Cisco Wireless :: 5508 Second Guest SSID On Controller Not Giving DHCP Out
Feb 28, 2013
i have two 5508 ver 7.3.0, one is the primary and one is the guest controller. mobility is up and running. i have an exising guest ssid working with wpa2-psk and web authentication and its working fine but i require a second guest ssid that only uses a wpa2-psk for ipod/ipads as i cant use passive client on primary controller. i presently have the one vlan range and dhcp setup on the guest controller to give addressing to either ssid. i know you can have multiple ssid setup on the guest controller but in other sites i have only had one guest connection comming from the primary controller, just a primary controller on each sites was only creating one link to the same guest controler.
View 3 Replies
ADVERTISEMENT
Aug 10, 2011
I have a 5508 WLC controller at the HQ with the employee ssid ,the dhcp scope on the ssid is 10.120.0.0/16 network.
However,I want this same ssid to be brodcasted to a remote site using HREAP access point but with different dhcp scope 10.102.0.0/16.
I have tried creating another interface for the remote site with a different dhcp scope(10.102.0.0) but the controller wont allow me create another wlan with same ssid that existed before to apply the new interface created for.
View 1 Replies
View Related
Feb 23, 2012
In our test set up, we have two WLC 5508 Controllers connected via Checkpoint UTM-1 firewall Inside and DMZ Interfaces. Both the WLC controllers are connected to the firewall via Cisco 3750 switch. On the Local (Inside) Controller, guest SSID is enabled and attached to the wireless management Interface. On the remote anchor controller, guest SSID is enabled and attached to the Management Interface as well. The following configs are replicated on both the Controllers.
SSID Name - guest
Interface - Management ( VLAN 10 on Local and VLAN 20 on remote) -
Mobility Group: Same configs at both ends
SSID Anchor : Anchor SSID on local and local SSID on Anchor.
AP: CAPWAP 3502 Management Subnet
[code]....
Is there any thing missing in the wireless configs and or the firewall rules as i could not see DHCP request back from the Anchor Controller. Also, after DHCP is obtained, the web authentication request will be redirected to an Amigopod device for authentication. In this case is the redirect URL congiguration to be performed only on the Anchor Controller or is this to be replicated on both the Local and Anchor Controllers.
View 8 Replies
View Related
Aug 12, 2012
I know that the 3600 series APs are not supported on the 4404 WLC. However, would the following scenario be supported? I would like to use the 4404 (software rel. 7.0) as a guest anchor with a 5508 (software release 7.2) as the foreign controller supporting series 3600 APs. I ask because the APs do not need to join the guest anchor.
View 7 Replies
View Related
May 2, 2012
We are deploying 3600 AP's with a 2504 and would like to create multiple SSID's that are mapped to unique VLANs so we can control the traffic at the Firewall. We have the 2504 up and running with AP's but there appears to be no where in the 2504 controller Web GUI to configure a VLAN mapping to an SSID. Any pointers to documentation on how to configure?
View 1 Replies
View Related
Jul 30, 2012
We have been deploying 3502 APs remotely to locations with full T1s that backhaul to where I sit at HQ. Both the foreign and anchor controller are here at my location.
I am seeking to rate limit per user the bandwidth each client will get on the guest internet ssid. As you know this traffic is encapsulated in capwap between the AP and the controller so I cant use a standard ACL on the switch or router.
We are trying to keep the guest internet access usage in check on the T1 at any given site so the other ssid's & local lan traffic is not overly competing for the bandwidth.
I found the place to edit the default profiles in the controller but the documentation really isnt clear on best practices.
So I put it to you my fellow wireless engineers to suggest how you are implementing bandwidth management on your wireless guest internet.
Oh and here is my hardware & software levels.
5508wlc - forgeign
4402wlc - anchor
Software Version7.0.230.0
View 3 Replies
View Related
Feb 24, 2013
I have a cisco wlan controller (2100) running software 7.0.235.0. I have the internal private wlan running off of port 1 and that is working fine with an internal dhcp server.Is it possible to setup another ssid (guest) and have the interface directly linked to a static ip on the WAN and also use the built in cisco internal dhcp server?
View 4 Replies
View Related
Dec 5, 2011
I know that the recommendation from Cisco for the mobility anchor feature to work well is to use the same IOS version on the anchor WLC and local WLC controller. Now I´ll install on a new site a 5508 local WLC with a newer IOS version which is installed on the other controllers ( Guest and local ). Later I´ve planned to update also the other controllers to the same IOS version. Now my question is, must I upgrade all other controller at the same time ?
View 4 Replies
View Related
Apr 22, 2012
I have Internal DHCP Server configured on the Cisco WLC 5508 and all is working fine. DHCP Range is 192.168.1.100 to 192.168.1.245. Now I created another SSID but I want clients connecting to this SSID get specific IP's or from a specific range. WLC has no option to bind a DHCP pool to a specific IP so what I did I checked the option to "Override DHCP" and added the IP of my firewall WLC is connected to and setup a DHCP Pool on that firewall as 192.168.1.89 to 192.168.1.94 (192.168.1.88/29).
Client can connect to the second SSID but can't grab and IP address, what am I missing ?
View 6 Replies
View Related
Jun 28, 2012
We created the management interface, an internal DHCP scope in same subnet, and Two SSID tied to the same management interface:
- when we connect to the first SSID we have and IP address
- but when we connect to the secone SSID: impossible to get an ip address - auth and association are OK
View 11 Replies
View Related
Nov 6, 2012
We currently have all of our foreign AP controllers on software version 7.0.116. This consists of a mixture of 4400 and 5508 WLC's. Our guest anchor is a 4402 on version 7.0.116. We are replacing the guest anchor with a 5508. We are also upgrading our 5508 wireless controllers to version 7.2 to support the 3600 series AP's. My question is what is the recommeded code that the anchor controller should be on? Should it also be upgraded to 7.2? If we upgrade the anchor controller to version 7.2, will this affect anchoring to 4400 series foreign controllers still on7.0.116?
View 9 Replies
View Related
Oct 2, 2011
Looking to add time of day restrictions to our Guest WLAN that is currently in its pilot phase.
Is there a way to config time of day access to a WLAN ?
View 7 Replies
View Related
Dec 6, 2012
We are planning a WLAN upgrade and the security policy is to forward wireless Guest user traffic to the DMZ controllers. We are now considering the Virtual WLAN Controller and all AP's will register with the virtual controllers and we will use Flexconnect for Staff and internal traffic that will switch their traffic onto the local switch.
We wish to forward the guest traffic to the DMZ Guest Anchor controller which will be a 5508 controller. This will also offer Office Extend AP service.I have looked at teh virtual controller docs and not very clear if this deployment model is supported. Below is a diagram of what we wish to deploy and is this a supported deployment model.
View 2 Replies
View Related
Jul 22, 2012
I need raise a especial configuration to 34 APs LWAPP associated to WLC 5508 with IOS 7.0.220
This is the Scenario:We have 34 APs LWAPP with 2 SSID (Corporative & Guest), with 2 DHCP different. The Guest SSID receive IP to DHCP from WLC while SSID Corporative receive IP from Microsoft DHCP. The AP On Site are Local and the Foreign AP are configured like H-REAP (H-REAP Local switching and Learn Client IP Address are marked)
Here is the thing, I need configure a new WLAN (Pruebas) for add to 34 APs (Local and Foreign) but this new WLAN must be receive IP from a New Microsoft DHCP
Firstly I configured a new Physical interface and linked to New WLAN (Pruebas) however i don't know how configure the AP and the DHCP because I want that the AP deliver IP addresses depending the Locality.The last because the SuperScope from DHCP is divided in various subnets and because the IP from the AP will be in another VLAN
View 3 Replies
View Related
Mar 7, 2013
I am trying to set up a guest SSID which will be separate from other corp SSIDs. I have read about this auto-anchor feature and I have a basic idea. Here are some questions about the network design
1. Can Cisco 5508 with 7.2.111.3 code do NAT? I mean can I use the anchor controller also as a gateway to Internet or do I need another device such as FW or router to do the job?
2. I want the guests to get IP address in 192.168.0.0/24 range. On the anchor controller I will need an interface in this range, correct? However on the internal controller I won't need this interface. The guest ssid will be associated with the management interface on the internal controller, correct?
3. I want the guests to get IP address from general DHCP server. Does DHCP request have to come out of the new interface in the 192.168.0.0/24 range? However this interface will be connecting with the FW. It won't have connection back to the internal network to reach the DHCP server. The management interface will have the route to the DHCP server. Is it possible to use management interface for this SSID but still let traffic to pass through the Guest interface?
View 3 Replies
View Related
Oct 3, 2012
Been a while since I have conf'd a controller. I believe its WLAN/edit/security/layer2 and below psk format edit the password?
View 2 Replies
View Related
Nov 7, 2012
All controllers are in version 7.2.111.3.C1 is a 5508, it is ou anchor controller.C2 is a 5508, it is a big site controller.C3 is a 2504, it is a small site controller. C2 and C3 are in the same mobility group than C1 (and all is up up in mobilty managment). When "DHCP Addr. Assignment" is enable on C1 : Clients on C2 received their IP address by our external DHCP server via C1 and the guest tunneling betwenn C1 and C2 and all is working fine. Clients on C3 don't received their IP address by our external DHCP server via C1 and the guest tunneling betwenn C1 and C3, so nothing work.
View 4 Replies
View Related
Apr 2, 2012
I have a requirement to set up a guest SSID for contractor so that they can use the internet while in the office.
Security say that all traffic on this SSID should be isolated and directed straight to the firewall, with no chance of contamination into the company network infrastructure.
With the 5508, my understanding is using the setting up a guest account functionality built in will achieve this, but all traffic would end up at the wireless controller. How do I then put a direct forward for all traffic to the firewall which will only affect the guest traffic?
View 7 Replies
View Related
May 17, 2011
We have a network of multiple WLCs: 5508, 4402, WISMs in two C6509 all running version 7 software. We have about a dozen SSIDs and we need to provide DHCP to the one public SSID (which like the other SSIDs span across all controllers) and to do so we thought of using a spare router, Linux workstation or DHCP server on the controllers. We are not sure if using the controllers is an option since we have multiple controllers. Is there a way to setup DHCP on a WLC and tell the others to use that WLC for DHCP for the one SSID?
View 3 Replies
View Related
Jan 31, 2012
I have two 5508 controllers configured with an internal dhcp scope. The scopes on each controller are a /22. I need to expand the scope to provide more addresses. Is there an easy way to add a second dhcp scope without making changes to the existing scope? If so how will the clients devices be able to access that ip address range?
View 1 Replies
View Related
Dec 5, 2012
We have a 5508 controller authenticates with WPA2-enterprise to 3 possible AAA servers. Today I tried migrating our DHCP server from a Windows 2003 machine to Windows 2008 R2. Migration went smoothly and all wired clients could get IP's. Reservations intact, scopes intact, etc.. you name it. I though it was a great success.
Fast forward about an hour when people started coming into work for the day. Calls started coming in about their laptops not able to connect to the network. I double checked with a spare laptop in our IT department and also my iPhone. Same issue. Seems the only thing I changed today was the DHCP server (from 10.1.1.1 to 10.1.1.2).
After racking my head on it for awhile, I re-enabled the "old" dhcp server (10.1.1.1) and disabled it on the new (10.1.1.2). Instantly wireless clients were able to connect.
Am I missing some configuration step in the 5508 controller when moving DHCP servers? I do plan on running 2 DHCP servers (10.1.1.2 and 10.1.1.10) for redundancy once I get the primary one moved over and working correctly.
I want to decommision the older 2003 server. Its time to raise the domain functional level.
View 6 Replies
View Related
Jan 28, 2012
I have 2 x Redundant Guest Anchor Controllers (5508) located in 2 separate Data Centers with all the management and guest user VLAN spanned between two. Everything is working fine with the Guest WiFi access except the DHCP functionality as the Controllers are acting themselves as the internal DHCP Servers.
This is how I tried to distribute :
network. 10.1.0.0/23
gateway: 10.1.1.254
Controller 1, DHCP Server pool: 10.1.0.2 - 10.1.0.254 Gw: 10.1.1.254
Controller 2, DHCP Server pool: 10.1.1.2 - 10.1.1.254 Gw: 10.1.1.254
As the user load balancing between the Anchor Controllers cannot be controlled (i.e. they are active/active), the same client sometime getting 2 different IP addresses from both the Controllers (as they do not talk to each other in terms of DHCP) hence depleting the pool addresses.
I guess one way of solving this is to just run 1 DHCP server in one of the controllers but that defeats the purpose of having N+1 Controllers. Is there a better way of doing the DHCP load balancing and having full redundancy at the same time?
View 3 Replies
View Related
Jun 2, 2013
We have a customer that have 2 5508 as primary and backup controller and a 4400 as an anchor controller. We plan to upgrade the 5508 to 7.3.112.0 and the 4400 is already 7.0.116.0. Will there be any issue if the anchor controller is not the same code as the foreign controller? Do I also have to upgrade the acnhor controller to 7.0.240.0?
View 2 Replies
View Related
Aug 26, 2012
Is it possible to assign a single ssid to multiple interface groups by assigning the ssid to multiple AP groups?
I have buildings geographically dispersed that are configured with multiple vlans in interface groups so that I can maintain an addressing scheme of dhcp assigned addresses per building. Each building is also further grouped as AP groups. I'd like to know if by assigning the same wlan ssid to each of the AP groups, will I maintain addressing integrity for each building? I'm thinking it will work.
Do the buildings have to be outside AP range of each other to avoid problems?
5508 controller
7.2.110.0 code
6 buildings
6 interface groups
1 ssid
View 4 Replies
View Related
Dec 11, 2012
how to setup a separate SSID for guests (without a password).
Basically, we have one SSID now called Mnet which has a WPA2 password. For guests coming in i want Mnet Guests where people can connect without needing a password. They should be able to use internet but not connect to LAN devices, how to accomplish this with this WAP321?
View 7 Replies
View Related
Feb 2, 2013
I am setting up a guest WLAN network on our existing 1242 AP's using a seperate VLAN. On most wireless devices which are on the company network/VLAN's, I have used WEP authentication with hex keys, and no broadcast. Obviously this cannot be the same for a guest internet connection.We want to have the VLAN/SSID in guest mode (which i have configured) for broadcasting, and then once someone selects the SSID on their laptop or smart phone, they are just prompted to authenticate with a standard alphanumeric password (example "guestwifi") instead of a 40 or 128 bit key.
I have searched all over and tried multiple things in the CLI on AP1, but can't seem to get anywhere.
View 4 Replies
View Related
May 9, 2012
I have a cisco 877 configured foir lan to lan between sites A and B. I have used vlan 1 but looks like i have to bvi1 if i need to use the wireless,what is the difference between bvi and vlan. if i wanted users on the same vlan and wireless what would be the base config ? at the moment all corporate traffic goes to site A and other traffic goes to internet. now would i be able to create two ssid, one for corporate to access corporate subnets and the other for guest access alone where the traffic goes out to the internet.
View 1 Replies
View Related
Jan 17, 2013
My customer need creates some separately web portal for some SSID (Guest and Staff), 01 web portal for Guest and 01 Web portal for Staff. Can WLC2504 can support this features ?
View 2 Replies
View Related
Jan 25, 2011
A query here with regards to Wireless isolation between SSID and wireless isolation within SSID.If we have 2 SSID, eg. InternalSSID, GuestSSID on AP1.Both SSID are set to Enabled for isolation between SSID, and within SSID, that would mean all machines connected thro' this AP1, would be isolated from one another.
1) If there's 1 laptop that connects to another AP, lets call it AP2, (doesn't have isolation function) on ssid01. Would this laptop still be isolated from those that connects to the first AP?
2) If there are wired PCs connected to the router. And the 2 APs are connected to the same router. Would the machines connected thro' the AP1 on either InternalSSID, GuestSSID be able to access those wired PCs? (My assumption is yes.)
3) Is there a quick and efficient way to setup on WRVS4400N to isolate GuestSSID totally from InternalSSID, and wired PCs. InternalSSID and wired PCs should be allowed to 'see' one another.
The challenge here is that, the network points are all installed already. Both AP are connecting thro' 2 separate unmanaged switch together with a couple of other PCs. 1 Port on the unmanaged switch, each,connects to the router.
View 1 Replies
View Related
Sep 6, 2012
I configured a 2504 controller with two LWAPP Access Points, and I'm using two SSID's on the same controller, the problem is when the user tries to switch between SSID's he gets an error message saying that the other network is unavailable but if he disconnects from the first network and then connects to the other it works fine !.
View 5 Replies
View Related
Jun 26, 2012
I'm still having bad time with the basic configuration I'm trying to make 2 VLANS: voice and data and run DHCP server on router hoping it will give the Ip Phone an IP address but I don't know where the problem is.
View 4 Replies
View Related
Sep 7, 2011
i have a e3000 set up with my network i have guest network set up through the cisco connect but dont see a field to change the guest network broadcast ssid so an ideas?
View 1 Replies
View Related
Jan 25, 2011
Config:
Netgear ProSafe Gigabit Router is my DHCP Server -- The entire home net work is on the same subnet (192.168.15.xxx)
Linksys E4200 configured as an access point ONLY -- wired connection -- static IP assigned -- DHCP server turned off
Linksys WRT610N configured as an access point ONLY -- wired connection -- static IP assigned -- DHCP server turned off
3 -- 5 port gigabit switches
1 -- 8 port gigabit switch
No more than two switches between any two wired devices Both Linksys access points have the same SSID and WPA2 security phrase -- total of 4 radios Nonoverlapping channels are selected on both the 2.4Ghz and 5.0Ghz radio to minimize interference All computers are running Windows 7 Professional 64bit with all the latest updates Two iPhones and one iPad also access the network All LAN and WAN connectivity is working as designed?
Problem:
guest SSID is turned on
password is established
All devices will connect to the guest SSID and the E4200 is assigning an ip address to the device in the 192.168.33.xxx range which is what it's supposed to do.When I open a web browser, I am not automatically redirected to the Cisco Login Page. If I enter 192.168.33.1 as the URL, the login screen is presented. I enter the password I have created in the guest admin page on the wireless guest tab. I then see a blank page and a URL of 192.168.33.1/guestnetwork.asp. THIS IS WHERE I GET STUCK. THE ONLY WAY TO EVER SEE THE LOGIN PAGE AGAIN IS TO REBOOT THE E4200, otherwise you just get unable to connect messages when opening web browsers and the wireless status icon in the system tray shows a yellow exclamation mark.
I successfully connect to the guest SSID but I do not get access to the internet. When I type ipconfig, I see that the DNS is set to 192.168.33.1 which does not exist on my network. I assume there's some internal NAT magic that is supposed to happen in the E4200 to bridge me over to my 192.168.15.xxx network but it doesn't seem to be happening.At the beginning of the call I specifically asked them if the E4200 must be the DHCP server in order for the guest SSID feature to work and they said no. 1.5 hours later they had no answers so they told me that it wasn't working because the E4200 was not the DHCP server. The documentation says nothing about a DHCP requirement for guest AP service. Linksys support further could not answer what you would do if you needed more than one AP with guest service enabled.It seems like this is a firmware issue but it may be the guest SSID service requires the E4200 to also act as the DHCP server. Whether this is a bug or if the router/AP is working as designed?
View 9 Replies
View Related
