using a window radius server. I have added my WLC 4402 as a radius client on my radius server.
I followed the instructions on the MS link : [URL]
I want to use my windows raduis authentication for WLC management login and Web-Auth for guest WLAN user login.
View 2 Replies
View Related
Feb 3, 2013
Our company has a customer with a Cisco 4402 WLC and a code version of 4.2.130.0 . The customer wants to upgrade the code to 7.0.230.0. Is there any flash size requirement when upgrading to 7.0.230.0? (upgrade train: 4.2.130.0 ----> 4.2.209.0 ----> 7.0.230.0), How can I find the flash size?
View 2 Replies
View Related
