Cisco Wireless :: 4402 - No Internal Interface / How To Get Guest Access Working
Nov 29, 2011
I have been trying to create a Guest WLan on my 4402 WLC system and have found several confilcting documents explaining the procedure. During this process I have notices that although the current corp wireless works, there was never a virtual interface created for it. Instead it uses the same Wlan/Vlan as the ap manager and managemnt interfaces. Could this by why I cant seem to get the Guest access working? or is this not a problem after all since the wireless does work.
View 1 Replies
ADVERTISEMENT
Aug 10, 2011
There is one guest interface, one guest WLAN. The WLAN is set with a DHCP override address of the guest interface. But it no longer allows this as I found out. Anyway, I can get the client to now receive an address from the internal pool on the WLC, but it will not route to the authentication page. I noticed that the WLC excludes the clients attempting to connect on the guest WLAN due to failed 802.1x authentication! the WLC never even gave me the chance to authenticate using an account created either through the lobby ambassador or creating one directly on the controller.
View 3 Replies
View Related
Feb 24, 2013
I have a cisco wlan controller (2100) running software 7.0.235.0. I have the internal private wlan running off of port 1 and that is working fine with an internal dhcp server.Is it possible to setup another ssid (guest) and have the interface directly linked to a static ip on the WAN and also use the built in cisco internal dhcp server?
View 4 Replies
View Related
Mar 23, 2011
We have a guest wireless network using 1130AG Access Points. Is it possible to allow devices on this network access to an Internal IP? I know that kind of defeats the purpose on the guest network, but we'd like to give access to internal email to these devices. Currently this does not work because you cannot loop back into the network to gain access (out the firewall and right back in the same port).
View 5 Replies
View Related
Sep 12, 2011
i have two WAP4410N wireless router. with software version (2.0.1.0) , here i have a problem on SSID broadcast and access.i have created Two ssid's WC72 and SREE with same security configuration WPA2-personalmixed . i cant see the broadcasted SSID of name SREE where i only view WC72 and get connected to it..
where i initially want is separate SSID and internal network access for internal employees and Guests (shouldn't connect to internal network).
View 9 Replies
View Related
Mar 23, 2011
We have a 4402 wlc setup for guest network access. We are using the local net users to provide access to our guests. We have an issue where if a user signs in through the web, sometimes but not always, they are then forced to keep signing back in almost every 30-60 seconds.
View 8 Replies
View Related
Jan 23, 2012
We have a Cisco wireless infrastructure in place that includes a guest network with its own subnet that is a sub interface of the inside interface on our ASA 5520. There are no routes for it to be allowed access to the internal subnets. So it can only access the internet. This is primarily used by the public, but we have several non employee personnel that we only want to give internet access and force them to access the internal network through our clientless SSL vpn portal or through other internet facing internal resources such as webmail.I have done packet traces from within the ASA and the break appears to be there is no ACL allowing the traffic back into the network once the web resource replies to the request and the traffic is attempting to come back into the network from the web resource. Is that as clear as mud?
I know that this has to be a common problem and a way around this is to allow the guest wireless network access to the internal network but only for the select resources that they require. And that this can be done seemlessly by network specific routes and or alternate DNS entries, but I would like to keep this simple and just allow them to access the web resource, webmail and VPN, from the guest wireless using internet DNS servers without route trickery.
View 8 Replies
View Related
Feb 28, 2013
I have created a new sub-interface on our ASA 5520 for guest internet access.
My goal is to allow access to a few specific services hanging off some dmz interfaces on the same firewall and full unrestricted access to the internet only. Everything else should be out of bounds.
The order of the rules I plan to setup on the guest interface inbound are:
#1. <rules to allow access to specific services in the dmz>
#2. <block any ip access to the entire private network ip address space>
#3. <permit ip any any>
#1. These rules will give access to the guest user to services located in the dmz
#2. This rule will block all access to any services in the private ip address space (thus blocking access to all internal services)
#3. This rule is to allow access to any other services i.e. the internet.
Is this the best way to achieve my goal in the most secure way or is there a better way? i.e. is there a way to force the traffic by default to only go out the outside interface unless there is a specific rule allowing it go elsewhere?
(Of course Dynamic PAT will also be configured for traffic coming from the guest interface to the outside interface.)
View 2 Replies
View Related
Dec 18, 2012
I have the syntax correct and thought process down right on a solution to allowing guest wireless users access to an internal webserver. (DMZ discussion aside)
We have an ASA5510 with interfaces setup as:
outside - 65.x.x.x address
inside - 172.20.1.2
guest_inet - 10.2.1.1
Internally clients resolve our website to 192.168.40.40 and that part works as it should. Clients outside of our network resolve our website to the correct external address (lets just call it 1.1.1.1). We have a NAT statement static (inside, outside) 1.1.1.1 192.168.40.40 netmask 255.255.255.255 and an ACL to permit tcp any host 1.1.1.1 eq www
Clients on our guest_int use an external DNS server and hence resolve our website to 1.1.1.1. However it seems traffic goes out and back in our outside interface and this connection never occurs.
What I'm wondering is the correct NAT statement / ACL to add that would allow our internal clients on the 10.2.1.x network to access our internal website. Would that be: static (inside,guest_inet) 1.1.1.1 192.168.40.40 netmask 255.255.255.255 ? Since there is already an ACL permitting port 80 traffic to 1.1.1.1 we should be taken care of on the ACL side of things, right?
View 3 Replies
View Related
Jul 24, 2012
I am trying to setup a Wireless Network on my WLC that is totaly independent of our internal LAN. Port1 is designated at the .14.0 network and Port2 is the .18.0 network. The 14 network (Port1) will be the guest and 18 network (Port2) the internal wireless.
The issue i am having is nothing is routing to Port1. I have the Guest Wireless set to get DHCP from the WLC and i can get an address but i cant get internet access. I tried configuring a Network Route but it will only let me set the service port as the Gateway and not the IP for Port1.
I am running software version 5.1.151.0 and using this guide as it is the only one i can find. [URL]
Here is a screen shot of my Interface config.
View 7 Replies
View Related
Nov 1, 2011
I did not use the CD to set up, and instead set this router up manually. We are using this router right now as a hotspot only.. and all is good. I can see both new networks and the WIFI laptops are talking no problem. Only issue I have is that guest access is not working - by that I mean it can't get out on the internet. I can see it as available and connect to it. Guest access and SSID broadcast are both enabled obviously.
View 8 Replies
View Related
Apr 8, 2008
I am trying to setup a guest vlan. I set up an interface for the guest vlan on my 4402 controller. I assigned the guest vlan interface an IP of 192.168.2.10 with a 24 bit subnet mask.
This vlan will go to my DMZ where there is no DHCP server so I need to setup the internal DHCP server. I created a new scope but I'm having trouble with what to put in the Network field for the DHCP scope. The pool addresses are 192.168.2.100-200. with a 24 bit subnet mask.
Every time I try to apply the configuration I get an "error in setting DHCP scope network and netmask".
I've tried using:
192.168.2.10
192.168.2.255
192.168.2.254
as entries for the Network setting but no go. The docs say to enter the IP address used by the management interface with subnet mask applied.
I was assuming they meant the interface for the guest vlan.
View 3 Replies
View Related
Aug 26, 2012
I have this guest wlan working with web authentication, as you may know in order to get authenticated you must have an IP address first then have a valid username and password. The problem is that if you don't have valid credentials you keep the IP address anyways.I'd like to know if there is a way to release the IPs that are not being used? The WLC is the DHCP server for this network.
-WLC4402
-6.0.202.0
View 6 Replies
View Related
Jul 8, 2011
We have the E3000 Router and the guest internet access DOES NOT work. We occasionally repair other people's PC's and I seriously do not want to allow access to our home network. Recently, we are trying to access through guest, on a Win 7 Dell Notebook. It takes the passcode but no internet connection.
View 1 Replies
View Related
Nov 6, 2012
We currently have all of our foreign AP controllers on software version 7.0.116. This consists of a mixture of 4400 and 5508 WLC's. Our guest anchor is a 4402 on version 7.0.116. We are replacing the guest anchor with a 5508. We are also upgrading our 5508 wireless controllers to version 7.2 to support the 3600 series AP's. My question is what is the recommeded code that the anchor controller should be on? Should it also be upgraded to 7.2? If we upgrade the anchor controller to version 7.2, will this affect anchoring to 4400 series foreign controllers still on7.0.116?
View 9 Replies
View Related
Aug 18, 2011
Is it possible to allow certain websites to bypass the web authentication pages, so that they do not need to authenticate to get to our own website, but do have to if they wish to go anywhere else?Looking at a 5508 model at the moment
View 4 Replies
View Related
Mar 18, 2012
Can we change the internal web authentication for guest network to use http instead of https?
View 3 Replies
View Related
Mar 22, 2010
Have a WLC 5508 running 6.x code with LAP's providing wireless for our internal laptops (WPA2 and EAP-TLS). I want to provide guest wireless which goes out a different port on the WLC to a guest firewall/cable modem. However, we want to prevent our internal laptops from being able to use the guest wireless. I have RADIUS (IAS) and LDAP for my AD available. We would prefer not to have use Lobby Ambassador and just have the guests use a simple password or web passthru. Guests may be laptops or smartphones. What options are available? I have tried a test setup using dynamic vlan assignments from RADIUS using the IETF flags, but can't seem to get it to work. Is there a way to identify the SSID is being used at the RADIUS server?
View 13 Replies
View Related
Jan 25, 2011
A query here with regards to Wireless isolation between SSID and wireless isolation within SSID.If we have 2 SSID, eg. InternalSSID, GuestSSID on AP1.Both SSID are set to Enabled for isolation between SSID, and within SSID, that would mean all machines connected thro' this AP1, would be isolated from one another.
1) If there's 1 laptop that connects to another AP, lets call it AP2, (doesn't have isolation function) on ssid01. Would this laptop still be isolated from those that connects to the first AP?
2) If there are wired PCs connected to the router. And the 2 APs are connected to the same router. Would the machines connected thro' the AP1 on either InternalSSID, GuestSSID be able to access those wired PCs? (My assumption is yes.)
3) Is there a quick and efficient way to setup on WRVS4400N to isolate GuestSSID totally from InternalSSID, and wired PCs. InternalSSID and wired PCs should be allowed to 'see' one another.
The challenge here is that, the network points are all installed already. Both AP are connecting thro' 2 separate unmanaged switch together with a couple of other PCs. 1 Port on the unmanaged switch, each,connects to the router.
View 1 Replies
View Related
Feb 3, 2011
Our Guest access system seems to be having problems with DHCP. It seems to take a while to deliver an IP address making the client device show the "limited or no connectivity" message, which of course makes the users complain. On one occassion I have seen my own client eventually picking up an address even after the limited connectivity message appeared. On another I saw the debug showing "Dhcp request for autoconfig address", which I suspect is a symptom of the problem.
Our Anchor Controller is the DHCP server and is a 4402 running 7.0.98.0 - I've attached some DHCP packet debug.
View 6 Replies
View Related
Feb 12, 2012
I have a Cisco 4402-25 WLC with the below information that is having an interesting issue. When you log into the GUI interface with the local account and click on WIRELESS, then choose a accesspoint it brings up a menu where you have three buttons below for the following options (Hardware Reset - Reset AP Now), (Set to Factory Defaults - Clear All Config), and (Set to Factory Defaults - Clear Config Except Static IP). The problem I am having is we access all of our WLC's using Radius and when you enter your AD username and password and go to bounce a access point the GUI interface is missing the buttons, they however appear fine when logged in with the local account.
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.220.0
RTOS Version..................................... 7.0.220.0
Bootloader Version............................... 4.0.206.0
Emergency Image Version.......................... 5.2.157.0
View 2 Replies
View Related
Jul 18, 2012
I have WLC 4402 working with AIR-AP1131AG-E-K9. Need to buy another pair. I looked to the side air-ap1041n-e-k9. Tell me whether or not the compatibility of the controller and the AP1041n? One more question. When buying in 1131 is still in the box and power cord to the point. The new 1041, the purchase comes with the point of the power cord?
View 13 Replies
View Related
Apr 12, 2012
I have an issue with AP Fallback not working with two Cisco 4402-50 WLC's. Here is the senerio:
Site 1 has a 4402 (WLC01) running software 7.0.220.0 with 48 associated access points. AP Fallback is enabled in Controller > General and all 48 AP's are set to Critical failover with WLC01 being the primary controller and WLC02 (at site 2) being the secondary.
Site 2 is the location of WLC02 which is also running software 7.0.220.0 but has 0 ap's associated and also had AP Fallback set to enabled.
Your typical active/passive setup
The problem is when WLC01 goes down all of the AP's fail over to WLC02, however when the connection is restored to WLC01 we have to manually reboot each access point in order for them to reassociate back to the primary controller. Isn't AP Fallback enabled suppose to allow the AP's to move back to the primary controller once connection is reestablished?
View 15 Replies
View Related
Oct 16, 2012
I have a Cisco Wlc 4402 , denon 3312 & AP 1142 all three devices are same subnet . But Airpaly not showing in Iphone. But if i put a Airport express in on these subnet then i find airplay option. How without Airport express i can enable airplay...
View 2 Replies
View Related
Dec 6, 2011
I've got 3 WLC 4402 controllers and the wireless is working perfectly except for 1 issue. We are trying to connect an apple tv, so we can stream picture, videos etc from ipads and Macbooks to a large display for media teaching.The setup works at home, but not at work.The apple TV is on the same network as the wireless apple devices, (we use a 10.6.4.x-10.6.5.254 range), both are dhcping the addresses (have tried fixing but that made no difference). I've enabled multicasting and igmp snooping and set the multicast address as 239.0.0.0 and it still doesn't work.
View 11 Replies
View Related
Apr 5, 2012
I've got a new CT2504 controller with software version 7.0.220.0 Regarding to [URL]I've tried to configure the internal DHCP on a dynamic-interface, but this is not possible:(Cisco Controller) >config interface dhcp dynamic-interface vlan401 primary 172.16.x.3 vlan401 Interface IP can not be used as internal DHCP server IP It works, if I use another IP (aka DHCP server) in the same subnet or in another subnet. It works also for the management interface.
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... d0:c2:82:xx:xx:xx
IP Address....................................... 10.2.x.135
IP Netmask....................................... 255.255.255.240
IP Gateway....................................... 10.2.x.129
[code].....
View 1 Replies
View Related
Nov 19, 2012
We need to add additional APs to working wireless mesh network (WLC 4402, 1520 series AP).
WLC 4402 supports 1550 series access points with firmware upgrade to 7.0.235.0 :
[URL]
Is AIR-CAP1552E-x-K9 with three external dual band antennas enough for 2-GHz b/g/n local access and 5-Ghz back haul?
Does 1552 Mesh AP work with 1522 Root AP?
View 1 Replies
View Related
Nov 18, 2011
I'm running an exchange server beings my 2800 router and its all working well i have setup NAT and OWA is working well when external and on the internet but when the phones are on the internal wireless OWA isn't working and if u telnet the external ip on that forwarded port it doesn't forward i believe this is the fact the port forward rule "ip nat inside source static tcp 10.0.100.7 443 interface Dialer0 443" is for the dialer interface only and as I'm internal nothing but I'm show to forward any request on that port.. ill include the config below
!!no logging buffered!aaa new-model!!aaa authentication ppp default local!!!!!aaa session-id common!clock timezone WST 8 0clock calendar-valid!dot11 syslogip source-route!!ip cef!ip dhcp excluded-address 10.0.200.1 [code]......
View 2 Replies
View Related
Apr 6, 2010
I just installed my new Cisco E3000 and configured it over the HTTP interface, as I have on previous routers. I am unable to find any setting for the "Guest" wireless network (outbound internet only), or the Parental controls. Both of these are features of interest, and they're simply not listed in any of the web-based settings.
Puzzled, I did a Factory Reset and configured it via the Cisco Connect instead.. this had the Guest feature and Parental controls, but none of the other features I need, like QOS, or Port Forwarding, or DHCP disable.
It seems like the Web interface only configures some settings, and the Cisco Connect configures other settings, but I can't use them both.
Where does one set up the additional password for Guest access? Other than this, the router works fine on 2.4 & 5 GHz, nice..
View 9 Replies
View Related
Mar 25, 2013
setup a DHCP server on a WLC 2504. I'll try to resume my configuration:
I have 2 networks: inside users (vlan 1) and external users (vlan)
My controller uses the port 1 to connect to the switch, which has a trunk with WLC.
I have two routers, one using vlan 1 (192.168.3.0/24) and one using vlan 10 (200.X.X.X). All ports to these routers are access ports on their respective vlans.
I have 2 SSID, one for inside, other to outside. Inside is working very well.
To the outside I created a DHCP escope and already set the IP of the management interface 192.168.3.119.
Managemente interface (vlan 1 inside): 192.168.3.119/24
Outside interface (vlan 10): 200.X.X.195 - Default gateway 200.X.X.X.193
I alredy checked the DHCP Proxy in Advanced option.
See the output of the debug client:
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
[Code].....
View 3 Replies
View Related
Sep 20, 2012
My Internal Wireless adapter not working each time boot up I am using Windows 7.
I have to diagnose each time and click fix for it to enable the internet to be on. Why is it disconnecting me from connecting to the internet all the time upon startup ?
Here are the details-
Diagnostics Information (Network Adapter)
Details about network adapter diagnosis:
Network adapter Wireless Network Connection driver information:
[Code].....
View 2 Replies
View Related
Mar 11, 2013
We have two WLC 4402 WLC in active-active mode in our setup. The issue we see is that a user/laptop gets connected and gets the ip address but there will be no network access. We see a yellow exclamation sign at this time in network icon in tray and we can not ping gateway at this point. We have run debugs at this time for the machine and we could see that was in "RUN" state its only that the machine can not access network.
View 11 Replies
View Related
Nov 15, 2011
We have a WLC 4402, with interface Management, AP-Manager, and only the ap-manager interface is enabled for dynamic AP Management, how can i enable the dynamic AP Management for management interface also. Because i couldn't access WLC from via wireless, only able to access it via wired.
View 15 Replies
View Related
